ISO 22301 – The International Standard for Business Continuity Management
What is ISO 22301?
ISO 22301 is the international standard for business continuity management. Organisations can use the requirements outlined in the standard to seek certification of their Business Continuity Management System (BCMS).
To understand more about business continuity management and ISO 22301, download our free green paper from IT Governance >>.
What is in ISO 22301?
ISO 22301 is based on the 'Plan-Do-Check-Act' model as found in other management system standards.
The standard itself is formed of 10 clauses, as follows:
ISO 22301 clause 1 – Scope of the standard
ISO 22301 clause 2 – Normative references
ISO 22301 clause 3 – Terms and definitions
ISO 22301 clause 4 – Context of the organisation
ISO 22301 clause 5 – Leadership
ISO 22301 clause 6 – Planning
ISO 22301 clause 7 – Support
ISO 22301 clause 8 – Operations
ISO 22301 clause 9 – Evaluation
ISO 22301 clause 10 – Improvement
A supporting standard, ISO 22313, has been published which gives guidance on the implementation of a business continuity management system.
Why use ISO 22301 for your BCMS?
ISO 22301 is the international best practice standard for business continuity management systems (BCMS). By implementing a BCMS that is certified compliant to ISO 22301, you can make sure your organisation is resilient against external threats. These can include theft, utility supply cuts, adverse weather, cyber attacks, terrorist activity, war / civil disorder, fire or natural disasters.
Additionally, a certified BCMS is a definitive way of demonstrating resilience and a commitment to excellent to stakeholders.
Did you know?
80% of organisations with a well-planned and implemented business continuity plan are likely to survive a major business discontinuity incident
Only 20% of organisations without a business continuity plan are likely to survive
Over 90% of organisations that suffer a significant data loss go out of business within two years of the loss
Benefits of ISO 22301
An ISO 22301-compliant BCMS enables you to:
Create effective operational business continuity plans (BCP)
Ensure that your BCP plans are fit for purpose
Align plans with strategic organisational objectives
Continually improve your business continuity plans as the organisation grows
Reduce the cost of business interruption
Satisfy regulatory or client demands
Satisfy Corporate Governance obligations
How to implement an ISO 22301 compliant BCMS
“To work well, ISO 22301 will need organisations to have thoroughly understood its requirements. Every line and word has meaning and the relative importance is not necessarily reflected by the number of words devoted to a topic.” - The International Organization for Standardization
Before attempting to undertake an ISO 22301 implementation project, it is vital that the standard is understood in its entirety. Business continuity professionals will need to:
ensure management buy-in for an ISO 22301 project
ensure an organisation-wide understanding of business continuity and its importance
assemble a qualified BCMS implementation team
gain an in-depth knowledge of the standard and how it should be implemented
implement the standard and devise a testing and maintenance process
Documentation is known to be one of the hardest parts of implementing a BCMS, which is why IT Governance have developed the ISO 22301 BCMS Implementation Toolkit. This toolkit contains templates and pre-written documentation to make aligning your BCMS with ISO 22301 simpler and less stressful.
ISO 22301 - further reading
IT Governance is the leading supplier of books and toolkits relating to ISO 22301 business continuity management. Through this site you can purchase a range of authoritative titles, written by experts for business and technical audiences.
ISO 22301 (2012) BCMS Requirements
ISO 22301:2012 specifies the requirements for a business continuity management system (BCMS). The requirements for a BCMS can be adopted by any organisation, no matter their size, type or location.
Business Continuity Management: Choosing to survive
With specific reference to ISO 22301, ANSI/ASIS SPC.1-2009, ISO 27031 and ISO/IEC 24762, this up-to-date, practical resource will guide you through all the elements of a BCM program, plans and implementations. It covers all the critical elements of your business, from people and premises to technology and facilities management.
A Manager's Guide to ISO 22301
Written by business continuity expert consultant, Tony Drewitt, this book offers concise guidance specifically on ISO 22301 for managers, executives and directors.
ISO 22301 BCMS Implementation Toolkit
Documenting a BCMS is often one of the most time-consuming and difficult parts of implementing ISO 22301. This toolkit makes the whole process simpler, faster and easier using template-based documents and procedures.
ISO 22301: A Pocket Guide
With an emphasis on helping you what is necessary to satisfy the requirements of the standard this pocket guide is full of expert advice and guidance to help you develop a fit for purpose business continuity plan.