- Virtual Consultant
- Learning center
Browse through sections:
The full name of this standard is ISO 22301:2012 Societal security – Business continuity management systems – Requirements. This standard is written by leading business continuity experts and provides the best framework for managing business continuity in an organization.
One of the features that differentiates this standard from other business continuity frameworks/standards is that an organization can become certified by an accredited certification body, and will therefore be able to prove its compliance to its customers, partners, owners and other stakeholders .
ISO 22301 has replaced 25999-2 – these two standards are rather similar, but ISO 22301 could be considered an upgrade from BS 25999-2. For differences between these two standards see ISO 22301 vs. BS 25999-2 infographic
When implemented properly, business continuity management will decrease the possibility of a disruptive incident, and if such incident does occur, an organization will be ready to respond in an appropriate way, thus drastically decreasing the potential damage of such incident.
Any organization – large or small, for profit or non-profit, private or public. The standard is conceived in such a way that it is applicable to any size or type of organization.
Business continuity is part of overall risk management in a company, with areas that overlap with information security management and IT management.
Note: Risk management is part of overall corporate management.
The standard includes these sections:
0.2 The Plan-Do-Check-Act (PDCA) model
0.3 Components of PDCA in this International Standard
2 Normative references
3 Terms and definitions
4 Context of the organization
4.1 Understanding of the organization and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the management system
4.4 Business continuity management system
5.2 Management commitment
5.4 Organizational roles, responsibilities and authorities
6.1 Actions to address risks and opportunities
6.2 Business continuity objectives and plans to achieve them
7.5 Documented information
8.1 Operational planning and control
8.2 Business impact analysis and risk assessment
8.3 Business continuity strategy
8.4 Establish and implement business continuity procedures
8.5 Exercising and testing
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review
10.1 Nonconformity and corrective action
10.2 Continual improvement
If an organization wants to implement this standard, the following documentation is mandatory:
Click here to see detailed explanation of each mandatory document.
Other standards that are helpful in implementation of business continuity are:
Free Return on Security Investment Calculator
Did you ever face a situation where you were told that your security measures were too expensive? Or where you found it very difficult to explain to your management what the consequences could be if an incident occurred? Proving that it is worth investing in security is tough, but our Return on Security Investment (ROSI) calculator can help you. It’s completely free.
We Want Your Feedback
Questions or comments regarding our content?
Please send them our way. We love feedback!
Rate how much you find the content useful
We have ISO 27001 & ISO 22301 consultants ready to talk to you about where your organization is and what actions to take next. We know how complicated things can get, and we’re here to provide guidance you can rely on.
Search here for any material about
ISO 27001 and ISO 22301 implementation