ISO 22301:2019
Security and resilience — Business continuity management systems
​
This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise.
The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.
This document is applicable to all types and sizes of organizations that:
a) implement, maintain and improve a BCMS;
b) seek to ensure conformity with stated business continuity policy;
c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption;
d) seek to enhance their resilience through the effective application of the BCMS.
This document can be used to assess an organization's ability to meet its own business continuity needs and obligations.
​
Who is ISO 22301 for?
ISO 22301 is applicable to all organizations, regardless of size, industry or nature of business. It is also relevant to certification and regulatory bodies as it enables them to assess an organization’s ability to meet its legal or regulatory requirements. Based on ISO’s High-Level Structure (HLS), it aligns with many other internationally recognized management system standards, such as ISO 9001 (quality management) and ISO 14001 (environmental management). As such, it is designed to be integrated into an organization’s existing management processes. ISO 22301 is useful for business continuity and risk professionals, supply chain directors, audit managers and associates, developers of corporate social responsibility reports, regulatory bodies and anyone else involved or interested in business continuity
​
What improvements were made?
ISO 22301 was revised in late 2019 to reflect ongoing changes in the business continuity world and bring more value to users. The text has also been improved to provide increased clarity and consistency. The changes include: • The structure of the standard has been reviewed to make it easier to read and implement, with greater clarification of what is required. • The language and terminology have been simplified to remove duplication and better reflect today’s thinking in the business continuity industry. • The High-Level Structure (HLS) has been streamlined to remain in line with all other ISO management system standards.
​
What are the benefits for my business?
ISO 22301 brings together international best practice to help organizations respond to, and recover from, disruptions effectively. This means reduced costs and less impact on business performance should something go wrong. What’s more, companies with multiple sites or divisions can rely on the same consistent approach throughout the entire organization. Other benefits include: • The ability to reassure clients, suppliers, regulators and other stakeholders that the organization has sound systems and processes in place for business continuity • Improved business performance and organizational resilience • A better understanding of the business through analysis of critical issues and areas of vulnerability ISO 22301 also gives a clear and detailed view of how an organization operates, offering valuable insights that are useful for strategic planning, risk management, supply chain management, business transformation and resource management.
​
A free publication about ISO 22301, Security and resilience – Business continuity management systems – Requirements, the International Standard for implementing and maintaining effective business continuity plans, systems and processes.