ISO 22301 – Business Continuity Management
The lasting success of companies does not only depend upon the prevention of issues and incidents, but also upon being prepared when the inevitable occurs. Fire, flood, natural disasters, theft, IT outage, and health problems can instantly bring production to a standstill – without warning and when you least expect it.
A proactive approach allows you to minimize the impact of incidents, and to understand the effects of potential threats. Our qualified auditors will assist you in assessing risks, and propose remedies for any gaps you may have in your crisis plan.
ISO 22301, Security and resilience – Business continuity management systems – Requirements, is the world’s first International Standard for implementing and maintaining an effective business continuity plan. It enables an organization to have a more effective response and a quicker recovery, thereby reducing any impact on people, products and the organization’s bottom line.
ISO 22301 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.
ISO 22301 is applicable to all organizations, regardless of size, industry or nature of business. It is also relevant to certification and regulatory bodies as it enables them to assess an organization’s ability to meet its legal or regulatory requirements.
Based on ISO’s High-Level Structure (HLS), it aligns with many other internationally recognized management system standards, such as ISO 9001 (quality management) and ISO 14001 (environmental management). As such, it is designed to be integrated into an organization’s existing management processes.
ISO 22301 is useful for business continuity and risk professionals, supply chain directors, audit managers and associates, developers of corporate social responsibility reports, regulatory bodies and anyone else involved or interested in business continuity
ISO 22301 was revised in late 2019 to reflect ongoing changes in the business continuity world and bring more value to users. The text has also been improved to provide increased clarity and consistency. As compared to ISO 22301:2012, the primary changes to ISO 22301:2019 include:
- The structure of the standard has been reviewed to make it easier to read and implement, with greater clarification of what is required.
- The language and terminology have been simplified to remove duplication and better reflect today’s thinking in the business continuity industry.
- The High-Level Structure (HLS) has been streamlined to remain in line with other ISO management system standards.
Integration with other standards
ISO 22301 shares a high-level structure (identical core text, terms and definitions) with other ISO management system standards such as ISO 9001 (quality) and ISO 14001 (environment). This framework is designed to facilitate the integration of new management topics into an organization’s established management processes.
Certification to ISO 22301:2019
With economic losses from disasters now averaging USD 250 billion to USD 300 billion annually – according to the UNISDR’s report – building a more resilient world is increasingly being seen as a global priority. Certification to ISO 22301 is adopted by more and more organizations in order to benefit from the best practice it contains to reassure their organizational resilience and clients that their key continuity concerns have been addressed.