Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu





It has been seven years this June since the launch of the ISO 22301:2012 standard, and in this blog CertiKit takes a look at the benefits and relevancy of the standard and the steps to certification. The ISO 22301 standard describes the requirements for a business continuity management system, and helps businesses demonstrate to their clients, employees and stakeholders that a plan is in place to minimise the impact of potential disruptions. Disruptions can be a number of different things, including natural disasters, staff illness or hardware failures, to name a few.

infographic for business planning

What are the benefits of becoming ISO 22301 certified?

  • It can enhance your reputation with current and potential customers showing your business has taken a proactive approach to handle the effects of a potential incident with minimal disruption.
  • The process of becoming certified to the ISO 22301 standard can increase management and employee engagement across the business.
  • It can reduce the impact and frequency of disruptions and incidents by identifying potential risks and creating contingency plans.
  • It requires regular reviews and audits to ensure continual business improvement.

How long will it take to become certified?

This is highly dependant on resource and time dedicated to the project, but this is estimated to be up to one year. There are many routes to implement the standard into your business dependant on your own resource, time and budget.

  1. Hiring a consultant: Consultants will assess your business, implement the processes and create the documentation for you. This is a good method for businesses that don’t have any employees available to take on the project and the budget for a consultant.
  2. Using a toolkit: Pre-written guides and documentation, like our ISO 22301 toolkit, provide templates of the policies and procedures that can be adapted to your business, whilst guiding you to certification. This is the quickest and most effective way of using your in-house resource.
  3. In-house knowledge: Solely using in-house resource to understand the standard and create the necessary documents can be an ineffective and time-consuming method of practise, and is only recommended if an employee with the appropriate skills and knowledge is available to take on the project.

Is there anything else your business needs to assist the process?

We recommend having a copy of the ISO 22301:2012 standard. You can either purchase this directly from the ISO website or it is included in our Enhanced Gap Assessment Tool. This includes the exact text of sections 4 to 10 of the standard, broken down by individual requirement within a user-friendly spreadsheet. This enhanced gap assessment spreadsheet also includes tables and charts that show your status and progress to a precise level of detail, which is useful for reporting and audit readiness reviews.

How do I become certified?

Step 1: Become compliant to the standard using the method best suited to your business and industry.

Step 2: Perform an internal audit to highlight any non-conformities before the external audit. We advise an internal audit to be completed by an independent third-party auditor or an impartial qualified auditor within your organisation.

Step 3: The final external audit to achieve certification by an accredited Registered Certification Body (RCB), is not a requirement, however it is recommended as certification validates your ISO 22301 compliance.


The ISO standards are about continual improvement and include annual reviews and audits to ensure your business is conforming to the standard and has corrected any non-conformity highlighted at audit. ISO 22301 is suitable for businesses of any size and industry that want to put a business continuity plan in place.

Over 3000 businesses have purchased our toolkits


The structure is excellent, clear, precise and easy to digest. The content is professional and the guidance is extremely helpful. I cannot fault it!


View all Testimonials