Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you request to download our free implementation guide, we use your name, company name (which is optional) and your email address to email you a link to download the requested document. We may also email you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

Reveal Menu





It has been seven years this June since the launch of the ISO 22301:2012 standard, and in this blog CertiKit takes a look at the benefits and relevancy of the standard and the steps to certification. The ISO 22301 standard describes the requirements for a business continuity management system, and helps businesses demonstrate to their clients, employees and stakeholders that a plan is in place to minimise the impact of potential disruptions. Disruptions can be a number of different things, including natural disasters, staff illness or hardware failures, to name a few.

infographic for business planning

What are the benefits of becoming ISO 22301 certified?

  • It can enhance your reputation with current and potential customers showing your business has taken a proactive approach to handle the effects of a potential incident with minimal disruption.
  • The process of becoming certified to the ISO 22301 standard can increase management and employee engagement across the business.
  • It can reduce the impact and frequency of disruptions and incidents by identifying potential risks and creating contingency plans.
  • It requires regular reviews and audits to ensure continual business improvement.

How long will it take to become certified?

This is highly dependant on resource and time dedicated to the project, but this is estimated to be up to one year. There are many routes to implement the standard into your business dependant on your own resource, time and budget.

  1. Hiring a consultant: Consultants will assess your business, implement the processes and create the documentation for you. This is a good method for businesses that don’t have any employees available to take on the project and the budget for a consultant.
  2. Using a toolkit: Pre-written guides and documentation, like our ISO 22301 toolkit, provide templates of the policies and procedures that can be adapted to your business, whilst guiding you to certification. This is the quickest and most effective way of using your in-house resource.
  3. In-house knowledge: Solely using in-house resource to understand the standard and create the necessary documents can be an ineffective and time-consuming method of practise, and is only recommended if an employee with the appropriate skills and knowledge is available to take on the project.

Is there anything else your business needs to assist the process?

We recommend having a copy of the ISO 22301:2012 standard. You can either purchase this directly from the ISO website or it is included in our Enhanced Gap Assessment Tool. This includes the exact text of sections 4 to 10 of the standard, broken down by individual requirement within a user-friendly spreadsheet. This enhanced gap assessment spreadsheet also includes tables and charts that show your status and progress to a precise level of detail, which is useful for reporting and audit readiness reviews.

How do I become certified?

Step 1: Become compliant to the standard using the method best suited to your business and industry.

Step 2: Perform an internal audit to highlight any non-conformities before the external audit. We advise an internal audit to be completed by an independent third-party auditor or an impartial qualified auditor within your organisation.

Step 3: The final external audit to achieve certification by an accredited Registered Certification Body (RCB), is not a requirement, however it is recommended as certification validates your ISO 22301 compliance.


The ISO standards are about continual improvement and include annual reviews and audits to ensure your business is conforming to the standard and has corrected any non-conformity highlighted at audit. ISO 22301 is suitable for businesses of any size and industry that want to put a business continuity plan in place.

Over 3000 businesses have purchased our toolkits


The templates have a good explanation on how each is used, and customising it to my company is very easy. Also it is easy to integrate into documentation we already have.

Risk Management and Compliance Officer
e4 Strategic

View all Testimonials