Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you request to download our free implementation guide, we use your name, company name (which is optional) and your email address to email you a link to download the requested document. We may also email you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

Reveal Menu

What is ISO22301?

The ISO22301 international standard for “Societal Security – Business Continuity Management Systems (BCMS) – Requirements” was published by ISO in 2012 and is based upon the earlier British standard BS25999-2.

ISO22301 specifies the requirements that your BCMS will need to meet in order for your organization to become certified to the standard. The requirements in ISO22301 are supplemented by guidance contained in ISO22313 which was also published in 2012. ISO22313 is well worth reading as it fills in some of the gaps in understanding how the requirements in ISO22301 should be met and gives more clues about what the auditor may be looking for.

How can implementing ISO22301 benefit your business?

Becoming compliant to the ISO22301 standard can bring many benefits to your organization:

  • It can enhance your reputation with current and potential customers showing your business has taken a proactive approach to handle the effects of a potential incident with minimal disruption.
  • The process of becoming certified to the ISO22301 standard can increase management and employee engagement across the business.
  • It can reduce the impact and frequency of disruptions and incidents by identifying potential risks and creating contingency plans.
  • It requires regular reviews and audits to ensure continual business improvement.

What is a BCMS?

When looking at business continuity the emphasis is usually on “The Plan”. This is the document (or documents) that will tell everyone what to do in an emergency, how to handle a crisis and keep the business running. And it’s right that this should be the main focus; it is, after all, the main deliverable of the whole business continuity idea.

The function of the BCMS is to wrap itself around the plan and ensure (among other things) that:

  1. The plan is based on the right information about the business (business impact analysis).
  2. We have a good idea of what we need to plan for (risk assessment).
  3. The plan works (exercising and testing).
  4. Everybody knows about the plan and how to use it (awareness and training).
  5. We update the plan when things change around it (management review).
  6. The plan gets better over time (continual improvement).

What does the standard consist of?

The ISO22301 standard consists of a number of major headings which are:

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context of the organization
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement

As with many of the standards, sections 1-3 are for reference and are well worth a read to understand the standard in more detail. Section 0 is the introduction to the standard.

Sections 4 to 10 set out the requirements of the standard and are compulsory if an organization is to be compliant. So, the (internal and external) auditing process checks whether the requirements are being met by the organization. Requirements are not optional and if they are not being met then a nonconformity will be raised by the auditor and the organization will need to address it to gain or keep their certification to the standard.

Becoming certified

The steps to becoming ISO22301 certified are like that of other ISO standards and include the following steps:

  1. Become compliant to the standard using the method best suited to your business and industry.
  2. Perform an internal audit to highlight any nonconformities before the external audit. We advise an internal audit to be completed by an independent third-party auditor or an impartial qualified auditor within your organisation.
  3. The final external audit to achieve certification by an accredited Registered Certification Body (RCB) is not a requirement. However, it is recommended as certification validates your ISO22301 compliance.

How can CertiKit help?

The ISO standards are about continual improvement and include annual reviews and audits to ensure your business is conforming to the standard and has corrected any nonconformities highlighted at audit. ISO22301 is suitable for businesses of any size and industry that want to put a business continuity plan in place. CertiKit’s ISO22301 toolkit will help make complying to the standard simpler. Why not download a free sample document to start your journey to certification today.

Over 3000 businesses have purchased our toolkits

Testimonials

The toolkits are very clear and easy to use and probably the best examples out there for these standards. Easy to adapt or add details to, to reflect your own processes and procedures.

Middle Manager
Aberdein Considine, UK

View all Testimonials