ISO 22301 Management System Standard
The ISO 22301 standard details the requirements for a Business Continuity Management System (BCMS) and the aim of this standard is to help organisations review and identify threats to their ongoing operations and to prepare and test arrangements to ensure business can continue or recover from these threats, whether internal or external, with as little impact to ongoing operations as possible.
The current version of the standard, ISO 22301:2019, is structured following Annex SL and therefore the clauses are very similar to the structure of ISO 9001 and other Annex SL standards. The standard requires a clearly defined organisational structure with roles and responsibilities defined with the involvement and commitment from top management. Other requirements of this standard are that documented information is controlled, risks and opportunities are considered and that actions to address risks and opportunities are identified and managed.
Meeting the requirements of this standard
A business impact analysis and risk assessment is required to demonstrate that risks have been considered and evaluated and the impact they could have on normal operational activities are considered.
Business continuity strategies and solutions then need to be prepared to address the risks to normal business operations. A programme of testing and checking is also required to demonstrate that all risks have been identified and that adequate prevention and recovery systems are in place and effective.
Business impact assessment should consider all business critical functions and consideration of what unplanned events / disruptive incidents could affect these critical functions.
Meeting the requirements of this standard requires that an effective Business Continuity Management System (BCMS) has been prepared and that adequate business continuity plans and arrangements are in place with evidence that these plans are reviewed and tested on an ongoing basis. Business Continuity objectives should also be set and monitored.
There are quite specific documentation requirements for this standard including business impact analysis and risk assessments.
isoassured can assist with preparation of management systems to meet the requirements of this standard - check our ISO Consultancy page for details of how we can help with onsite consultancy, remote consultancy or by using our alphaZ documents package to meet the requirements of this standard.
Click here to view documents relevant to setting up an ISO 22301 compliant management system on alphaZ documents.
ISO 22301 Certification process
We offer a simple, smart, certification process to provide independent confirmation that your organisation meets the requirements of the ISO 22301 standard and once an audit has been completed with a satisfactory outcome we issue an ISO22301 registration certificate and authorise the organisation to display our 'ISO 22301 Registered' logo. Audits are completed by a qualified auditor and can be completed remotely or by site visit depending on the circumstances.
Further details on our certification service are available on the ISO Certification page.
Benefits of ISO 22301 Certification
- Be better prepared for unplanned events that could have an impact on business
- Reduce the possibility of unplanned events or emergencies happening
- Recover more quickly after an emergency
- Formal Business Impact analysis and business continuity priorities documented
- Effective Business Continuity Plan (BCP) and Business Continuity Management System (BCMS)
- Ensure key processes continue to function during an emergency situation
- Achieve better scores in pre-qualification questionnaires (PQQ's)
- Improved Systems for management and preservation of critical company processes
- Improved appraisal of reliance on outsourced services and rating of continuity
- Demonstration to suppliers / other interested parties that formal systems in place to ensure continuity of service
- Effective systems for monitoring and dealing with emergencies and incidents
- Ongoing checks and reviews of operational activities
- Systems for continual improvement of management systems
- ISO 22301 Registered Logo for use in marketing
- Enhanced systems for ongoing checks of continuity arrangements
- Checks that emergency arrangements are effective