ISO 22301 Security and resilience. Business continuity management systems.
This document specifies the structure and requirements for implementing and maintaining a business continuity management system (BCMS) that develops business continuity appropriate to the amount and type of impact that the organization may or may not accept following a disruption.
The outcomes of maintaining a BCMS are shaped by the organization’s legal, regulatory, organizational and industry requirements, products and services provided, processes employed, size and structure of the organization, and the requirements of its interested parties.
Benefits of a business continuity management system
The purpose of a BCMS is to prepare for, provide and maintain controls and capabilities for managing an organization's overall ability to continue to operate during disruptions. In achieving this, the organization is:
- Supporting its strategic objectives.
- Creating a competitive advantage.
- Protecting and enhancing its reputation and credibility.
- Contributing to organizational resilience.
- Reducing legal and financial exposure.
- Reducing direct and indirect costs of disruptions.
- Protecting life, property and the environment.
- Considering the expectations of interested parties.
- Providing confidence in the organization's ability to succeed.
- Improving its capability to remain effective during disruptions.
- Demonstrating proactive control of risks effectively and efficiently.
- Addressing operational vulnerabilities.
ISO 22301 certification
ISO 22301 certification (also known as “registration”) is a third-party audit performed by a certification body who, upon verification that an organization is in compliance with the requirements of ISO 22301, will issue an ISO 22301 certificate. This certification is then maintained through regularly scheduled annual surveillance audits by the registrar, with re-certification of the Quality Management System performed on a triennial basis.