ISO 22301 Security and resilience. Business continuity management systems.

This document specifies the structure and requirements for implementing and maintaining a business continuity management system (BCMS) that develops business continuity appropriate to the amount and type of impact that the organization may or may not accept following a disruption. The outcomes of maintaining a BCMS are shaped by the organization’s legal, regulatory, organizational and industry requirements, products and services provided, processes employed, size and structure of the organization, and the requirements of its interested parties.

Benefits of a business continuity management system

The purpose of a BCMS is to prepare for, provide and maintain controls and capabilities for managing an organization's overall ability to continue to operate during disruptions. In achieving this, the organization is:

• Supporting its strategic objectives.
• Creating a competitive advantage.
• Protecting and enhancing its reputation and credibility.
• Contributing to organizational resilience.
• Reducing legal and financial exposure.
• Reducing direct and indirect costs of disruptions.
• Protecting life, property and the environment.
• Considering the expectations of interested parties.
• Providing confidence in the organization's ability to succeed.
• Improving its capability to remain effective during disruptions.
• Demonstrating proactive control of risks effectively and efficiently.
• Addressing operational vulnerabilities.