ISO 22301 – Security and resilience – Business continuity management systems

ISO 22301 is the international standard for implementing and maintaining a business continuity management system (BCMS). It defines the appropriate amount and type of impact that your organisation may or may not accept following a disruption through failure or outage.

Your BCMS will be designed around your company’s legal, regulatory, organisational and industry requirements. It will encompass the products and services provided, the processes you define, the size and structure of your business, and any interested parties’ requirements.

When you implement your BCMS you will need to take into consideration the importance of the following:

  • Understand your company’s needs for establishing business continuity policies and objectives.
  • You will need to operate and maintain processes. You will define capabilities and responses to ensure your business can survive any disruptions.
  • The monitoring and reviewing of the performance and effectiveness of the BCMS will need to be tested.
  • Continual improvement will need to be demonstrated based on quantitative and qualitative measures.
A BCMS will need to include:
  • A Policy

  • Competent people with defined responsibilities

  • Management processes for:

    1. Policy
    2. Planning
    3. Implementation and operation
    4. Performance assessment
    5. Management review
    6. Continual improvement
  • Documented information supporting operation controls and performance evaluation


Like all ISO standards, implementing ISO 22301 and a Business continuity management system can your business major benefits.

Business benefits

  • Supporting your strategic objectives
  • Creating a competitive advantage over your competition
  • Protecting and enhancing your reputation and credibility
  • Enhancing organisational resilience

Financial benefits

  • Reducing legal and financial exposure
  • Reduce cost by eliminating outages and system failures
  • Reduce your insurance premiums

Interested parties

  • Protection of life, property and the environment
  • Maintaining the expectations of interested parties
  • Providing the confidence in your business’s ability to succeed

Internal parties

  • Improving your ability to maintain business services during a major outage
  • Demonstrating you have proactive controls and you are managing risk effectively and efficiently
  • Continually addressing operational vulnerabilities

How to achieve compliance

To achieve compliance, you will have to meet the requirements laid down in ISO 22301. This means you will need to comply with the 10 main clauses laid down in Annex L (formally Annex SL).

By following these controls, it means your business can run your systems fully integrated with one another.

Key requirements are:

  • Continuity – The process your business must adopt to ensure you keep operating through any disruption, outage or disaster
  • Management responsibility – All compliance must come from the top, you have to demonstrate you have senior management support
  • Resource management – You will need to define who in the company does what and ensure they know what they need to do
  • Measurement – Once the standard is in place, you will need to show how you will measure, analyse and show improvement.
How can Unleashed help?

Unleashed is here to guarantee you get your ISO 22301 accreditation (providing you follow our guidelines). Our trained consultants have been working and helping businesses for many years to attain this standard and will help you with your internal audits.

We pride ourselves on our personal approach and will work with you every step of the way, this means you don’t need to worry and stress, that is our job!

With our methodical approach, we will aim to have you passed and certified within 3 months.


Contact us

If you’re interested in talking about ISO 22301 and seeing what we could do for your organisation, please get in touch.