top of page

ISO 22301 – Business Continuity Management


The world’s first international standard for Business Continuity Management (BCM), has been developed to help organizations minimize the risk of such disruptions.


ISO has officially launched ISO 22301, “Societal security – Business continuity management systems – Requirements”, the new international standard for Business Continuity Management System (BCMS). This standard will replace the current British standard BS25999.


ISO 22301 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to prepare for, respond to and recover from disruptive events when they arise.


The requirements specified in ISO 22301 are generic and intended to be applicable to all organizations (or parts thereof), regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization’s operating environment and complexity.


Business continuity standardization evolves with ISO 22301 by adding:

Greater emphasis on setting the objectives, monitoring performance and metrics; Clearer expectations on management;More careful planning for and preparing the resources needed for ensuring business continuity.


ISO 22301 applies to all types and sizes of organizations that wish to:

establish, implement, maintain and improve a BCMS; assure conformity with the organization’s stated business continuity policy; demonstrate conformity to others; seek certification/registration of its BCMS by an accredited third party certification body; or make a self-determination and self-declaration of conformity with this International Standard.



Business continuity is not a project with a beginning and ending date, it is a program to be managed indefinitely.

Key Benefits:

  • Strengthen Company Management Process

  • Protects Shareholders, Assets and Operation

  • Makes risk visible to Top Management

  • Identifies clearly risk map for business continuity

  • Drives competency improvement to mitigate risk elements

  • Key products and services are identified and critical activities are understood and strategies planned and agreed

  • People, Premises, Technology, Infrastructure, Operational, Financial and Regulatory are all included in the Programme.

  • Incident response abilities are planned and Incident Management teams prepared

  • Strengthens Corporate Resilience

bottom of page