- business continuity management -


ISO 22301:2019 Business Continuity Management System (BCMS) assists your organization’s ability to keep operating in challenging times.

Business disruption is a key concern for many executives. Cyber-attacks, IT breakdowns, flooding, fire, pandemic virus outbreaks and major supply chain issues are examples of incidents that may pose substantial threats to the running of any business. The Business Continuity Management System (BCSM) standard ISO 22301:2019 provides international best practices to help your organization respond to and recover from disruptions effectively.   

The ISO 22301:2019 requirements and a compliant Business Continuity Management System (BCMS) generally gives a clear and detailed view of how an organization operates. It offers valuable insight useful for strategic planning, risk management, supply chain management, business transformation and resource management.

Other outstanding benefits are:

  • Better understanding of your business through analysis of critical issues and areas of vulnerability 
  • Enhanced organizational resilience through cross-team collaborations
  • Consistent approach throughout the entire organization (for multi-site organizations) 
  • Reduced costs and less impact on business performance if a disruptive incident occurs 
  • Demonstration of your commitment to stakeholders such as customers, suppliers and regulators that your organization has sound systems and processes in place for business continuity 
  • Reap cost benefits from reduced insurance premiums 

Implementing ISO 22301 your Business Continuity Management System (BCSM) will help you. 

  • Obtain a better understanding of the organization. 
  • Implement a business continuity strategy and maintain proper solutions to be activated when needed. 
  • Maintain your continuity management plan through exercises and reviews of the organizational culture.  


The ISO 22301:2019 Business Continuity Management System (BCSM) includes:

Context of the Organization

  • Understanding the organization and its context
  • Understanding the needs and expectations of interested parties
    • General
    • Legal and regulatory requirements
  • Determining the scope of the Business Continuity Management System (BCSM)
    • General
    • Scope of the Business Continuity Management System (BCSM)
  • Business Continuity Management System (BCSM)


  • Leadership and commitment
  • Policy
    • Establishing the business continuity policy
    • Communicating the business continuity policy
  • Roles, responsibilities and authorities


  • Actions to address risks and opportunities
    • Determining risks and opportunities
    • Addressing risks and opportunities
  • Business continuity objectives and planning to achieve them
    • Establishing business continuity objectives
    • Determining business continuity objectives
  • Planning changes to the business continuity management system


  • Resources
  • Competence
  • Awareness
  • Communication
  • Documented information
    • General
    • Creating and updating
    • Control of documented information


  • Operational planning and control
  • Business impact analysis and risk assessment
    • General
    • Business impact analysis
    • Risk assessment
  • Business continuity strategies and solutions
    • General
    • Identification of strategies and solutions
    • Selection of strategies and solutions
    • Resource requirements
    • Implementation of solutions
  • Business continuity plans and procedures
    • General
    • Response structure
    • Warning and communication
    • Business continuity plans
    • Recovery
  • Exercise program
  • Evaluation of business continuity documentation and capabilities

Performance evaluation

  • Monitoring, measurement, analysis and evaluation
  • Internal audit
    • General
    • Audit program
  • Management review
    • Management review inputs
    • Management review outputs


  • Nonconformity and corrective action
  • Continual improvement