ISO 22301:2019
ISO 22301 certification
Business Continuity Management Systems
Operational resilience for cyber-attacks, supply-chain failures and other disruptions.
At a glance
- UK adoption
- Around 2,500 UK organisations are estimated to be certified
- Structure
- Annex SL — integrates with other ISO standards
Overview
What ISO 22301 is — in plain English.
ISO 22301:2019 is the international standard for Business Continuity Management Systems (BCMS). The standard outlines a framework to help organisations identify, prepare for, and recover from disruptive incidents like cyber-attacks, disasters, or supply-chain failures. It takes a risk-based approach to ensure operational resilience, protect reputation, and minimise downtime in the event of disruption.
Inside the standard
Key aspects of ISO 22301
Core requirements
Focuses on planning, establishing, implementing, operating, monitoring, reviewing and improving a documented management system.
Key tools
Involves conducting a Business Impact Analysis and risk assessments to prioritise critical business functions.
Controls & response
Planning and implementing controls and response actions related to potential disruptions.
Test, review, improve
Builds in routine testing, review and improvement so the plan stays current as your business changes.
Why certify
Benefits of certification
ISO 22301:2019 aligns with Annex SL, allowing it to be easily integrated with other ISO management systems.
Operational resilience
Enhances your ability to keep delivering critical services during and after a disruption.
Stakeholder confidence
Improves reputation, ensures regulatory compliance, and increases stakeholder confidence.
Suitable for any business
The management system is suitable for any organisation, regardless of size or type.
Common questions