ISO 22301 - Security and resilience

The full name of this standard is ISO 22301:2019 Security and resilience – Business continuity management systems – Requirements. It is an international standard published by the International Organization for Standardization (ISO), and it describes how to manage business continuity in an organization. This standard is written by leading business continuity experts and provides the best framework for managing business continuity in an organization.

Adopting ISO 22301 can help organizations to minimize the impact of disruptions on their operations, protect their reputation, and maintain customer and stakeholder confidence. It can also help to demonstrate compliance with regulatory requirements and improve the organization’s resilience and ability to adapt to changing circumstances.


Key features of ISO 22301

Risk assessment and management

The standard requires organizations to identify and assess the risks that could impact their operations and develop a risk management plan to mitigate or manage those risks.

Business continuity management system

The standard provides a framework for establishing, implementing, maintaining, and continually improving a BCMS, which is a set of processes, policies, and procedures that ensure an organization can continue its critical functions during and after a disruption.

Business continuity strategy

Based on the results of the risk assessment and BIA, the standard requires organizations to develop a business continuity strategy that outlines the measures and procedures to be taken to ensure the continuity of critical functions during and after a disruption.

How does ISO 22301 work?

The focus of ISO 22301 is to ensure continuity of business delivery of products and services after occurrence of disruptive events. This is done by finding out business continuity priorities  what potential disruptive events can affect business operations  defining what needs to be done to prevent such events from happening, and then defining how to recover minimal and normal operations in the shortest time possible. Therefore, the main philosophy of ISO 22301 is based on analyzing impacts and managing risks: find out which activities are more important and which risks can affect them, and then systematically treat those risks.

How does business continuity fit into overall management?

Business continuity is part of overall risk management in a company, with areas that overlap with information security management and IT management.

Achieve your Cyber Security Compliance

Compliance Management

Integrated Vulnerability Management

Integrated Privacy Framework

ISO 27001:2022

Risk Management