ISO 22301 Consultancy


ISO 22301 is a generic Business Continuity Management System (BCMS) Standard which specifies requirements for setting up an effective BCMS in an organization. This standard is applicable to all size and type of organizations.

The aim of ISO 22301 is to manage the risk that threaten the smooth running of business via plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against disruption, reduce the likelihood of occurrence, prepare and respond to disruption, Recover from disruptive incidents.

The latest version of ISO 22301 was published in 2019. This is a revised version of ISO 22301:2012. The aim of 2012 version ids to protect “social security” while the aim of 2019 version is to make the standard “more streamlined and practical.”

1. Key components of BCMS

The key components to the successful BCMS are:

  1. Policy
  2. People with defined responsibility
  3. Management review process related to
    • Policy
    • Planning
    • Implementation and operation,
    • Performance assessment,
    • Management review, and
    • improvement
  4. documentation providing auditable evidence; and
  5. any business continuity management processes relevant to the organization.

2. Benefits of BCMS

  • Minimize the effect of potential loss
  • Clear understanding of entire organization management system
  • Ensure minimum interruption during business
  • Gain client confidence
  • Enhance brand value
  • Demonstrate that organization meet the regional legal and regulatory requirement

3. Why implementation of BCMS important for organizations?

During pandemic period increase of cyber-attacks and business irregularity in organizations make them realize that how much business continuity plan and management is important for their organization. BCMS helps organisations to deal with incidents affecting their business-critical processes and activities, from the failure of a single server to the complete loss of a major facility. It also helps organization to, manage current and future threats, keep critical functions up and running during times of crises, minimize downtime during incidents and improve recovery time, adopt a proactive approach to minimizing the impact of incidents.