ISO 22301 specifies the structure and requirements for implementing and maintaining a business continuity management system (BCMS) that develops business continuity appropriate to the amount and type of impact that the organization may or may not accept following a disruption.

ISO 22301 covers the outcomes of maintaining a BCMS are shaped by the organization’s legal, regulatory, organizational and industry requirements, products and services provided, processes employed, size and structure of the organization, and the requirements of its interested parties.

ISO 22301 includes the importance of BCMS as follows:

• Understanding the organization’s needs and the necessity for establishing business continuity policies and objectives
• Operating and maintaining processes, capabilities, and response structures for ensuring the organization will survive disruptions
• Monitoring and reviewing the performance and effectiveness of the BCMS
• Continual improvement based on qualitative and quantitative measures.

What’s changed since the last update? 

BS EN ISO 22301:2019 supersedes BS EN ISO 22301:2014. BS EN ISO 22301:2019 includes some technical changes concerning BS EN ISO 22301:2014. These include:

• ISO’s requirements for management system standards, which have evolved since 2012, have been applied
• Requirements have been clarified, with no new requirements added
• Discipline-specific business continuity requirements are now almost entirely within Clause 8
• Clause 8 has been restructured to provide a clearer understanding of the key requirements
• Several discipline-specific business continuity terms have been modified to improve clarity and to reflect current thinking