Call 0203 442 9757

What is ISO 22301?

“What is ISO 22301?” is a question we are often asked. Well, simply put, it helps organizations enhance their resilience, minimize downtime, and ensure continuity of critical operations in unforeseen events such as natural disasters, cyber-attacks, or other emergencies by implementing a Business Continuity Management System.

What is ISO 22301?

ISO 22301 is an internationally recognized standard for business continuity management systems (BCMS). It can improve your Business Continuity Management, focusing on their Business Continuity Plan and its purpose in the sustainability of the business. It provides a framework that enables organizations to identify potential threats, assess their impact and develop strategies to effectively respond to; also to recover from disruptive incidents. By implementing ISO 22301, organizations can enhance their resilience, minimize downtime and ensure continuity of critical operations during unforeseen events such as natural disasters, cyber-attacks, or other emergencies.

Who is ISO 22301 certification suitable for?

The BCMS standard ISO 22301 applies worldwide to those who wish to verify that their business continuity plans are well managed. It provides companies of all sizes and industries with a framework for planning, implementing, and monitoring their business continuity within a business. The requirements are applicable and apply to private and public companies as well as non-profit organizations. It however, mostly benefits larger companies or those seeking tender opportunities with larger companies.

How do I build an ISO 22301 Business Continuity Management System?​

Iso in a dash United Kingdom Kent ireland London iso compliance certification management - suppliers icon

Leadership Commitment​

Secure commitment from top management to prioritize business continuity and allocate necessary resources for the BCMS implementation.

ISO 9001 internal audits

Business Impact Analysis

Secure commitment from top management to prioritize business continuity and allocate necessary resources for the BCMS implementation.

Implementation Management

Risk Assessment​

Perform a risk assessment to identify and evaluate threats and vulnerabilities that could affect business continuity.

Process Optimisation

Continuity Strategy

Develop business continuity strategies and plans to ensure the organization can continue critical activities during and after a disruptive incident.

Iso in a dash United Kingdom Kent ireland London iso compliance certification management - audit white icon


Prepare necessary documentation, including business continuity policies, procedures, and plans.

ISO 22301 Consulting

Training and Awareness​

Ensure all employees are aware of the business continuity plans and their roles during a crisis. Meet ISO 22301 requirements.

Iso in a dash United Kingdom Kent ireland London iso compliance certification management - corrective clipboard icon

Testing and Exercises

Regularly conduct tests and exercises to validate the effectiveness of the business continuity plans and identify areas for improvement.

ISO 22301 internal audits

Review and Update​

Continuously review and update the BCMS based on lessons learned from exercises, incidents, and changes in the organization’s operations.

How do I get certified to ISO 22301?


Ensure your BCMS is fully implemented and operational. Conduct an internal audit to identify any gaps or non-conformities.

Certification Body Selection

Choose an accredited certification body with expertise in business continuity management to perform the certification audit.



Submit an application to the selected certification body, providing the required documentation and information about your BCMS.

Stage 1 Audit

The certification body will conduct a Stage 1 audit to review your documentation and readiness for the certification audit.

Stage 2 Audit

The certification body will conduct a more comprehensive Stage 2 audit to assess the implementation and effectiveness of your BCMS.

Certification Decision

After successful completion of the Stage 2 audit, the certification body will review the findings and make a certification decision.

Certificate Issuance

If your organization meets all the requirements, the certification body will issue an ISO 22301 certificate, demonstrating your compliance with the standard.

What happens after ISO 22301 certification?

After achieving ISO 22301 certification, the following activities take place:

Surveillance Audits

The certification body will conduct regular surveillance audits to ensure ongoing compliance with ISO 22301.

Continuous Improvement

Use the findings from surveillance audits and reviews to drive continuous improvement in your business continuity plans and strategies.

Stakeholder Confidence

ISO 22301 certification enhances stakeholder confidence in your organization’s ability to effectively respond to disruptions.

Business Resilience

Having an ISO 22301-certified BCMS enhances your organization’s resilience and ability to withstand and recover from disruptive incidents.

Maintaining Certification

To maintain your certification, continue to adhere to the ISO 22301 requirements and address any identified non-conformities during surveillance audits.

What makes the ISO 22301 standard useful for my company?

ISO 22301, a strategic choice for Business Continuity Management, establishes a robust framework for effective continuity planning. The standard, with 35 measure targets outlined in Annex A, incorporates 114 concrete measures across 14 chapters, emphasizing safety enhancement. ISO 22301 ensures continuous improvement, risk reduction, compliance adherence, heightened employee awareness, and increased customer satisfaction. Guided by top management, internal audits and reviews drive these improvements. 

Certification under ISO 22301 instills trust among stakeholders, showcasing adept risk management and a commitment to ongoing enhancement. It stands independently for business continuity benefits, complementing ISO/IEC 27001-compliant ISMS implementations tailored to specific company needs.

The consistent alignment of company processes with ISO 22301 has been proven to lead to a number of benefits:

Enhanced Resilience

Risk Reduction

Competitive Advantage

Compliance Adherence

Increased customer satisfaction

Internal audits and management reviews with the participation of top management are the internal levers for achieving this.

Other positive aspects are that interested parties such as supervisory authorities, insurance companies, banks, partner companies build up a higher level of trust in your company. This is because a certified management system signals that your organization deals with risks in a structured manner and subscribes to continuous improvement (CIP), making it more resistant to unwanted influences.

The international standard ISO 22301 can also be implemented, operated and certified independently of other management systems such as ISO 9001 (quality management) or ISO 14001 (environmental management).

Ready to Take Your Business to the Next Level?

Explore our services and discover how we can help your organization thrive in today’s competitive landscape. Click on the links above to learn more about each service and how it can benefit your business. Together, let’s unlock the full potential of your organization and shape a successful future.