ISO 22301: Implementing an Effective Business Continuity Management System (BCMS).

ISO 22301: Implementing an Effective Business Continuity Management System (BCMS).

ISO 22301 is an international standard that specifies the requirements for implementing an effective Business Continuity Management System (BCMS). Its full name is ISO 22301:2012 Societal Security – Business continuity management systems – Requirements. This standard provides guidance for organizations to establish and continuously improve a BCMS that allows them to reduce the occurrence of a disruptive event, respond effectively to it, and recover rapidly in case such an event arises.

ISO 22301 establishishes and continuously improves on a BCMS that allows them to reduce the occurrence of a disruptive event, respond effectively to it, and recover rapidly in case such an event arises.
ISO 22301 establishishes and continuously improves on a BCMS that allows them to reduce the occurrence of a disruptive event, respond effectively to it, and recover rapidly in case such an event arises.

ISO 22301 was developed by the International Organization for Standardization (ISO) in 2012. This standard was written by specialists in the field to provide the best framework for managing business continuity within an organization. This standard emphasizes the importance of:

  • Understanding the organization’s needs and the necessity for establishing business continuity management policy and objectives,
  • Implementing and operating controls and measures for managing an organization’s overall capability to manage disruptive incidents,
  • Monitoring and reviewing the performance and effectiveness of the BCMS, and
  • Continual improvement based on objective measurement.



If an organization has not established an effective BCMS, it can undergo a series of losses if a disruptive event takes place. Some of the possible consequences are loss of customers, reputation damage, and financial loss. An organization that successfully implements this standard will drastically reduce a disruptive event’s potential damage by:

  • Identifying and managing any kind of current and future threats.
  • Minimizing the impact of incidents, and keeping critical functions ready and running during times of crisis.
  • Increasing its capacity to minimize downtime after any incident.
  • Improving recovery time and demonstrating their resistance to customers, suppliers and tender offers.
ISO 22301 is the only standard against which an organization can certify its BCSM
ISO 22301 is the only standard against which an organization can certify its BCSM

The requirements specified in ISO 22301 are generic and can be applied to all organizations. Any organization, large or small, for profit or non-profit, private or public, can use this standard to establish a BCMS that is appropriate to its needs and meets its interested parties’ requirements. This standard is also compatible with other ISO management systems standards, thereby supporting consistent and integrated implementation and operation with related management systems.

One of the features that differentiate this standard from other business continuity frameworks and standards is that an organization can become certified by an accredited certification body, and will therefore be able to prove its compliance to its customers, partners, owners and other stakeholders. ISO 22301 replaced the well-recognized standard BS 25999-2. These two standards are rather similar, but ISO 22301 could be considered an upgrade from BS 25999-2. After its release in 2012, ISO 22301 is the only standard against which an organization can certify its BCSM.