ISO 22301:2019, Security and resilience – Business continuity management systems – Requirements, is a management system standard published by International Organization for Standardization that specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.[1] It is intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization.[2][3][4]

Organizations that implement a business continuity management system (BCMS) based on the requirements of ISO 22301 can undergo a formal assessment process through which they can obtain accredited certification against this standard. A certified BCMS demonstrates to internal and external stakeholders that the organization is adhering to good practices in business continuity management.[5]

Scope and contents

edit

Similar to other management system standards by ISO, the requirements specified in ISO 22301 are generic and intended to be applicable to all organizations, regardless of type, size, and industry. However, the extent of applicability of the requirements depends on the organization's environment and complexity.[6]

ISO 22301 is divided into 10 main clauses and has adopted the high-level structure and standardized text set out by Annex L.

The standard is divided as follows:

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement

The high-level structure of ISO 22301, shared with other ISO management systems standards, such as ISO/IEC 27001, ISO 9001, ISO/IEC 20000-1, create a consistency which can help organizations integrate several management systems.[7] This can help organizations improve efficiency, eliminate duplication, and achieve cost savings.[8]

edit

ISO 22301 is the first of a series of ISO standards and Technical Specifications on Business continuity management, including[9]

  • ISO 22300:2021 Security and resilience – Vocabulary
  • ISO 22313:2020 Security and resilience – Business continuity management systems – Guidance on the use of ISO 22301[10]
  • ISO/TS 22317:2021 Security and resilience – Business continuity management systems – Guidelines for business impact analysis[11]
  • ISO/TS 22318:2021 Security and resilience – Business continuity management systems – Guidelines for supply chain continuity[12]
  • ISO/TS 22330:2018 Security and resilience – Business continuity management systems – Guidelines for people aspects on business continuity[13]
  • ISO/TS 22331:2018 Security and resilience – Business continuity management systems – Guidelines for business continuity strategy[14]
  • ISO/TS 22332:2021 Security and resilience – Business continuity management systems – Guidelines for developing business continuity plans and procedures[15]
  • ISO/IEC/TS 17021-6:2015 Conformity assessment – Requirements for bodies providing audit and certification of management systems – Part 6: Competence requirements for auditing and certification of business continuity management systems[16]

History

edit

This standard was originally developed by ISO technical committee ISO/TC 223 on societal security and published for the first time in May 2012. ISO 22301:2012 was the first published ISO standard that had fully adopted the new format for writing management system standards described in Annex L. ISO/TC 292 Security and resilience took over the responsibility of the work when ISO/TC 223 was dissolved and initiated a revision of the standard.[17] The 2nd edition was published on 31 October, 2019, essentially consisting in refactoring the text of the standard to avoid repetitions.[1]

Year Description
2012 ISO 22301 (1st Edition)
2019 ISO 22301 (2nd Edition)

See also

edit

References

edit
  1. ^ a b "ISO 22301:2019". ISO. 5 June 2023.
  2. ^ "What is ISO 22301? Learn the Basics". 27001Academy.
  3. ^ Howard, Casey (August 6, 2018). "What is business continuity/ISO 22301 and why do you need it?". IT Governance UK Blog.
  4. ^ "What is ISO 22301 (International Organization of Standardization standard 22301)? - Definition from WhatIs.com". SearchDisasterRecovery.
  5. ^ Tangen, Stefan; Austin, Dave (June 2012). "Business continuity: ISO 22301 when things go seriously wrong" (PDF). ISO Focus+. 3 (6): 22–23. ISSN 2226-1095. OCLC 834139006.
  6. ^ "ISO 22301:2019(en), Security and resilience — Business continuity management systems — Requirements". iso.org. Retrieved 2021-07-09.
  7. ^ "ISO 22301 - Business continuity" (PDF). iso.org. 2019-10-29. Retrieved 2021-07-09.
  8. ^ The integrated use of management system standards (IUMSS). Geneva: International Organization for Standardization. 2018. ISBN 9789267108308. OCLC 1108681092.[page needed]
  9. ^ Gasiorowski-Denis +41 22 749 03 25, Elizabeth (5 June 2012). "ISO publishes new standard for business continuity management". ISO.{{cite web}}: CS1 maint: numeric names: authors list (link)
  10. ^ "ISO 22313:2020". ISO.
  11. ^ "Iso/Ts 22317:2021".
  12. ^ "Iso/Ts 22318:2021".
  13. ^ "ISO/TS 22330:2018". ISO. 12 July 2019.
  14. ^ "ISO/TS 22331:2018". ISO.
  15. ^ "Iso/Ts 22332:2021".
  16. ^ "ISO/IEC TS 17021-6:2014". ISO.
  17. ^ "ISOTC292". www.isotc292online.org.
edit
  • ISO 22301:2012 — Societal security — Business continuity management systems — Requirements (Withdrawn, revised by ISO 22301:2019)
  • ISO 22301:2019 — Security and resilience — Business continuity management systems — Requirements
  • ISO TC 292 — Security and resilience
  • "ISOTC292". isotc292online.org. Archived from the original on 2020-09-22.