ISO 22301 – Business Continuity Management

What’s the ISO 22301 standard?

ISO 22301 is a standard t0 implent the processes to ensure the continuity of business processes and the availability of information.

What’s in the ISO 22301 standard?

The ISO 22301 is divided into the following clauses:

0 – Introduction

1- Scope

2- References

3 – Terms and definitions

4 – Context of the organization

5 – Leadership

6 – Planning

7 – Support

8 – Operations

9 – Evaluation

10 – Improvement


What are the key drivers for implementing ISO 22301?

Among the drivers for organizations to implement ISO 22301 are to meet the expectations of internal and external stakeholders including owners/stockholders, customers and regulators that are interested in the resilience and continuity of their processes and the availiability of it’s tools and information.
What are the reasons for organizations go after ISO 22301 certification?
Organizations take the step to certify in order to
  1. meet customer requirements.
  2. obtain an independent review of the appropriateness of their Information Security program against a global standard.
  3. provide assurance to interested parties of their framework of Information Security management processes and controls.
  4. reduce the requirement for additional customer audits and reviews or to limit their scope.