ISO 22301 2012 Plain English Introduction

ISO 22301 2019 is a generic business continuity management standard.
Use it to ensure that operations continue, that products and services are
delivered at predefined levels, that brands and value-creating activities

are protected, and that the reputations and interests of stakeholders
are safeguarded whenever major business disruptions occur.


ISO 22301 was first published in 2012. This current version was published
in 2019 and is the second edition of this standard. It cancels and replaces
the old ISO 22301 2012 edition.

ISO 22301 2019 is an international business continuity management
standard. The official name of this standard is ISO 22301:2019 Societal
security - Business continuity management systems - Requirements
These requirements can be found in the following seven sections:

  1. Context

  2. Leadership

  3. Planning

  4. Support

  5. Operations

  6. Evaluation

  7. Improvement


The purpose of this international standard is to help organizations
to ensure that operations continue and that products and services are
delivered at predefined levels, that brands and value-creating activities
are protected, and that the reputations and interests of key stakeholders
are safeguarded whenever business disruptions occur.

According to ISO 22301, any organization can achieve these important
objectives if it establishes a business continuity management system
(BCMS) and if it continually tries to improve the suitability, adequacy,
and effectiveness of this system.

A BCMS is a set of interrelated elements that organizations use to
establish, implement, operate, monitor, review, maintain, and improve
their business continuity capabilities. These elements include people,
policies, plans, procedures, processes, structures, and resources.

All of these elements are used to recover, restore, and resume the
delivery of products and services at acceptable predefined capacities
within acceptable predefined time frames whenever serious business
disruptions occur.


ISO 22301 is a generic business continuity management standard.
It can be used by any organization, or any part of an organization, no
matter what size it is or what it does. It can be used by both public and
private organizations and by enterprises of all kinds. It is not specific
to any sector or industry and can be applied in any environment.

However, exactly how you apply ISO 22301 is up to you and will
depend on your organization's unique business continuity needs
and obligations and the particular expectations and requirements
of interested parties. It will also be influenced by its inherent
complexity and its operating environment.

Exactly how you apply ISO 22301 will depend upon your organization's
unique structure, its legal and regulatory obligations, and the processes
it uses to support and deliver its products and services.


Use ISO 22301 2019 to establish a
BCMS and then use this system to:
• Secure your organization’s property.
• Safeguard personal health and safety.
• Make your organization more resilient.
• Enhance your organization’s credibility.
• Preserve your organization’s reputation.
• Minimize the cost of business disruption.
• Reduce your legal and financial exposure.
• Meet the expectations of interested parties.
• Manage and control your organization’s risks.
• Support your organization’s strategic objectives.
• Earn the trust and confidence of your stakeholders.
• Create a competitive advantage for your organization.
• Address your organization’s operational vulnerabilities.
• Provide reassurance that your organization can succeed.
• Encourage and support continuous organizational learning.
• Improve your organization’s ability to operate during a crisis.


ISO 22301 is designed to be used for certification purposes. Once you've
established a BCMS that meets both the ISO 22301 requirements and your
organization's unique needs, you can ask a registrar (certification body) to
audit your system. If you pass the audit, your registrar will issue an official
certificate that states that your BCMS meets the ISO 22301 requirements.

While ISO 22301 is specifically designed to be used for certification
purposes, you don’t have to become certified. You can be in compliance
without being formally registered by an accredited certification body.

You can self-audit your system and then announce to the world that
your BCMS complies with the standard (assuming that it actually does).
Of course, your claim may have more credibility if an independent
registrar has audited your BCMS and agrees with your claim.

PREVIEW OF ISO 22301 2019

As previously indicated, the standard's business continuity requirements
are described in ISO 22301 parts 4 to 10. The following material will briefly
introduce these seven sections.

Part 4. Context asks you to start by understanding your organization
and its context before you develop your organization's business continuity
management system (BCMS). It asks you to identify who your organization's
interested parties are and to clarify what their needs and expectations are;
and it asks you to consider all relevant legal and regulatory requirements.
It then asks you to figure out what your BCMS should apply to and to
formally define its scope.

Part 5. Leadership asks your organization's top management to provide
leadership for its BCMS by showing that they support it, by assigning
responsibility, and by establishing a business continuity policy.

Part 6. Planning asks you to prepare plans to address the risks
and opportunities that could affect your BCMS, to establish business
continuity objectives and plans to achieve them, and to control how
BCMS changes are planned and implemented.

Part 7. Support asks your organization to support its BCMS by providing
resources. It asks you to make sure that people are competent and that
they are aware of their responsibilities. And it asks you to manage
information and to control all relevant communications.

Part 8. Operations asks you to plan and control your organization's
BCMS processes. It then asks you to study disruptions, analyze impacts,
assess risks, and determine business continuity priorities and requirements.
It then asks you to develop business continuity strategies and solutions, to
establish business continuity plans and procedures, to create a structure to
manage operations during disruptions, and to establish business disruption
response teams. And, finally, it asks you to test your business continuity
strategies and solutions and to evaluate your continuity capabilities.

Part 9. Evaluation asks you to monitor, measure, analyze, audit, and
evaluate your organization's BCMS and to review its performance
at planned intervals.

Part 10. Improvement asks you to identify nonconformities, to take
corrective actions, and to enhance the suitability, adequacy, and
effectiveness of your organization's BCMS.


ISO 22301 uses what is called the Plan-Do-Check-Act (PDCA) Model.
It uses this model to organize the standard in the following way:

1. PLAN. Parts 4, 5, 6, and 7 expect you to plan
    the establishment of your organization's

2. DO. Part 8 expects you to establish your BCMS.

3. CHECK. Part 9 expects you to evaluate your BCMS.

4. ACT. Part 10 expects you to improve your BCMS.


Plain English Business Continuity Management Definitions

How to Establish a Business Continuity Management System

Brief Overview of ISO 22301 2019 Business Continuity Standard

The Structure of ISO’s Business Continuity Management Standard

ISO 22301 2019 Business Continuity Management in Plain English

ISO 22301 2012 Business Continuity Management in Plain English

How to do ISO 22301 2019 Business Continuity Gap Analysis

Plain English Business Continuity Management Checklist

Topics that Business Continuity Plans Should Address

Mini ISO 22301 2019 Business Continuity Audit Tool

ISO 22301 2019 Business Continuity Audit Tool

Knowledge and Skill Auditors Should Have

Our Plain English Approach to ISO 22301

Updated on October 5, 2020. First published on March 23, 2013.

Home Page

Our Library

A to Z Index

Our Customers

How to Order

Our Products

Our Prices

Our Guarantee

Praxiom Research Group Limited   780-461-4514

Legal Restrictions on the Use of this Page
Thank you for visiting this webpage. You are welcome to view our material as often as
you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright © 2013 - 2020 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research
        Group Limited