ISO 22301 2019 is a business continuity management standard.
This page outlines the structure of this standard. For a more detailed
version, please see ISO 22301 2019 Translated into Plain English.
4.1 Understand your organization and its unique context.
4.2 Define the needs and expectations of your interested parties.
4.2.1 Clarify who your interested parties are and specify their requirements.
4.2.2 Consider legal and regulatory requirements when you set up your BCMS.
4.3 Figure out what your BCMS should apply to and clarify its scope.
4.3.1 Think about context, mission, and requirements when you define scope.
4.3.2 Think about what to include and exclude when you define your scope.
4.4 Establish a BCMS in accordance with the requirements of this document.
5.1 Provide leadership by supporting business continuity management.
5.2 Provide leadership by implementing a business continuity policy.
5.2.1 Provide leadership by establishing a business continuity policy.
5.2.2 Provide leadership by communicating business continuity policy.
5.3 Provide leadership by assigning roles, responsibilities, and authorities.
6.1 Define actions to manage your BCMS risks and opportunities.
6.1.1 Determine risks and opportunities when planning BCMS.
6.1.2 Plan how to address your BCMS risks and opportunities.
6.2 Formulate BC objectives and develop plans to achieve them.
6.2.1 Establish BC objectives at relevant functions and levels.
6.2.2 Plan how to achieve your organization's BC objectives.
6.3 Control how BCMS changes are planned and implemented.
7.1 Support your BCMS by providing the necessary resources.
7.2 Support your BCMS by ensuring that people are competent.
7.3 Support your BCMS by making people aware of their duties.
7.4 Support your BCMS by controlling your communications.
7.5 Support your BCMS by managing documented information.
7.5.1 Support BCMS by including necessary documented information.
7.5.2 Support BCMS by managing the use of documented information.
7.5.3 Support BCMS by controlling applicable documented information.
184.108.40.206 Control availability, suitability, confidentiality, and security.
Control distribution, storage, modification, and disposition.
8.1 Carry out process planning and establish controls.
8.2 Study disruptions and risks and set your priorities.
8.2.1 Establish processes to analyze impacts and assess risks.
8.2.2 Determine business continuity priorities and requirements.
8.2.3 Assess risks and determine which ones should be treated.
8.3 Develop business continuity strategies and solutions.
8.3.1 Consider risks and business continuity strategies.
8.3.2 Identify business continuity strategies and solutions.
8.3.3 Select business continuity strategies and solutions.
8.3.4 Determine resources needed to implement solutions.
8.3.5 Implement business continuity strategies and solutions.
8.4 Establish business continuity plans and procedures.
8.4.1 Develop a structure to manage operations during disruptions.
8.4.2 Develop a disruption response structure for your organization.
Create one or more business disruption response teams.
220.127.116.11 Define roles and responsibilities for disruption response teams.
Assign personnel who are capable of responding to disruptions.
18.104.22.168 Appoint capable people and document all response procedures.
8.4.3 Develop procedures to manage communications and warnings.
22.214.171.124 Communicate with interested parties when disruptions occur.
126.96.36.199 Issue warnings and support emergency response organizations.
8.4.4 Develop and maintain business continuity plans and procedures.
188.8.131.52 Plan how to respond to disruptions and how to restore operations.
Specify the steps needed to continue activities and manage
184.108.40.206 Define purpose, scope, objectives, roles, responsibilities, and actions.
8.4.5 Develop and document processes needed to normalize activities.
8.5 Test business continuity strategies and solutions.
8.6 Evaluate your business continuity capabilities.
9.1 Monitor, measure, analyze, and evaluate performance.
9.2 Utilize audits to assess conformance and effectiveness.
9.2.1 Carry out internal BCMS audits at planned intervals.
9.2.2 Establish your organization's BCMS audit programme.
9.3 Carry out management reviews at planned intervals.
9.3.1 Plan how to review the performance of your BCMS.
9.3.2 Review the performance of your organization's BCMS.
9.3.3 Summarize the performance of your organization's BCMS.
220.127.116.11 Generate outputs and identify improvement opportunities.
Document and share your results and take remedial action.
10.1 Identify nonconformities and take corrective action.
10.1.1 Determine opportunities to improve and take action.
10.1.2 Take corrective action when nonconformities occur.
10.1.3 Document nonconformities and the actions taken.
10.2 Enhance suitability, adequacy, and effectiveness.
If you'd like to see how we've translated each of
these sections into
Plain English, please check out our more detailed ISO 22301 2019 page.
OTHER ISO 22301 RESOURCE MATERIALS
Introduction to Business Continuity Management
Plain English Business Continuity Management Definitions
How to Establish a Business Continuity Management System
Overview of ISO 22301 2019 Business Continuity Standard
22301 2019 Business Continuity Management in Plain English
ISO 22301 2012 Business Continuity Management in Plain English
How to do an ISO 22301 2019 Business Continuity Gap Analysis
English Business Continuity Management Checklist
Topics that Business Continuity Plans Should Address
ISO 22301 2019 Business Continuity Audit Tool
22301 2019 Business Continuity Audit Tool
and Skill Auditors Should Have
Updated on October 5, 2020. First published on March 23, 2013.
Praxiom Research Group Limited firstname.lastname@example.org 780-461-4514
Legal Restrictions on the Use of this Page
Copyright © 2013 - 2020 by Praxiom Research Group Ltd. All Rights Reserved.