Structure of Business Continuity Standard

ISO 22301 2019 is a business continuity management standard.
This page outlines the structure of this standard. For a more detailed
please see ISO 22301 2019 Translated into Plain English.

ISO 22301 2019

4. Context

4.1 Understand your organization and its unique context.

4.2 Define the needs and expectations of your interested parties.

4.2.1 Clarify who your interested parties are and specify their requirements.

4.2.2 Consider legal and regulatory requirements when you set up your BCMS.

4.3 Figure out what your BCMS should apply to and clarify its scope.

4.3.1 Think about context, mission, and requirements when you define scope.

4.3.2 Think about what to include and exclude when you define your scope.

4.4 Establish a BCMS in accordance with the requirements of this document.

5. Leadership

5.1 Provide leadership by supporting business continuity management.

5.2 Provide leadership by implementing a business continuity policy.

5.2.1 Provide leadership by establishing a business continuity policy.

5.2.2 Provide leadership by communicating business continuity policy.

5.3 Provide leadership by assigning roles, responsibilities, and authorities.

6. Planning

6.1 Define actions to manage your BCMS risks and opportunities.

6.1.1 Determine risks and opportunities when planning BCMS.

6.1.2 Plan how to address your BCMS risks and opportunities.

6.2 Formulate BC objectives and develop plans to achieve them.

6.2.1 Establish BC objectives at relevant functions and levels.

6.2.2 Plan how to achieve your organization's BC objectives.

6.3 Control how BCMS changes are planned and implemented.

7. Support

7.1 Support your BCMS by providing the necessary resources.

7.2 Support your BCMS by ensuring that people are competent.

7.3 Support your BCMS by making people aware of their duties.

7.4 Support your BCMS by controlling your communications.

7.5 Support your BCMS by managing documented information.

7.5.1 Support BCMS by including necessary documented information.

7.5.2 Support BCMS by managing the use of documented information.

7.5.3 Support BCMS by controlling applicable documented information. Control availability, suitability, confidentiality, and security. Control distribution, storage, modification, and disposition.

8. Operations

8.1 Carry out process planning and establish controls.

8.2 Study disruptions and risks and set your priorities.

8.2.1 Establish processes to analyze impacts and assess risks.

8.2.2 Determine business continuity priorities and requirements.

8.2.3 Assess risks and determine which ones should be treated.

8.3 Develop business continuity strategies and solutions.

8.3.1 Consider risks and business continuity strategies.

8.3.2 Identify business continuity strategies and solutions.

8.3.3 Select business continuity strategies and solutions.

8.3.4 Determine resources needed to implement solutions.

8.3.5 Implement business continuity strategies and solutions.

8.4 Establish business continuity plans and procedures.

8.4.1 Develop a structure to manage operations during disruptions.

8.4.2 Develop a disruption response structure for your organization. Create one or more business disruption response teams. Define roles and responsibilities for disruption response teams. Assign personnel who are capable of responding to disruptions. Appoint capable people and document all response procedures.

8.4.3 Develop procedures to manage communications and warnings. Communicate with interested parties when disruptions occur. Issue warnings and support emergency response organizations.

8.4.4 Develop and maintain business continuity plans and procedures. Plan how to respond to disruptions and how to restore operations. Specify the steps needed to continue activities and manage impacts. Define purpose, scope, objectives, roles, responsibilities, and actions.

8.4.5 Develop and document processes needed to normalize activities.

8.5 Test business continuity strategies and solutions.

8.6 Evaluate your business continuity capabilities.

9. Evaluation

9.1 Monitor, measure, analyze, and evaluate performance.

9.2 Utilize audits to assess conformance and effectiveness.

9.2.1 Carry out internal BCMS audits at planned intervals.

9.2.2 Establish your organization's BCMS audit programme.

9.3 Carry out management reviews at planned intervals.

9.3.1 Plan how to review the performance of your BCMS.

9.3.2 Review the performance of your organization's BCMS.

9.3.3 Summarize the performance of your organization's BCMS. Generate outputs and identify improvement opportunities. Document and share your results and take remedial action.

10. Improvement

10.1 Identify nonconformities and take corrective action.

10.1.1 Determine opportunities to improve and take action.

10.1.2 Take corrective action when nonconformities occur.

10.1.3 Document nonconformities and the actions taken.

10.2 Enhance suitability, adequacy, and effectiveness.


 If you'd like to see how we've translated each of these sections into
Plain English, please check out our more detailed ISO 22301 2019 page.


Introduction to Business Continuity Management

Plain English Business Continuity Management Definitions

How to Establish a Business Continuity Management System

Brief Overview of ISO 22301 2019 Business Continuity Standard

ISO 22301 2019 Business Continuity Management in Plain English

ISO 22301 2012 Business Continuity Management in Plain English

How to do an ISO 22301 2019 Business Continuity Gap Analysis

Plain English Business Continuity Management Checklist

Topics that Business Continuity Plans Should Address

Mini ISO 22301 2019 Business Continuity Audit Tool

ISO 22301 2019 Business Continuity Audit Tool

Knowledge and Skill Auditors Should Have

Our Plain English Approach to ISO 22301

Updated on October 5, 2020. First published on March 23, 2013.

Home Page

Our Library

A to Z Index


How to Order

Our Products

Our Prices


Praxiom Research Group Limited                 780-461-4514

Legal Restrictions on the Use of this Page
Thank you for visiting this webpage. You are, of course, welcome to view our material as often
as you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright 2013 - 2020 by Praxiom Research Group Ltd. All Rights Reserved.

Praxiom Research
        Group Limited