ISO 22301 2019 is a business continuity management standard.
This page outlines the structure of this standard. For a more detailed
version, please see ISO 22301 2019 Translated into Plain English.
4.1 Understand your organization and its unique context.
4.2 Define the needs and expectations of your interested parties.
4.2.1 Clarify who your interested parties are and specify their requirements.
4.2.2 Consider legal and regulatory requirements when you set up your BCMS.
4.3 Figure out what your BCMS should apply to and clarify its scope.
4.3.1 Think about context, mission, and requirements when you define scope.
4.3.2 Think about what to include and exclude when you define your scope.
4.4 Establish a BCMS in accordance with the requirements of this document.
5.1 Provide leadership by supporting business continuity management.
5.2 Provide leadership by implementing a business continuity policy.
5.2.1 Provide leadership by establishing a business continuity policy.
5.2.2 Provide leadership by communicating business continuity policy.
5.3 Provide leadership by assigning roles, responsibilities, and authorities.
6.1 Define actions to manage your BCMS risks and opportunities.
6.1.1 Determine risks and opportunities when planning BCMS.
6.1.2 Plan how to address your BCMS risks and opportunities.
6.2 Formulate BC objectives and develop plans to achieve them.
6.2.1 Establish BC objectives at relevant functions and levels.
6.2.2 Plan how to achieve your organization's BC objectives.
6.3 Control how BCMS changes are planned and implemented.
7.2 Support your BCMS by ensuring that people are competent.
7.3 Support your BCMS by making people aware of their duties.
7.4 Support your BCMS by controlling your communications.
7.5 Support your BCMS by managing documented information.
7.5.1 Support BCMS by including necessary documented information.
7.5.2 Support BCMS by managing the use of documented information.
7.5.3 Support BCMS by controlling applicable documented information.
184.108.40.206 Control availability, suitability, confidentiality, and security.
Control distribution, storage, modification, and disposition.
8.1 Carry out process planning and establish controls.
8.2 Study disruptions and risks and set your priorities.
8.2.2 Determine business continuity priorities and requirements.
8.2.3 Assess risks and determine which ones should be treated.
8.3 Develop business continuity strategies and solutions.
8.3.1 Consider risks and business continuity strategies.
8.3.2 Identify business continuity strategies and solutions.
8.3.3 Select business continuity strategies and solutions.
8.3.4 Determine resources needed to implement solutions.
8.3.5 Implement business continuity strategies and solutions.
8.4 Establish business continuity plans and procedures.
8.4.1 Develop a structure to manage operations during disruptions.
8.4.2 Develop a disruption response structure for your organization.
Create one or more business disruption response teams.
220.127.116.11 Define roles and responsibilities for disruption response teams.
Assign personnel who are capable of responding to disruptions.
18.104.22.168 Appoint capable people and document all response procedures.
8.4.3 Develop procedures to manage communications and warnings.
22.214.171.124 Communicate with interested parties when disruptions occur.
126.96.36.199 Issue warnings and support emergency response organizations.
8.4.4 Develop and maintain business continuity plans and procedures.
188.8.131.52 Plan how to respond to disruptions and how to restore operations.
Specify the steps needed to continue activities and manage
184.108.40.206 Define purpose, scope, objectives, roles, responsibilities, and actions.
8.4.5 Develop and document processes needed to normalize activities.
8.5 Test business continuity strategies and solutions.
8.6 Evaluate your business continuity capabilities.
9.2 Utilize audits to assess conformance and effectiveness.
9.2.1 Carry out internal BCMS audits at planned intervals.
9.2.2 Establish your organization's BCMS audit programme.
9.3 Carry out management reviews at planned intervals.
9.3.1 Plan how to review the performance of your BCMS.
9.3.2 Review the performance of your organization's BCMS.
9.3.3 Summarize the performance of your organization's BCMS.
220.127.116.11 Generate outputs and identify improvement opportunities.
Document and share your results and take remedial action.
10.1.1 Determine opportunities to improve and take action.
10.1.2 Take corrective action when nonconformities occur.
10.1.3 Document nonconformities and the actions taken.
10.2 Enhance suitability, adequacy, and effectiveness.
If you'd like to see how we've translated each of
these sections into
Plain English, please check out our more detailed ISO 22301 2019 page.
Updated on October 5, 2020. First published on March 23, 2013.
Praxiom Research Group Limited firstname.lastname@example.org 780-461-4514
Legal Restrictions on the Use of this Page
Copyright © 2013 - 2020 by Praxiom Research Group Ltd. All Rights Reserved.