ISO 22301
          2019 Translated into Plain English

ISO 22301 2019 is an international business continuity management standard.
Use it to ensure that operations continue and that products and services are
delivered at predefined levels, that brands and value creating activities are
protected, and that the reputations and interests of key stakeholders
are safeguarded whenever serious business disruptions occur.

 
This page presents a Plain English overview of ISO 22301 2019.
  It also provides a detailed pdf sample of our Plain English Product.

4. Context

4.1 Understand your organization and its unique context

•  Identify and understand your organization's unique context.

• Identify and understand your organization's context before you
establish its business continuity management system (BCMS).

• Consider the external issues that are relevant to your organization's
purpose and think about the influence these issues could have on
its BCMS and the outcomes it intends to achieve.

• Consider the internal issues that are relevant to your organization's
purpose and think about the influence these issues could have on
its BCMS and the outcomes it intends to achieve.

4.2 Define the needs and expectations of interested parties

4.2.1 Clarify who your interested parties are and specify their requirements

•  Identify the parties that have an interest in your BCMS.

•  Determine all relevant interested party requirements.

4.2.2 Consider legal and regulatory requirements when you establish BCMS

•  Implement a process to manage your legal and regulatory continuity requirements.

•  Use your process to identify all applicable legal and regulatory continuity requirements.

•  Use your process to access all applicable legal and regulatory continuity requirements.

•  Use your process to assess all applicable legal and regulatory continuity requirements.

•  Use your process to document all applicable legal and regulatory continuity requirements.

•  Use your process to comply with applicable legal and regulatory continuity requirements.

•  Maintain a process to manage your legal and regulatory continuity requirements.

•  Use your process to maintain all applicable legal and regulatory continuity requirements.

4.3 Figure out what your BCMS should apply to and clarify its scope

4.3.1 Think about context, mission, and requirements when you define scope

•  Clarify the scope of your organization’s BCMS.

•  Consider your organization’s context when you define the scope of its BCMS.

•  Consider your organization’s mission when you define the scope of its BCMS.

•  Consider your organization’s obligations when you define the scope of its BCMS.

•  Consider your organizations’ requirements when you define the scope of its BCMS.

•  Document the scope of your organization’s BCMS.

•  Determine what your organization’s BCMS should apply to.

•  Determine the boundaries of your organization’s BCMS.

4.3.2 Think about what to include and exclude when you define your scope

•  Think about what your organization’s BCMS should include.

•  Identify the products and services that should be included.

•  Identify the parts of the organization that should be included.

•  Think about what your organization’s BCMS should exclude.

•  Make sure that you document and explain what was excluded.

4.4 Establish a BCMS in accordance with the requirements of this document

•  Establish a BCMS in accordance with ISO 22301.

•  Establish the processes that your BCMS needs.

•  Implement your BCMS in accordance with ISO 22301.

•  Maintain your BCMS in accordance with ISO 22301.

•  Improve your BCMS in accordance with ISO 22301.

5. Leadership

5.1 Provide leadership by supporting business continuity management

•  Provide leadership by demonstrating a commitment to BCMS.

•  Make sure that a business continuity policy is established.

•  Make sure that business continuity objectives are formulated.

•  Make sure that business continuity outcomes are determined.

•  Make sure that continuity requirements are being met.

•  Make sure that business continuity resources are allocated.

•  Provide leadership by communicating a commitment to BCMS.

5.2 Provide leadership by implementing a business continuity policy

5.2.1 Provide leadership by establishing a business continuity policy

•  Establish a business continuity policy for your organization.

•  Make sure that it serves and supports your organization’s purpose.

•  Make sure that it can be used to set business continuity objectives.

•  Make sure that it makes a commitment to satisfy requirements.

•  Make sure that it emphasizes the need to continually improve.

5.2.2 Provide leadership by communicating business continuity policy

•  Document your organization’s business continuity policy.

•  Communicate your organization’s business continuity policy.

5.3 Provide leadership by assigning roles, responsibilities, and authorities

•  Assign responsibility and authority for carrying out all business continuity functions.

•  Communicate business continuity management roles, responsibilities, and authorities.

6. Planning

6.1 Define actions to manage your BCMS risks and opportunities

6.1.1 Determine risks and opportunities when planning BCMS

•  Plan the development of your organization’s BCMS.

•  Determine the risks and opportunities that could
affect your BCMS or influence its performance.

• Consider how context could affect how well
BCMS is able to achieve intended outcomes.

• Consider how requirements could affect how well
the BCMS is able to achieve intended outcomes.

• Consider how interested parties could affect how
well BCMS is able to achieve intended outcomes.

•  Figure out what you need to do to address the
risks and opportunities that affect your BCMS.

6.1.2 Plan how to address BCMS risks and opportunities

•  Plan actions to address BCMS risks and opportunities.

•  Plan actions to ensure that your BCMS will be effective.

•  Figure out how you're going to implement these actions.

•  Figure out how you're going to evaluate these actions.

6.2 Formulate BC objectives and develop plans to achieve them

6.2.1 Establish BC objectives at relevant functions and levels

•  Clarify criteria for setting business continuity (BC) objectives.

•  Formulate your organization’s business continuity objectives.

•  Maintain your organization's business continuity objectives.

6.2.2 Plan how to achieve your organization's BC objectives

•  Establish plans to achieve business continuity objectives.

•  Plan how you’re going to evaluate business continuity results.

6.3 Control how BCMS changes are planned and implemented

•  Determine opportunities to change BCMS.

•  Identify opportunities to improve your BCMS.

•  Identify opportunities to correct your BCMS.

•  Plan changes to your organization’s BCMS.

•  Implement changes to your organization’s BCMS.

7. Support

7.1 Support your BCMS by providing the necessary resources

•  Identify the resources that your BCMS needs.

•  Provide the resources that your BCMS needs.

7.2 Support your BCMS by ensuring that people are competent

•  Identify the competence requirements of the people
under your organization's control who have an impact
on its business continuity performance.

•  Acquire necessary competence whenever current personnel
fail to meet your organization's competence requirements.

•  Evaluate the effectiveness of any actions taken to
acquire the competence your organization needs.

7.3 Support your BCMS by making people aware of their duties

•  Make your organization’s personnel aware of their BCMS.

•  Identify people working under your organization’s control.

•  Make sure that they are aware of the business continuity policy.

•  Make sure that they understand their approach to continuity.

7.4 Support your BCMS by controlling your communications

•  Support your BCMS by managing BCMS communications.

•  Support BCMS by establishing BCMS communication systems.

•  Support your BCMS by encouraging effective communication.

7.5 Support your BCMS by managing documented information

7.5.1 Support BCMS by including necessary documented information

•  Figure out how extensive documented BCMS information should be.

•  Consider your size when you establish your documents.

•  Consider your services when you establish your documents.

•  Consider your products when you establish your documents.

•  Consider your activities when you establish your documents.

•  Consider your resources when you establish your documents.

•  Consider your personnel when you establish your documents.

•  Consider your processes when you establish your documents.

•  Select all the documented information that your BCMS needs.

•  Select all the internal documents that your BCMS needs.

•  Select all the external documents that your BCMS needs.

7.5.2 Support BCMS by managing the use of documented information

•  Manage the creation and modification of documented information.

•  Make sure that documents are suitably identified and described.

•  Make sure that documents are suitably formatted and presented.

•  Make sure that documents are suitably reviewed and approved.

7.5.3 Support BCMS by controlling applicable documented information

7.5.3.1 Control availability, suitability, confidentiality, and security

•  Select the documented BCMS information that needs to be controlled.

•  Select all of the documents that you need in order to protect
the confidentiality, integrity, and use of BCMS information.

•  Select the BCMS documents and records that ISO 22301 requires.

•  Control all the documented information that your BCMS needs.

•  Control all the internal documents that your BCMS needs.

•  Control all the external documents that your BCMS needs.

7.5.3.2 Control distribution, storage, modifications, and disposition

•  Control how documented BCMS information is controlled.

•  Control how documented BCMS information is created.

•  Control how documented BCMS information is identified.

•  Control how documented BCMS information is stored.

•  Control how documented BCMS information is distributed.

•  Control how documented BCMS information is retrieved.

•  Control how documented BCMS information is accessed.

•  Control how documented BCMS information is protected.

•  Control how documented BCMS information is changed.

•  Control how documented BCMS information is used.

•  Control how documented BCMS information is preserved.

8. Operations

8.1 Carry out process planning and establish controls

•  Establish internal BCMS processes for your organization.

•  Plan the development of your internal BCMS processes.

•  Develop your organization's internal BCMS processes.

•  Implement your organization's internal BCMS processes.

•  Control your organization's internal BCMS processes.

•  Maintain your organization's internal BCMS processes.

•  Establish external BCMS processes for your organization.

•  Control your outsourced business continuity processes.

8.2 Study disruptions and risks and set your priorities

8.2.1 Establish processes to analyze impacts and assess risks

•  Establish a process for analyzing the impact that business disruptions could cause.

•  Implement a process for analyzing impact that business disruptions could cause.

•  Maintain process for analyzing the impact that business disruptions could cause.

•  Carry out a review of your organization’s impact analyses whenever necessary.

•  Establish a process for assessing the risk that business activities could be disrupted.

•  Implement process for assessing the risk that business activities could be disrupted.

•  Maintain a process for assessing the risk that business activities could be disrupted.

•  Carry out a review of risk assessments whenever it is necessary or appropriate.

8.2.2 Determine business continuity priorities and requirements

•  Implement a process for analyzing the impact business disruptions cause.

•  Identify the activities that support the provision of products and services.

•  Consider activity disruptions and assess the associated business impacts.

•  Use your business impact analysis to determine business continuity priorities.

•  Use your organization’s business impact analysis to identify prioritized activities.

8.2.3 Assess risks and determine which ones should be treated

•  Implement a business continuity risk assessment process.

•  Establish a process to assess the risk that business activities will be disrupted.

•  Identify the risk that prioritized activities and related resources will be disrupted.

•  Set up a process to determine which business continuity risks require treatment.

•  Use this process to determine which continuity risks need to be treated.

8.3 Develop business continuity strategies and solutions

8.3.1 Consider risks and business continuity strategies

•  Consider outputs from business impact analysis and risk assessment.

•  Consider the impacts that would result if activities are disrupted.

•  Consider prioritized activities and related resource requirements.

•  Consider the business continuity risks that require treatment.

•  Consider strategic options before, during, and after disruptions.

8.3.2 Identify business continuity strategies and solutions

•  Identify your business continuity strategies and solutions.

•  Consider strategic options that allow business to continue.

•  Consider options that allow you to manage prioritized activities.

•  Consider options that allow you to manage business disruption.

•  Consider options that allow you to manage related resources.

8.3.3 Select business continuity strategies and solutions

•  Select your business continuity strategies and solutions.

•  Select strategies and solutions that allow you to recover prioritized activities.

•  Select strategies and solutions that allow you to consider your risk tolerance.

•  Select strategies and solutions that allow you to consider costs and benefits.

8.3.4 Determine resources needed to implement solutions

•  Determine the resources needed to implement solutions.

•  Consider your organization’s personnel requirements.

•  Consider your organization’s equipment requirements.

•  Consider your organization’s consumables requirements.

•  Consider your organization’s information requirements.

•  Consider your organization’s financial requirements.

•  Consider your organization’s logistical requirements.

•  Consider your organization’s technology requirements.

•  Consider your organization’s infrastructure requirements.

•  Consider your organization’s external requirements.

8.3.5 Implement business continuity strategies and solutions

•  Implement your organization’s business continuity solutions.

•  Maintain solutions so that they can be activated when needed.

8.4 Establish business continuity plans and procedures

8.4.1 Establish a structure to manage operations during disruptions

•  Develop a business continuity structure for your organization.

•  Use this structure to manage your organization during a disruption.

•  Implement your organization’s business continuity structure.

•  Use your plans and procedures to manage your organization during a disruption.

•  Use your communications plans and procedures to interact with interested parties.

8.4.2 Establish a disruption response structure for your organization

8.4.2.1 Create one or more business disruption response teams

•  Implement a disruption response structure for your organization.

•  Establish disruption response teams for your organization.

8.4.2.2 Define roles and responsibilities for disruption response teams

•  Specify roles and responsibilities for each disruption response team.

•  Specify how each response team must interact with every other team.

8.4.2.3 Assign personnel who are capable of responding to disruptions

•  Assign people who are capable of responding to disruptions.

•  Assign people who can assess the nature and extent of disruption.

•  Assign people who can establish continuity response priorities.

•  Assign people who can determine if a response is justified.

•  Assign people who can communicate with interested parties.

•  Assign people who can monitor disruptions and responses.

8.4.2.4 Appoint capable people and document all response procedures

•  Assign competent personnel to carry out response responsibilities.

•  Document procedures used to guide your response to disruptions.

8.4.3 Develop procedures to manage communications and warnings

8.4.3.1 Communicate with interested parties when disruptions occur

•  Develop procedures to control communications when disruptions occur.

•  Figure out how emergency communications should be managed.

•  Figure out how emergency communications should be handled.

•  Figure out how emergency communications should be performed.

•  Figure out how emergency communications should be protected.

•  Figure out how emergency communications should be recorded.

•  Implement your disruption communication procedures.

•  Use your procedures to communicate with internal parties.

•  Use your procedures to communicate with external parties.

8.4.3.2 Issue warnings and support emergency response organizations

•  Consider issuing warnings and alerts whenever this is applicable.

•  Consider ensuring that emergency responders are effective.

8.4.4 Develop and maintain business continuity plans and procedures

8.4.4.1 Plan how to respond to disruptions and how to restore operations

•  Document and maintain business continuity plans and procedures.

•  Use these plans and procedures to guide continuity activities.

•  Use these plans and procedures to guide response activities.

8.4.4.2 Specify the steps needed to continue activities and manage impacts

•  Develop detailed business continuity plans and procedures.

•  Specify the steps needed in order to manage continuity.

•  Specify the steps needed in order to control responses.

•  Specify the steps needed in order to restore operations.

•  Specify the steps needed in order to manage consequences.

8.4.4.3 Define purpose, scope, objectives, roles, responsibilities, and actions

•  Define purpose, scope, and objectives for each business continuity plan.

•  Define team roles and responsibilities for each business continuity plan.

•  Define internal interdependencies for each business continuity plan.

•  Define needs and requirements for each business continuity plan.

•  Define the actions needed to implement each business continuity plan.

8.4.5 Develop and document processes needed to normalize activities

•  Identify temporary measures adopted during and after disruptions.

•  Document processes needed to replace temporary measures with more
suitable ones needed to return your business activities back to normal.

8.5 Test business continuity strategies and solutions

•  Implement a business continuity exercise and test programme.

•  Validate the effectiveness of your business continuity
strategies and solutions over an extended period of time.

•  Generate post-exercise reports that contain outcomes,
recommended actions, and improvement opportunities.

•  Use your post-exercise reports to improve your
business continuity strategies and solutions.

8.6 Evaluate your business continuity capabilities

•  Clarify your approach to business continuity evaluation.

•  Figure out how continuity capabilities will be evaluated.

•  Figure out when continuity capabilities should be evaluated.

•  Evaluate business continuity capabilities and compliance.

•  Evaluate business continuity capabilities and documents.

•  Evaluate business continuity compliance and conformance.

9. Evaluation

9.1 Monitor, measure, analyze, and evaluate performance

•  Plan how to assess the performance and effectiveness of your BCMS.

•  Determine how to monitor BCMS performance and effectiveness.

•  Determine how to measure BCMS performance and effectiveness.

•  Determine how to analyze BCMS performance and effectiveness.

•  Determine how to evaluate BCMS performance and effectiveness.

•  Assess the performance and effectiveness of your BCMS.

•  Monitor the performance and effectiveness of your BCMS.

•  Measure the performance and effectiveness of your BCMS.

•  Analyze the performance and effectiveness of your BCMS.

•  Evaluate the performance and effectiveness of your BCMS.

9.2 Utilize audits to assess conformance and effectiveness

9.2.1 Carry out internal BCMS audits at planned intervals

•  Audit conformance and effectiveness at planned intervals.

•  Determine if BCMS conforms to relevant requirements.

•  Examine the effectiveness of your organization's BCMS.

9.2.2 Establish your organization's BCMS audit programme

•  Establish your organization's internal audit programme.

•  Establish internal audit responsibilities and authorities.

•  Establish your organization’s internal audit philosophy.

•  Establish your internal audit planning expectations.

•  Establish your internal audit work plans and schedules.

•  Establish your internal audit reporting requirements.

9.3 Carry out management reviews at planned intervals

9.3.1 Plan how to review the performance of your BCMS

•  Ask top management to review your organization’s BCMS.

•  Schedule BCMS management reviews at planned intervals.

9.3.2 Review the performance of your organization's BCMS

•  Review suitability, adequacy, and effectiveness of BCMS.

•  Review business continuity feedback and communications.

•  Review business continuity purpose and objectives.

•  Review business continuity policy and procedures.

•  Review business continuity disruptions and near-misses.

•  Review business continuity monitoring and measurement.

•  Review business continuity assessment and evaluation results.

•  Review business continuity capabilities and readiness.

•  Review business continuity improvement opportunities.

9.3.3 Summarize the performance of your organization's BCMS

9.3.3.1 Generate outputs and identify improvement opportunities

•  Consider management review inputs and generate outputs.

•  Consider whether BCMS performance needs to be improved.

•  Consider the issues that could influence BCMS performance.

•  Consider what needs to be done to improve BCMS performance.

9.3.3.2 Document and share your results and take remedial action

•  Document the results of your management reviews.

•  Discuss your results with relevant interested parties.

•  Consider your results and take the appropriate action.

10. Improvement

10.1 Identify nonconformities and take corrective action

10.1.1 Determine opportunities to improve and take action

•  Identify opportunities to improve your 
BCMS and achieve its intended outcomes.

•  Use internal audit results to identify opportunities to
improve your BCMS and achieve its intended outcomes.

•  Use management review results to identify opportunities
to improve your BCMS and achieve its intended outcomes.

•  Use performance evaluation results to identify opportunities
to improve your BCMS and achieve its intended outcomes.

•  Take all necessary steps to improve your 
BCMS and achieve its intended outcomes.

10.1.2 Take corrective action when nonconformities occur

•  React to nonconformities when they occur.

•  Correct and control your nonconformities.

•  Evaluate the need for corrective action.

•  Develop appropriate corrective actions.

•  Implement appropriate corrective actions.

•  Review the effectiveness of actions taken.

10.1.3 Document nonconformities and the actions taken

•  Document your organization's nonconformities.

•  Document the actions taken to address nonconformities.

•  Document your organization's corrective action results.

10.2 Enhance suitability, adequacy, and effectiveness

•  Consider whether your organization’s BCMS needs to improve.

•  Study both qualitative and quantitative measurement results.

•  Use your measurement results to determine improvements.

•  Improve the suitability, adequacy, and effectiveness of your BCMS.

 
Attention

This page summarizes the ISO 22301 2019 standard. It highlights
the main points. It does not present detail. To get the complete
Plain English standard, please consider purchasing our
Title 40:
ISO 22301 2019 Translated into Plain English.

Title 40 is detailed, accurate, and complete. It uses language
that is clear, precise, and easy to understand. We guarantee it

Title 40 is 77 pages long and comes in both pdf and MS doc file formats.

Also see a PDF Sample of ISO 22301 2019 Translated into Plain English

Title 40 Contents

Place an Order

Check Prices

Product License


OTHER ISO 22301 PAGES

Introduction to ISO 22301 2019 Standard

Plain English Business Continuity Definitions

Plain English Overview of ISO 22301 2019 Standard

How to Create a Business Continuity Management System

Structure of the ISO 22301 2019 Business Continuity Standard

Our Plain English ISO 22301 2019 Business Continuity Checklist

ISO 22301 2012 Business Continuity Standard in Plain English

How to do ISO 22301 2019 Business Continuity Gap Analysis

Topics that Business Continuity Plans Should Address

Mini ISO 22301 2019 Business Continuity Audit Tool

ISO 22301 2019 Business Continuity Audit Tool

Knowledge and Skill Auditors Should Have

Our Plain English Approach to ISO 22301

OTHER STANDARDS

Cybersecurity Standard

Internal Auditing Standard

Risk Management Standard

Quality Management Standard

Service Management Standard

Process Management Standard

Food Safety Management Standard

Environmental Management Standard

Occupational Health and Safety Standard

Software Quality Management Standard

Information Security Management Standard

Supply Chain Security Management Standard


Home Page

Our Library

A to Z Index

Customers

How to Order

Our Products

Our Prices

Guarantee

Praxiom Research Group Limited       help@praxiom.com       780-461-4514

 Updated on October 5, 2020. First published on August 31, 2020.

Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use. But, you are not
 legally authorized to print or produce additional copies or to copy and paste
 any of our material onto another web site or to republish it in any way.

Copyright © 2020 by Praxiom Research Group Limited. All Rights Reserved.

First Edmonton Place, 14th Floor, 10665 Jasper                    Avenue, Edmonton, Alberta, T5J 3S9, Canada