Mandatory documentation for ISO 22301

ISO 22301 certification requires organisations to prove their compliance with the standard with appropriate documentation.

List of documents required for ISO 22301:2012 business continuity management system (BCMS)

You must document:

  • Context of the organisation (4.1)
  • Identification of interested parties and legal and regulatory requirements (4.2)
  • Scope of the business continuity policy (BCMS) (4.3)
  • Business continuity policy (5.3)
  • Business continuity objectives and planning (6.2)
  • Evidence of competence (7.2)
  • Documents necessary to carry out processes as planned (7.2)
  • Business impact analysis procedure (8.2)
  • Evaluation procedure to determine continuity and recovery priorities including assessing impacts (8.2)
  • A formal risk assessment procedure (8.2.3)
  • Identify, analyse and evaluate risks (8.2.3)
  • Procedures to establish and implement business continuity (8.4)
  • Incident response structure including responsibilities and authorities (8.4.2)
  • Business continuity plan (8.4.4)
  • Procedures to return to normal after an incident (8.4.5)
  • Evaluation of business continuity procedures and incident review (9.1)
  • Internal audit (9.2)
  • Management review (9.3)

Auditors will need to confirm each of your organisation’s processes is systematically communicated, understood, executed and effective, so it is likely that your list of documentation will not end here.

Supporting documentation for the BCMS may include a business continuity strategy (8.3) or a corrective action report (10.1).

Where to start with ISO 22301 documentation

Providing the documentation for your BCMS is often the hardest part of achieving ISO 22301 certification. It’s a daunting process and many organisations don’t know where to start.

Accelerate your BCMS implementation project with the ISO 22301 BCMS Documentation Toolkit, which includes:

  • A complete set of mandatory and supporting documentation templates that are easy to use, customisable and fully ISO 22301-compliant;
  • Helpful dashboards and gap analysis tools to ensure complete coverage of the Standard; and
  • Direction and guidance from experienced business continuity consultants.

View the full contents of the toolkit >>

Take a free trial of the toolkit to see how the documents and tools can help you with your ISO 22301 project >>


One Response

  1. Lee 23rd December 2017