This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

ISO22301 (ISO 22301) Business Continuity Standard

ISO/IEC 22301:2012 sets out the requirements for a business continuity management system (BCMS) and is considered the only credible framework for effective business continuity management in the world.

By creating a BCMS aligned with ISO 22301, organisations are best prepared for a disruptive incident.

Effective business continuity management means an organisation can resume operations and return to ‘business as usual’ as quickly as possible after a disruptive incident (for example, a cyber attack or power failure).

An ISO 22301-aligned BCMS will include disaster recovery plans that focus on the recovery of specific operations, functions, sites, services or applications.

For advice and guidance on implementing a BCMS into your organisation, or to find out more about the solutions we offer, get in touch with one our experts today.

Speak to an expert

What is a business continuity management system (BCMS)?

A BCMS is a comprehensive approach to organisational resilience. It enables organisations to update, control and deploy effective plans, taking into account organisational contingencies and capabilities, as well as the business needs (product- and service- requirements).

A BCMS helps the business to cope with incidents affecting all of the organisation’s business-critical processes and activities, from the failure of a single server to the complete loss of a major facility.

Purchase a copy of ISO/IEC 22301:2012 (PDF) here.

What is the difference between business continuity management and disaster recovery?

Disaster recovery management (DRM) usually takes place within the context of business continuity management. Disaster recovery plans are often relatively technical and will focus on the recovery of specific operations, functions, sites, services or applications. Best practice for disaster recovery is also set out in ISO/IEC 22301.

Business continuity management makes sure that a business can continue to function while recovering from the disaster. DRM, meanwhile, is a process of returning a business or organisation to a state of normality after a disastrous event. This will ordinarily incorporate business continuity, but the focus is on total recovery.

What is the difference between a business continuity plan and a BCMS?

A BCMS is a comprehensive approach to organisational resilience. It allows organisations to update, control and deploy effective plans, taking into account organisational contingencies, capabilities and business needs (product and service requirements).



Based on analysis


Regularly tested


Requires regular review and management


Awareness organisation-wide, embedded in the culture and deployed throughout the business


Business Continuity Plan

Based on guesswork




Can become outdated


Lack of organisational awareness, deployed in a limited division of the organisation, and not part of the culture.

What are the benefits of business continuity management and ISO 22301?

Optimally recover from a potentially damaging and disruptive incident.


Protect your organisation’s turnover, profits and reputation due to improved resilience and preparedness.


Achieve regulatory and governance requirements where business continuity management is a necessity (e.g. Director’s Duties of the Companies Act, the UK Corporate Governance Code, the Civil Contingencies Act and the UK SRA Code of Conduct).


Reduce the cost of business interruption insurance cover based on actual analysis of your organisational risk exposure.


Receive independently audited assurance that your business has established the necessary measures to respond to a potential disaster.


Meet the demands of clients across the supply chain.


Read more about the advantages of ISO 22301 and business continuity management.

The business continuity management lifecycle

Implementing a BCMS aligned to ISO 22301 will include the following elements and supporting processes:

  • Scope the project and develop the business case
  • Get board commitment and secure the necessary budget
  • Develop internal competence
  • Undertake the development of documentation and documentation control
  • Establish roles and responsibilities
  • Undertake internal and external communications
  • Establish staff awareness programmes
  • Conduct a risk assessment
  • Undertake a business impact analysis (BIA)
  • Develop business continuity plans and strategy
  • Conduct BCM testing
  • Ongoing review and maintenance
  • Get certified

ISO 27031 – ICT continuity best practice

ISO/IEC 27031 – Guidelines for ICT readiness for business continuity – is the international standard for information and communication technology (ICT) service continuity management, and forms part of the ISO 27001 family of standards for information security.

Section A.17.1 of Annex A of ISO 27001 requires that organisations develop business continuity procedures to support its information security management system (ISMS).

ISO 27031 provides additional recommendations specifically for ICT continuity management when aligning to ISO 27001 or ISO 22301 and covers all events and incidents (including security-related events) that could impact ICT infrastructure and systems.

Note that ISO 27031 is not a certifiable standard, but rather a best-practice guideline for achieving business continuity of ICT systems.

Purchase the ISO 27031 standard here >>>

Assess your BCM arrangements

Get a true picture of how effective your organisations BCM arrangements are with an ISO 22301 Gap Analysis. Receive an expert assessment of how your business continuity plans and procedures align with the best-practice outlined in ISO 22301, and ensure your organisation is fully prepared to recover from a disruptive incident.

Contact us for a free, no obligation quote today >>>

Let’s get started on your business continuity management project

IT Governance has the widest range of affordable solutions that are easy to use and ready to deploy, alternatively, browse our free resources.

Download free information on Business continuity management/ ISO 23301

Business continuity management/ ISO 23301 solutions

Speak to an expert

Whatever the nature or size of your problem, we are here to help. Get in touch today using one of the contact methods below.