ISO 22301 Security and resilience - Business continuity management systems - Requirements

This project will revise ISO 22301 which was first published in 2012. The first version of the standard has been widely used all over the world and adopted by numerous countries. ISO is now aiming to make the standard even better.

Incidents can disrupt an organization at any time and applying ISO 22301 will ensure that organizations can respond and continue its operations. Incidents take many forms ranging from large scale natural disasters and acts of terror to technology-related accidents and environmental incidents. However, most incidents are small but can have a significant impact and that makes business continuity management relevant at all times. This has led to a global awareness that organizations in the public and private sectors must know how to prepare for and respond to unexpected and disruptive incidents.

ISO 22301 addresses business continuity management to contribute making organizations in both public and private sectors more resilient. It provides a framework to plan, establish, implement, operate, monitor, review, maintain and continually improve a business continuity management system (BCMS). It helps organizations, regardless of their size, location or activity, to be better prepared and more confident to handle disruption of any type. ISO 22301 assists organizations in the design of a BCMS that is appropriate to its needs and meets its stakeholders’ requirements. These needs are shaped by legal, regulatory, organizational and industry factors, the organization's products and services, its size and structure, its processes, and its stakeholders.

ISO 22301 may also be used for third-party certification as well as for self assessment. To help users get the best out of the standard, it includes short and concise requirements describing the central elements of BCM.

Saul Midler (Australia), the project leader responsible for the revision of ISO 22301, explains:

"As time moves forward, our experience and understanding of Business Continuity Management continues to develop. While the standard provides the systematic approach for BCM, each country, each organisation and each practitioner has undertaken BCM in their own way. This creates a wonderful opportunity to take stock of the experience gained from across the global BCM community to identify opportunities for aligning ISO 22301 with today’s BCM thinking. The mechanics of the ISO processes requests that a Systematic Review be undertaken every 5 years and, you may be surprised to realise, ISO22301 is 5 years old.

As you can imagine all contributors will have a substantiated opinion on what BCM is in 2017 and how it has changed since 2012. My aim is to produce the best ISO22301:2018 as possible. So, its important to have defensible (well as defensible as possible) criteria to apply to each change. We must take into consideration the ramifications of making change to ISO22301 especially given its place as the foundation stone reference for all BC related standards. This includes the tight relationship with ISO 22313 – I’m looking really forward to working with Malcolm Cornish (project lead for the revision of ISO 22313) to ensure we maintain all the right integration points."

Working Group 2 is responsible for this project and is looking for more experts with expertice in BCM. If you wish to join the project team, please contact your National Standards Body.  

Upcoming events

WG 4 meeting (NWIP)
17 Dec, WebEx

WG 2 meeting (ISO 22313)
15-17 January, London

Communication Group meeting, 
[TBD] February, Zoom 

WG 3 meeting,
[TBD] March 2019, Calgary

WG 2 meeting,
[TBD] May 2019 [TBD]

7th ISO/TC 292 plenary meeting
[TBD] September, in Bangkok, Thailand 2019

8th ISO/TC 292 plenary meeting
[TBD] June, 2020, in Berlin, Germany