ISO 22313 Security and resilience - Business continuity management systems - Guidance
This International Standard provides guidance based on good international practice for creating a business continuity management system (BCMS) in accordance with the requirements set out in ISO 22301. The guidance is intentionally not prescriptive and provides clarity on the requirements of ISO 22301. Its purpose is to expand on and illustrate the requirements in a way that makes them clearer and less confusing. Where appropriate, it provides alternative, acceptable interpretations and identifies the relationships between the different elements of ISO 22301.
The purpose of ISO 22313 is to expand on and illustrate the requirements in a way that makes them clearer and less confusing. Where appropriate, it provides alternative, acceptable interpretations and identifies the relationships between the different elements of ISO 22301.
ISO 22313 is suitable for all sizes and types of organizations, including large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors and can be used to:
- establish, implement, maintain and improve a BCMS
- ensure conformance with the organization's business continuity policy or
- make a self-determination and self-declaration of compliance with this International Standard.
ISO 22313 is not suitable for an organization to assess its BCMS. If an organizations wishes to assess its BCMS and demonstrate to others its conformance or seek certification of its BCMS by an accredited third party certification body, it should use ISO 22301.
Malcolm Cornish (UK), the project leader responsible for the revision of ISO 22313, explains:
"This Standard enables an organization to design a BCMS that is appropriate to its needs and meets the requirements of its interested parties. Such needs and requirements are shaped by legal, regulatory, organizational and industry requirements, the organization's products and services, the processes it employs, the environment in which it operates, the size and structure of the organization and the requirements of its interested parties."
ISO 22313:2020, Security and resilience – Business continuity management systems – Guidance on the use of ISO 22301, is available from ISO national member institutes. It may also be obtained directly from the ISO Central Secretariat, respectively through the ISO Store or by contacting the Marketing, Communication & Information department.