▷ISO22301 (BCMS)

1. General

This International Standard specifies requirements for setting up and managing an effective Business Continuity Management System (BCMS)

A BCMS emphasizes the importance of

  • understanding the organization’s needs and the necessity for establishing business continuity management policy and objectives
  • implementing and operating controls and measures for managing an organization’s overall capability to manage disruptive incidents
  • monitoring and reviewing the performance and effectiveness of the BCMS, and
  • continual improvement based on objective measurement

A BCMS, like any other management system, has the following key components:

  1. a policy
  2. people with defined responsibilities
  3. management processes relating to
    1) policy
    2) planning
    3) implementation and operation
    4) performance assessment
    5) management review, and
    6) improvement
  4. documentation providing auditable evidence: and
  5. any business continuity management processes relevant to the organization.


This International Standard applies the “Plan-Do-Check-Act” (PDCA) model to planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving the effectiveness of an organization’s BCMS.

This ensures a degree of consistency with other management systems standards, such a sISO9001 quality management, ISO114001 environmental management system, ISO/IEC 27001 information security management systems, ISO/IEC 20000-1 information technology ? Service management, and ISO28000 specification for security management systems for the supply chain, thereby supporting consistent and integrated implantation and operation with related management systems.

Figure1 illustrates how a BCMS takes as inputs interested parties, requirements for continuity management and, through the necessary actions and processes, produces continuity outcomes (i.c. managed business continuity) that meet those requirements.

Table1 – Explanation of OCDA model

Establish business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity in order to deliver results that align with the organization’s overall policies and objectives
(Implement and operate)
Implement and operate the business continuity policy, controls, processes and procedures
(Monitor and review)
Monitor and review performance against business continuity policy and objectives, report the results to management for reviews, and determine and authorize actions for remediation and improvement
(Maintain and improve)
Maintain and improve the BCMS by taking corrective action, based on the results of management review and reappraising the scope of the BCMS and business continuity policy and objectives

was accredited by IAFCB