The list below shows the minimum set of documents and records required by ISO 22301:2012 (the standard refers to documents and records as documented information):
Documents and Records Evidence Documentation Follow Up
ISO 22301 Found Content Meets Required? Clause Number Requirement Determining the context of the 4.1 organization Procedure for identification of applicable legal and regulatory 4.2.2 requirements List of legal, regulatory and other 4.2.2 requirements Scope of the BCMS (Business Continuity Management System) 4.3 and explanation of exclusions Business continuity policy 5.3 Business continuity objectives 6.2 Competences of personnel 7.2 Communication with interested 7.4 parties Process for business impact 8.2.1 analysis and risk assessment Results of business impact 8.2.2 analysis Results of risk assessment 8.2.3 Business continuity procedures 8.4.1 Incident response procedures 8.4.2 Decision whether the risks and impacts are to be communicated 8.4.2 externally Communication with interested parties, including the national or 8.4.3 regional risk advisory system Records of important information about the incident, 8.4.3 actions taken and decisions made Procedures for responding to 8.4.4 disruptive incidents 1 Checklist of ISO 22301 Mandatory Documentation
Procedures for restoring and
returning business from 8.4.5 temporary measures Results of actions addressing 9.1.1 adverse trends or results Data and results of monitoring 9.1.1 and measurement Results of post-incident review 9.1.2 Results of internal audit 9.2 Results of management review 9.3 Nature of nonconformities and 10.1 actions taken Results of corrective actions 10.1