ISO 22301

FAQ’s
 ISO 22301 FAQ’s

01. What is ISO 22301?

ISO 22301 is a management system standard intended for organizations of all sizes and types.
It provides requirements for the implementation, maintenance, and improvement of a business
continuity management system (BCMS) so as to enable the organization to protect against,
prepare for, respond to, and recover from disruptive events.

What are the requirements of ISO 22301 for a business

02.
continuity management system?

ISO 22301 is structured upon the basis of the high-level structure (HLS), a common structure
of ISO management system standards which contains a set of 10 generic clauses. Clauses 1
to 3 consist of the Scope, Normative References, and the Terms and Definitions, while clauses
4 to 10 include the requirements (Context of the Organization, Leadership, Planning, Support,
Operation, Performance Evaluation, and Improvement) that an organization must comply with
when wishing to obtain certification against this standard.

03. What is business continuity?

Business continuity is an organization’s ability to continue the delivery of its products or

services in a timely manner during and after the occurrence of a disruption and ensure that its
key activities and resources are not severely affected by those disruptions

04. What is a business continuity management system (BCMS)?

A business continuity management system helps organizations identify their risk of exposure to
internal and external threats. It intends to provide the organization with the ability of effectively
respond to unplanned threats and protect the business interests of the organization. It includes
disaster recovery, crisis management, incident management, emergency management,
contingency planning etc.

05. What’s the difference between business continuity

management and disaster recovery?

Even though business continuity and disaster recovery are closely linked, they are not the
same thing. Business continuity is the organization’s ability to continue its operations and
ensure that its key activities are not affected by disruptive events, whereas disaster recovery
is the process of recovering to a state of normality after the occurrence of a disaster. Disaster
recovery is a subset of business continuity.
 ISO 22301 FAQ’s

06. What is a business continuity plan (BCP)?

A business continuity plan is a document which contains information on the critical functions
and processes of the organization, identifies the systems and processes that must be sustained,
and provides details on their maintenance by considering any possible business disruption.

07. What is a business impact analysis (BIA)?

Business impact analysis is a systematic process of analyzing and assessing the potential
effects of a disaster, accident, or emergency on the organization’s critical activities. It is a key
component of the business continuity plan. Additionally, it involves an exploratory component
to detect any vulnerabilities and a planning component to establish strategies for risk
minimization.

08. What are the benefits of an ISO 22301 certification?

An ISO 22301 certification brings several benefits to organizations, such as:

Predictable and effective response to crises

Protection of people

Maintenance of vital activities of the organization

Enhanced organizational resilience

Better understanding of the organization

Cost reduction

Protection of reputation and brand

Customer confidence

Competitive advantage

Legal and regulatory compliance

Contractual compliance

09. What is the relationship between ISO 22301 and ISO 27001?

Business continuity management is included in information security management, respectively,

ISO 27001. These standards are fully compatible since they contain almost identical elements
such as: internal audits, management review, corrective actions etc. However, ISO 27001 does
not provide information on how to implement business continuity management, therefore, the
organizations should implement ISO 22301 BCMS.