Professional Documents
Culture Documents
FAQ’s
ISO 22301 FAQ’s
ISO 22301 is a management system standard intended for organizations of all sizes and types.
It provides requirements for the implementation, maintenance, and improvement of a business
continuity management system (BCMS) so as to enable the organization to protect against,
prepare for, respond to, and recover from disruptive events.
ISO 22301 is structured upon the basis of the high-level structure (HLS), a common structure
of ISO management system standards which contains a set of 10 generic clauses. Clauses 1
to 3 consist of the Scope, Normative References, and the Terms and Definitions, while clauses
4 to 10 include the requirements (Context of the Organization, Leadership, Planning, Support,
Operation, Performance Evaluation, and Improvement) that an organization must comply with
when wishing to obtain certification against this standard.
A business continuity management system helps organizations identify their risk of exposure to
internal and external threats. It intends to provide the organization with the ability of effectively
respond to unplanned threats and protect the business interests of the organization. It includes
disaster recovery, crisis management, incident management, emergency management,
contingency planning etc.
Even though business continuity and disaster recovery are closely linked, they are not the
same thing. Business continuity is the organization’s ability to continue its operations and
ensure that its key activities are not affected by disruptive events, whereas disaster recovery
is the process of recovering to a state of normality after the occurrence of a disaster. Disaster
recovery is a subset of business continuity.
ISO 22301 FAQ’s
A business continuity plan is a document which contains information on the critical functions
and processes of the organization, identifies the systems and processes that must be sustained,
and provides details on their maintenance by considering any possible business disruption.
Business impact analysis is a systematic process of analyzing and assessing the potential
effects of a disaster, accident, or emergency on the organization’s critical activities. It is a key
component of the business continuity plan. Additionally, it involves an exploratory component
to detect any vulnerabilities and a planning component to establish strategies for risk
minimization.
09. What is the relationship between ISO 22301 and ISO 27001?