Training Catalogue

    ISO 22301:2012 – Business Continuity Management Systems

    Murphy’s law: “Anything that can go wrong, will go wrong” and that’s when you need a Business continuity Management system to keep key operations going.

    A business can suffer disruption at any time, how exactly this disruption is handled depends a lot on whether there is a Business Continuity Management System (BCMS) in place. Disruptions can ultimately result in revenue loss, data risk breakdowns and a failure to deliver normal client services. This is where ISO 22301:2012 becomes relevant.

    Developed in 2012 by ISO Technical Committee 223 (ISO/TC 223), ISO 22301:2012 is the world’s first international business continuity management standard. The purpose of which is to provide a guide on how to set up and manage a BCMS.  By definition, business continuity is: The ability of the key operations of a firm to continue without stoppage, irrespective of the adverse circumstances or events ( )

    What is it used for?

    ISO 22301:2012 specifies all the requirements related to a documented management system to protect against, reduce the likelihood of an occurrence, prepare for, respond to, and recover from disruptive incidents. This includes planning, establishment, implementation, monitoring, maintenance and ongoing improvement. Ultimately, it cancels and replaces BS25999, the old business continuity standard.

    The main goal of this standard is to ensure that the business isn’t affected by any unexpected events such as a flood or cyber-attack. It specifies the requirements for a management system to protect against disruptions and ensure that the business recovers from any disruptive incidents as quickly as possible.

    Who can use it?

    While ISO 22301:2012 is applicable to any organisation, regardless of its size or industry, it is particularly useful for organisations that operate in high-risk environments such as financial services, transportation, telecom, and food production. Additionally, businesses that are unable to function properly during a disruption can benefit from this standard. An IT company, for example, will be unable to function during a power outage.


    According to
    Blue Kaizen (2014), this structure is a new formulation of ISO Management System and an alignment with “Annex SL” that allows the organisation to make multiple implementations at the same time for related ISO Management Standard. ISO 22301:2012 is structured as follows:

    • Clause 1: Scope
    • Clause 2: Normative References
    • Clause 3: Terms and Definitions
    • Clause 4: Context of the organization requires that management understands the context of the organisation, including its internal and external needs, and set boundaries for the scope of the BC management system.
    • Clause 5: Leadership focuses on the role and requirements of top management
    • Clause 6: Planning relates to the establishment of strategic objectives and guiding principles of the BCMS as a whole.
    • Clause 7: Support focuses on the resources required to establish, implement and maintain an effective BCMS.
    • Clause 8: Operations asks for proof of how the processes developed to manage the risks are being correctly implemented.
    • Clause 9: Evaluation covers the maintenance and review of the BCMS to ensure its ongoing relevance.
    • Clause 10: Improvement This clause is all about making your BCMS as effective as possible to show how effectively it is managed.


    ISO 22301:2012 covers the requirements for an efficient BCMS, which will allow the company to minimise any risks associated with disruptions and ensure that business is able to operate as usual despite an unexpected event and continue to offer a premium level of service. Aside from this, being ISO 22301:2012 certified can benefit a business by

    • Protecting key assets
    • Identifying how some forms of disruption can influence daily operations
    • Demonstrating commitment to key stakeholders
    • Gaining a competitive advantage
    • Shows the organisation’s commitment to customer satisfaction.

    ISO/DIS 22301:2019

    In January 2019, ISO published the ISO/DIS 22301:2019 standard, which is a draft of the new version. Although there can be changes between the draft and the final version, it already gives a clear idea of what to expect.

    The Business Continuity Management Standard lasts for three years and is subject to mandatory audits each year to ensure that the business remains compliant.

    How WWISE can help

    WWISE develops systems, repairs, maintains and improves them to ensure optimal competitiveness and efficiency for the client companies. To speak to a consultant on how we can assist your business to prepare for ISO 22301:2012 certification, send us an email or call us on
    08610 99473. You can also visit our website at for more information on other ISO standards we can assist with as well as other services we provide.

    Recent Articles