Training Catalogue

    ISO 22301:2019 Security and resilience-Business Continuity Management Systems-Requirements

    You cannot predict the next crisis, but you can be prepared for it!

    Cyber-attacks, IT failures, natural disasters, pandemics, or the loss of skilled staff are only some of the business disruptions that can have an impact on organisations of any size and in any location. Every organisation needs to develop a Business Continuity Plan to ensure its business operations can continue, no matter what the disruption is. Consistent preparation on how to react when disaster strikes mean a more effective response and a speedier recovery. The ISO 22301:2019 management system was created to allow organisations to understand the amount and type of impact it is capable of handling following a disruption.

    ISO 22301:20199 Security and Resilience – Business Continuity Management Systems was the world’s first International Standard for implementing operative Business Continuity plans, systems, and procedures and was published in 2012. It was revised in 2019 to bring it up to date for best practice.  The latest version of ISO 22301:2019 does not contain new requirements, however, it is now more clearly formulated, and the terminology has been modified for better understanding.  It places a much greater emphasis on goal setting, performance evaluation, and monitoring as well as the link between business continuity and the strategic approach from top management. When developing a Business Continuity Plan it is essential to have contingencies for people, processes, and technology. It is mandatory to run simulations to determine the effectiveness of the Business Continuity Plan.

    ISO 22301:2019 is based on the high-level structure which is a shared framework for all new management system standards and aligns with many other internationally recognised standards such as ISO 9001:2015 Quality Management System and ISO 14001:2015 Environmental Management System. It makes the process easier for organisations to incorporate their Business Continuity Management System into their core business procedures. It ensures an increase in productivity and guarantees more involvement from top management. The Business Continuity Management System can be scaled to the size and complexity of an organisation to make it suitable for SMEs, and large establishments alike.

    The Plan-Do-Check-Act (PDCA) model is one of the main operating principles of ISO 22301:2019. It is applied to all processes within the organisation and the Business Continuity Management System for continuous improvement. It is structured as follows:

    • Plan – Understand the external context of the organisation and the needs of interested parties. Identify the risks and opportunities. Establish the objectives and resources required.
    • Do – Implement what has been planned from a new Business Continuity Management System down to all small process changes.
    • Check – Monitor and measure the effectiveness of the Business continuity management system and test all business continuity plans while monitoring and reviewing the outcomes.
    • Act – Act where necessary based on monitoring, measuring, and other facets for action.

    The PDCA model is an example of a closed-loop system. This means that knowledge gained from the ‘Do’ and ‘Check’ stages are used to inform the ‘Act’ and ‘Plan’ stages. In theory, this is recurring, however, it is more of an upward spiral as the knowledge gained moves you forward each time you go through the process.

    What is challenging about the ISO 22301:2019 Business Continuity Management System is that it comes into action very rarely whereas Quality Management Systems are implemented into the organisation’s daily operations. A Business Continuity Management System is usually only fully brought into action when a disturbance occurs. This means that there needs to be a Business Continuity Plan (BCP) test or drill conducted, as well as periodic reviews of the system, its policies, and its procedures to ensure it remains aligned to a changing environment and organisation.

    WWISE can offer a helping hand with our ISO 22301:2019 Business Continuity Management System Awareness training. This course provides an organisation with the necessary skills required to prepare for any risk or disruptions in their market.  After completing this course, the following benefits can be applied to your organisation:

    • Improved flexibility for your organisation to change.

    • Improve your organisation’s productivity after any change.

    • Reduce the initial downtime by being more effective and prepared.

    • Have a structured risk management plan for your organisation.

    • Increased performance of service delivery.

    Whether you are new to Business Continuity Management or looking to enhance your current ISO Management System, we have the right resources, consultants, and training courses to help you implement ISO 22301:2019. Our support however does not stop there. We can ensure that your management system keeps on delivering the best results for your organisation.

    WWISE creates excellence by driving the success of our clients through ISO standards. We help organisations to embed resilience, assisting them to cultivate sustainably, adapt to any change, and thrive for the long term. When it comes to quality, is perception reality?

    For more information on how you can train your employees on ISO 22301:2019 contact WWISE today on 08610 99473 or 021 525 9159 (Cape Town), or visit our website:

    Recent Articles