ISO 22301 Certification
ISO 22301 Certification is the international standard for business continuity management and it specifies requirements for setting up and managing an effective Business Continuity Management System (BCMS).
It can help you establish a management system that minimises the risks of major societal impact due to disrupted service provision, hence, demonstrate resilience to customers and suppliers.
What is a business continuity management system (BCMS)?
A BCMS is a comprehensive approach to organisational resilience. It enables organisations to update, control and deploy effective plans, taking into account organisational contingencies and capabilities, as well as the business needs (product- and service- requirements).
A BCMS helps the business to cope with incidents affecting all of the organisation’s business-critical processes and activities, from the failure of a single server to the complete loss of a major facility.
What is the difference between business continuity management and disaster recovery?
Disaster recovery management (DRM) usually takes place within the context of business continuity management. Disaster recovery plans are often relatively technical and will focus on the recovery of specific operations, functions, sites, services or applications. Best practice for disaster recovery is also set out in ISO 22301 Certification.
Business continuity management makes sure that a business can continue to function while recovering from the disaster. DRM, meanwhile, is a process of returning a business or organisation to a state of normality after a disastrous event. This will ordinarily incorporate business continuity, but the focus is on total recovery.
Who can implement this standard?
Any organization – large or small, for-profit or non-profit, private or public. The standard is conceived in such a way that it is applicable to any size or type of organization.
Basic terms used in a standard
- Business Continuity Management System (BCMS) – part of an overall management system that makes sure business continuity is planned, implemented, maintained, and continually improved
- Maximum Acceptable Outage (MAO) – the maximum amount of time an activity can be disrupted without incurring unacceptable damage (also Maximum Tolerable Period of Disruption – MTPD)
- Recovery Time Objective (RTO) – the pre-determined time at which an activity must be resumed, or resources must be recovered
- Recovery Point Objective (RPO) – maximum data loss, i.e., a minimum amount of data that needs to be restored
- Minimum Business Continuity Objective (MBCO) – the minimum level of services or products an organization needs to produce after resuming its business operations
Mandatory documentation
If an organization wants to implement this standard, the following documentation is mandatory:
- List of applicable legal, regulatory and other requirements
- The scope of the BCMS
- Business Continuity Policy
- Business continuity objectives
- Evidence of personal competencies
- Records of communication with interested parties
- Business impact analysis
- Risk assessment, including risk appetite
- Incident response structure
- Business continuity plans
- Recovery procedures
- Results of preventive actions
- Results of monitoring and measurement
- Results of an internal audit
Our advice, go for it!
If you are looking or thinking on how to get ISO 22301 certification in India you can reach out to us. You can partner with us on consulting the standard requirement. We help our customers to consult free of cost. You can reach out to us at or write to us on info@gmsintercert.com with your entire certification requirement. Also, you can feel free to visit our official website at www.gmsintercert.com and provide your contact details so that one of our Consulting experts can contact you in order to understand more about your process so that we can perform a free gap analysis. We are available 24/7 for all of our customers.
