ISO 22301

The cost of ISO 22301 certification is quoted on a fixed-fee basis, so you won’t have to worry about unexpected additional expenses.

The price of your certification will depend on:

• Your organisation’s total size
• The sector you operate in
• The number of locations you operate from

We promise no hidden costs and transparent pricing at each step.

Get started with ISO certification.

ISO 22301 for business continuity management is an international standard that provides a set of requirements for organisations to plan, implement, monitor, maintain and continually improve a Business Continuity Management System (BCMS).

ISO 22301 aims to support businesses in continuing their operations during or after a disruption and minimise the impact on their critical functions.

The standard involves:

• Identifying potential threats and assessing their impact on business operations.
• Determining the effects of disruption on various business functions and prioritising them for recovery.
• Developing, implementing and maintaining strategies and procedures to ensure the continuity of critical functions.
• Allocating necessary resources to support business continuity efforts, such as personnel, technology and financial assets.
• Ensuring that employees are aware of their roles and responsibilities in business continuity activities.
• Regularly testing and exercising business continuity plans to validate their effectiveness and identify areas for improvement.
• Continually monitoring the BCMS and reviewing performance to ensure it remains effective and aligned with organisational objectives.
• Implementing changes and improvements to improve the BCMS over time.

ISO 22301 offers a structured approach to support business continuity during and after disruptions. This international standard helps organisations identify and manage potential threats, minimising the impact of disruptions on business operations in the event of a disaster.

Implementing ISO 22301 helps businesses to:

• Safeguard that critical functions and operations remain active during disruptions.
• Proactively identify, assess and mitigate potential risks.
• Show customers, partners and regulators that the business is well-prepared for unexpected events.
• Meet necessary legal, regulatory and contractual obligations.
• Allocate resources efficiently to reduce downtime and financial losses.
• Stand out from competitors by demonstrating a strong commitment to business continuity.

ISO 22301 lays out specific requirements for establishing a Business Continuity Management System. This standard supports organisations in effectively preparing for, responding to and recovering from disruptive incidents. This supports overall resilience and business continuity.

These requirements are structured into the following clauses:

• Clause 1: Scope – Defines the intended outcomes and scope of the standard to verify that its intended outcomes are met.
• Clause 2: Normative References – Lists essential documents that are necessary for the application of the standard.
• Clause 3: Terms and Definitions – Defines the terms used throughout the standard to ensure consistency and understanding.
• Clause 4: Context of Organisation – Organisations must understand internal and external issues, as well as the needs and expectations of stakeholders that may impact business continuity.
• Clause 5: Leadership – Emphasises the role of stakeholders in demonstrating commitment, establishing a business continuity policy, and defining roles and responsibilities within the BCMS.
• Clause 6: Planning – Involves identifying risks and opportunities, setting business continuity objectives and planning to address these.
• Clause 7: Support – Provide the necessary resources and ensure that the necessary information is clearly documented and maintained.
• Clause 8: Operations – Focuses on implementing processes to meet business continuity objectives, including business impact analysis, risk assessment and developing and implementing business continuity plans and procedures.
• Clause 9: Performance Evaluation – Involves monitoring, measuring and evaluating the effectiveness of the BCMS, including conducting internal audits and management reviews.
• Clause 10: Improvement – Covers continual improvement of the BCMS by addressing nonconformities, implementing corrective actions and seizing opportunities for improvement.

Organisations can build a framework by following these structured clauses, which not only support compliance but can also improve their capability to remain operational during crises. This structured approach helps achieve a clear and comprehensive method for business continuity management.

Implementing ISO 22301 involves the Plan, Do, Check, Act (PDCA) cycle, which provides a systematic approach for establishing, maintaining and continually improving a BCMS. This iterative process supports businesses in effectively planning for potential disruptions, implementing measures to deal with them, monitoring the effectiveness of these measures and taking actions to address any issues.

Here’s how an organisation could get started:

Plan

• Assess your external environment and understand the needs and expectations of stakeholders.
• Identify potential risks and opportunities.
• Set clear business continuity objectives and determine the resources needed to achieve them.

Do

• Put the plan into action by developing and implementing your BCMS and making necessary process changes.
• Ensure all team members are aware of their roles and responsibilities within the BCMS.

Check

• Regularly monitor and measure the effectiveness of your business continuity processes.
• Conduct tests of your business continuity plans and analyse the results to ensure they are functioning as intended.

Act

• Take corrective and preventive actions based on the insights gained from monitoring and testing.
• Continually refine and improve your BCMS by addressing deficiencies and implementing best practices.

• Protect your organisation’s reputation: Keep services and operations running, even when unexpected events occur. 
• Reduce costs: Minimise costs associated with unplanned downtime and recovery efforts by having a well-structured response plan.
• Train employees on their roles in business continuity: Ensure they are well-prepared to act during disruptions.
• Strengthen measures to protect critical data and information: Reduce the risk of data loss during incidents.
• Improve coordination across different departments and functions: Ensure a unified response to challenges.
• Establish quick and effective response mechanisms: Respond quickly and reduce downtime.

Contact us to find out how ISO 22301 could benefit your business.

When you achieve your ISO 22301 certification with British Assessment Bureau, your certification will be accredited by UKAS (United Kingdom Accreditation Service).

Our UKAS-accredited ISO 22301 certificates all come with the coveted ‘Crown & Tick’ mark, underlining the security that only comes from Government-endorsed certification.

Achieving ISO 22301 certification typically takes 6 to 12 months. The timeline may vary depending on factors such as your organisation’s size and complexity, your BCMS and the available resources.

The process usually includes an initial assessment and planning phase, the implementation of the BCMS, internal audits and reviews, and the certification audit. Your organisation’s readiness and stakeholders’ commitment can influence the time it takes to complete.

With effective planning and management, your business can streamline the process and successfully achieve certification.

Get a personalised quote and find out how long it will take for your organisation to become certified.

We offer a range of ISO 22301 training courses that can help you gain knowledge to effectively implement business continuity management within your organisation.

Our training options include:

ISO 22301 Course – Free Introduction Training

• Introduces the basics of ISO 22301 and the importance of business continuity management.
• Ideal for individuals new to business continuity who want to gain a foundational understanding of ISO 22301.

ISO 22301 Awareness – Online and Classroom Training

• Provides a deeper understanding of the ISO 22301 standard, including key concepts, requirements and benefits.
• Ideal for anyone looking to expand their knowledge of business continuity principles and how to align with ISO 22301, available in flexible online and classroom formats.

ISO 22301 Certification Training – Implementing ISO 22301

• Equips you with the knowledge and tools needed to implement ISO 22301 within your organisation effectively.
• Ideal for professionals responsible for developing, implementing and managing an ISO 22301-compliant Business Continuity Management System.

Explore our ISO 22301 training courses and find the right one to advance your expertise in business continuity management.