ISO 22301 Business Continuity Certification
The ISO 22301 standard arises as a necessity for organisations that require guidelines for the continuity of their business in the event of unforeseen situations and therefore for the protection and security of their interested parties after the interruption of their activities when they have had to face situations of serious real risk that threaten the continuity and survival of the business, such as fires, floods, cyber attacks, pandemics, human error, etc.
It allows the organisation’s key stakeholders to be assured that the organisation is fully prepared to respond to a contingency of this magnitude, providing the protection and security that they expect, guaranteeing the continuity of any organisation’s activities.
Its implementation and certification are recommended in those organisations in which:
- Due to their sector of activity (ICT, Telecommunications, Banking, Insurance, etc.) or their social impact, they have a certain vulnerability and attractiveness for malicious computer attacks that paralyse their activities or operations.
- Due to the type of service provided and/or product supplied, an irruption of their activities and processes would have a notable impact on society (Health sector, Pharmaceutical, Energy supplies, etc.).
This standard is certifiable, i.e. it is designed so that third party auditing and certification bodies such as EQA, through their independent auditing process, can certify compliance with the requirements of the standard. In this way, confidence can be given to third parties, including clients, collaborators, end users and, of course, the administered citizen.
Implementing and certifying the business continuity management system is evidence of the sustainable vision that should guide an organisation and its management at the highest level, as well as of the existence of good corporate governance guidelines in the organisation.
ISO 22301 certification diagram
Frequently Asked Questions
Advantages of ISO 22301 verification
A Business Continuity Management System, according to ISO 22301, not only lays the foundations for operational recovery after the incident leading to the temporary cessation of activity, but also:
- It shields and protects the reputation of the entire organisation (especially that of all employees).
- It ensures a commitment to meeting deadlines by ensuring the marketability of your products and/or services.
- It increases customer satisfaction.
- It prevents economic losses resulting from such disruption.
- Enables a common and intelligible language across complex supply chains.
ISO 22301 Standard: Certification
The certification process for ISO 22301 has the following steps:
- Request for certification.
- Planning.
- Phase 1.
- Phase 2.
- Issuance of the certification.
Maintenance of the certificate involves the following process:
- Annual monitoring 1.
- Annual monitoring 2.
- Recertification.
Usual duration of the ISO 22301 certification process
The usual duration of the certification process is between 5 and 6 months, from the time the company submits the Request for Certification until the certificate is granted. We advise you to apply for certification 3 months before the expected start date of the process.
Integration of ISO 22301 with other standards
Depending on your sector, you can implement ISO 22301 with other quality standards. For example:
- Quality Management: ISO 9001.
- Information Security Management: ISO 27001.
- Environmental management: ISO 14001.
- Occupational Health and Safety Management: OHSAS 18001, ISO 45001.
- Any other scheme with a high-level structure.
We provide more information on the integration of ISO 22301 with other standards.
How to ensure organisational success
- Recognise that business continuity, and the safety and security of workers are among the highest priorities of the organisation’s leaders.
- Understand the organisation and its context.
- Know the needs and expectations of all stakeholders by maintaining appropriate communication channels.
- Ensure management commitment by guaranteeing compatibility between strategy, resources and expected results.
- Carry out a diagnosis of the organisation’s initial situation.
- Plan an appropriate contingency plan to address the risks identified by the organisation.
- Establish quality policy and objectives.
- Establish a minimum level of operationally acceptable continuity.
- Monitor and update according to the timeframe established by the organisation.
- Delegate responsibilities, define activities and persons in charge, manage the necessary resources to be executed and evaluate at the appropriate times.
We provide more information on how to ensure organisational success.
Contact us for more information on ISO 22301
Follow us
Tel. +34 913 078 648