ISO 22301 Business Continuity Management System

Business Continuity Management System Certification

Business Continuity Management System (BCMS) Certification

WHAT IS ISO 22301?

ISO 22301 is an international framework that has been developed to help businesses identify potential threats to critical business functions and design a business continuity management plan. The standard helps companies build effective backup systems and processes to safeguard against theft, natural disasters, disease outbreaks, terrorist attacks and other extraordinary incidents. ISO 22301 specifies the requirements to plan, implement, monitor, review and improve a company’s business continuity management system, thereby minimising the impact of disruptions.


The ISO 22301 standard can be implemented by any organisation, regardless of its size, type, or sector. This includes public and private companies, non-profit organisations, government agencies, and other entities. The standard is designed to help organisations of all kinds establish, implement, maintain, and improve their business continuity management system (BCMS) to enhance their ability to withstand and recover from disruptive incidents.

To achieve ISO 22301 certification, an organisation must undergo a formal audit by an accredited third-party certification body. The audit will assess the organisation's BCMS against the requirements of ISO 22301 standard and determine whether it meets the criteria for certification.


ISO 22301 is a Business Continuity Management System (BCMS) standard that provides a framework for developing and implementing a business continuity management plan. BCMS is a comprehensive management system standard designed to ensure an organisation's ability to continue operating during and after a disruptive incident.

To achieve BCMS certification according to ISO 22301 standard, an organisation must undergo a formal audit by an accredited third-party certification body. The audit will assess the organisation's BCMS against the requirements of the ISO 22301 standard and determine whether it meets the criteria for certification.

The BCMS certification process includes several steps: a readiness review, a stage 1 audit, a stage 2 audit, and ongoing surveillance audits.

Overall, the ISO 22301 standard provides a structured and systematic approach for organisations to establish and maintain a BCMS, helping them to mitigate the impact of disruptive incidents and improve their overall resilience. 


ISO 22301 certification provides formal business continuity guidelines that will keep your organisation operational during and following a disruption. It seeks to minimise the impact to critical business functions, ensuring they are still capable of being delivered or recovered promptly. The ISO 22301 standard is applicable for companies of all sizes across any industry, particularly those operating in high risk or complex environments where the ability to function without delay is of paramount importance. ISO 22301 business continuity certification also helps you avoid loss of revenue and customers should a major problem occur.


ISO 22301 Implementing a Business Continuity Management System (BCMS) based on the ISO 22301 standard and obtaining ISO 22301 certification can provide several benefits to organisations, including:

Enhanced resilience: ISO 22301 helps organisations to identify and prioritise potential risks and develop strategies to mitigate them.

Increased customer confidence: ISO 22301 certification demonstrates to customers and stakeholders that an organisation is committed to ensuring the continuity of its operations in the event of a disruptive incident.

Improved reputation: An ISO 22301 certification provides an independent and internationally recognised validation of an organisation's BCMS, demonstrating its commitment to maintaining resilience against disruptive incidents.

Compliance with regulatory requirements: Implementing an ISO 22301-compliant BCMS can help organisations comply with regulatory requirements related to business continuity and risk management.

Cost savings: An ISO 22301 audit can help organisations identify areas of inefficiency or waste in their BCMS, allowing them to streamline processes and reduce costs.


As an internationally recognised certification body, TÜV SÜD offers auditing and certification. TÜV SÜD’s dedicated and experienced auditors possess the accreditation and experience to perform combined auditing exercises and can support you with proficiency in your local language and knowledge of the local market.

Our auditors follow a strict code of conduct that assures you and your customers of our complete independence and professionalism. In addition, our TÜV SÜD certification mark provides you with international recognition and demonstrates your commitment to quality and stable operations.


  • How long does it take to get ISO 22301 certified?

    The time it takes to obtain ISO 22301 certification can vary depending on several factors, including the size and complexity of the organisation, the level of existing business continuity management system (BCMS) maturity, and the resources available for implementing and maintaining the BCMS.

    Typically, the process of implementing a BCMS can take several months to a year, depending on the organisation's specific circumstances. This includes the time required to develop and implement policies and procedures, conduct risk assessments, develop and test business continuity plans, and establish processes for monitoring and maintaining the BCMS.

  • How do I get started with ISO 22301 certification?

    Getting started with ISO 22301 certification requires careful planning and implementation of various steps. Here are the key steps you can follow to begin the process:

    • Define your scope: Determine the scope of your Business Continuity Management System (BCMS) and what part of your organisation you want to certify. This will help you to determine the necessary resources and timeline.
    • Conduct a gap analysis: Conduct a gap analysis to identify the areas of your organisation that do not comply with the ISO 22301 standard requirements. This will help you to prioritise the areas that need improvement.
    • Develop a BCMS: Develop a BCMS that meets the standard requirements. This will involve defining policies, procedures, and controls that ensure the continuity of your business operations.
    • Implement the BCMS: Implement the BCMS in your organisation, ensuring that all employees are trained and aware of their roles and responsibilities.
    • Perform internal audits: Perform internal audits to ensure that your BCMS meets the standard requirements and identify areas for improvement.
    • Select a Certification Body: Select a Certification Body that is accredited by a recognised accreditation body. Request a quote for their certification services.
    • Stage 1 Audit: Conduct a Stage 1 Audit to verify that your BCMS meets the standard requirements.
    • Stage 2 Audit: Conduct a Stage 2 Audit to verify that your BCMS is effectively implemented and maintained. If successful, the Certification Body will issue an ISO 22301 certificate.
    • Maintain Certification: Maintain your certification by continually improving your BCMS and complying with the ISO 22301 standard requirements. Recertification audits will be conducted periodically to ensure your BCMS complies with the standard.


ISO 22301

ISO 22301 Business Continuity Management

Ensure continuity of critical business functions in the event of disruptions.

Download Now

ISO 28000

ISO 28000 Supply Chain Security

Effectively mitigate supply chain risk

Download now

iso/iec 27001 Information security management system

ISO/IEC 27001 Information security management system

Secure your knowledge and information with a systematic approach



Next Steps

Site Selector