ISO 22301

Business Continuity Management System Certification

Business Continuity Management System Certification

WHAT IS ISO 22301?

ISO 22301 is an international framework that has been developed to help businesses identify potential threats to critical business functions and design a business continuity management plan. The standard helps companies build effective backup systems and processes to safeguard against theft, natural disasters, disease outbreaks, terrorist attacks and other extraordinary incidents. ISO 22301 specifies the requirements to plan, implement, monitor, review and improve a company’s business continuity management system, thereby minimising the impact of disruptions.

Companies with existing ISO 22301 certificates will need to migrate their certification to the new ISO 22301:2019 standard by 30 April 2021. As such, organisations having their Surveillance or Renewal assessment that is due on 30 April 2021 and beyond will have to perform the migration to ISO 22301:2019 correspondingly. From 30 April 2021 onwards, only new certification assessments to ISO 22301:2019 version will be accepted. For more information, please refer to the IAF Resolution 2019-17 Transitional Arrangements for ISO 22301:2019.


ISO 22301 certification provides formal business continuity guidelines that will keep your organisation operational during and following a disruption. It seeks to minimise the impact to critical business functions, ensuring they are still capable of being delivered or recovered promptly. The ISO 22301 standard is applicable for companies of all sizes across any industry, particularly those operating in high risk or complex environments where the ability to function without delay is of paramount importance. ISO 22301 business continuity certification also helps you avoid loss of revenue and customers should a major problem occur.


As an internationally recognised certification body, TÜV SÜD offers auditing and certification. TÜV SÜD’s dedicated and experienced auditors possess the accreditation and experience to perform combined auditing exercises and can support you with proficiency in your local language and knowledge of the local market.

Our auditors follow a strict code of conduct that assures you and your customers of our complete independence and professionalism. In addition, our TÜV SÜD certification mark provides you with international recognition and demonstrates your commitment to quality and stable operations.

The ISO 22301 management system certification is covered under the Sustainability-as-a-Service (SaaS) Programme, with 70% of qualified costs supported by Enterprise Singapore, as part of the Enterprise Sustainability Programme. Click here to learn more.

Download Infosheet

  • How do I use ISO 22301?

    ISO 22301 BCM certification is essential for any enterprise. You can ensure stability and preparedness in the event of any threats to the functioning of your business. By using this standard for your business processes, you can limit your losses and emerge unaffected from disruptions.


  • What is the purpose of using ISO 22301 standard?

    In this everchanging and volatile business landscape, it is now more important than ever to protect your business from potential disruptions. With this standard, you can commit to recovery and continuity post disruptions to your business.


  • Who needs ISO 22301?

    In general, ISO 22301 BCM certification is a standard which can be implemented by any business. Businesses that are looking to set up a business continuity management system to ensure conformity and wish to document this conformity for third parties should consider certifying to ISO 22301.


  • How long does it take to get ISO 22301 certification?

    For a small- to mid-sized well-prepared organisation, a three to six month period should be sufficient.



  • What will be assessed during the ISO 22301 certification?

    The below are some examples of the areas that will be assessed:

    - Business continuity management scope
    - Business continuity management policy
    - Business continuity management objectives
    - Resource and competency
    - Communication
    - Specifications
    - Management commitment
    - Business impact analysis performance
    - BCP planning


  • How does the certification of ISO 22301 work?

    To be certified for ISO 22301, the process is as follows:

    1) Documentation review – to assess if your business continuity management system complies with the requirements of the ISO 22301 standard.

    2) Conduct Pre-certification audit (optional) - It aims to help SMEs to (i) validate their system implementation against the standards requirements; (ii) gaps identified from the online gap analysis; (iii) identify areas of improvement. Any gaps identified at this stage will have to be rectified before the actual certification audit commences.

    3) Audit Plan Preparation

    4) Conduct Certification audit – Verifies the implementation and compliance of your business continuity management system to the standard

    5) Certificate issuance

    6) Surveillance and Recertification audits – to ensure continuous improvement


Next Steps

Site Selector