ISO 22301 Business Continuity Management describes the requirements for a Business Continuity Management system (BCMS).

The subject of this norm is Business Continuity and ensuring this by taking relevant measures. The ISO 22301 was published in 2012 and is, therefore, still a relatively young norm. It does, however, have a history going back several years.

Norm attention in regards to continuity began with PAS 56 in 2003, which was followed by the BS 25999 in 2007. The fact that business continuity has now been categorized in an ISO norm shows the increased importance of this. You may ask yourself, who wouldn’t acknowledge this? Well, despite attention for this norm seeming to increase slightly at the moment, experience tells me it still occurs insufficiently in many organizations. And this while the risk of disruptions from the outside world is increasing all the time. Think, for example, of cyber crime, corporate espionage, hacking and extortion. If, and when, this leads to the disability of crucial (information) systems, the loss of image and market shares loom on the horizon. ISO 22301 , much like other norms, offers a systematic approach to staying “in control” with regard to Business Continuity. Having a BCP, a Business Continuity Plan, is a must for achieving a balanced set of measures. Overkill, considering the costs, is not desirable at all. In ideal circumstances, the norm is used in combination with the ISO 27001, the ISO standard for information security. This is due to the functional overlap between information security and continuity. In other words, a dynamic duo!