The ISO 22301 – Societal Security – Business Continuity Management Systems – Requirements standard was developed to help organizations minimize the risk associated with disruptive events. This standard replaces the British standard BS 25999.
ISO 22301 specifies the requirements for planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continuously improving a management system in order to effectively respond to incidents or events that could disrupt an organization’s normal functioning. The requirements specified in ISO 22301 are generic and are intended to apply to all organizations, regardless of their type, size or nature. The scope of these requirements depends on the workplace environment and on the complexity of the organization concerned.
The standard is based on the PDCA (Plan-Do-Check-Act) cycle, which allows for integration with other management systems, such as ISO 9001 – Quality Management System, ISO 14001 – Environmental Management System, and ISO/IEC 27001 – Information Security Management System and ISO/IEC 20000-1 – Information Technology Services Management.