current language
Morocco available in the following languages:
or select your TÜV Rheinland region / country website:
Choose country/ region and language

Business Continuity Management ISO 22301

Business Continuity Management ISO 22301

Amendment 1: Changes of ISO standards regarding Climate Change

pdf Amendment 1 504 KB Download

On-demand webinar: ISO-Amendment 1

On-demand webinar: ISO-Amendment 1

In our webinar recording, you will learn about the changes to the standard and how they affect your management system and your company's ISO certification.

Greater safety with a certified business continuity management (BCM)

Operational risk management is becoming increasingly important. Business processes are getting faster, more specialized and increasingly interlinked. If the supporting operating infrastructure fails, whether in IT, personnel or production, the consequences range from malfunctions to long-term outages or even loss of market share and corporate image. With a certification of your business continuity management you can increase the stability of business processes as well as reduce stoppage and recovery delays.

Our experts certify your business continuity management (BCM) according to ISO 22301. We examine your risk management system according to various criteria and check whether you are properly prepared for issues such as worst case scenarios, a drop in performance and tolerable outage times.

Trust in our long experience and extensive expertise in the certification of crisis and emergency management systems. As a neutral provider of testing services we are the right partner for you and provide optimal assessment of your business processes. With us at your side, you are perfectly prepared for any emergency.

Do you have questions about business continuity management? Contact us!

FAQs: ISO 22301 Revision

Our experts answered frequently asked questions about the new ISO 22301.

Show all Hide all

Release of the ISO 22301:2019

The revision of the ISO 22301 was published in October 2019. Starting October 31, 2019, companies have three years to be certified according to the new version.

Our experts can still certify you according to the old ISO 22301:2012 until October 31, 2021. From November 1, 2021, certification and re-certification audits will be conducted according to the new standard only.

What does the ISO 22301:2019 say?

The ISO 22301:2019 “Security and Resilience – Business Continuity Management Systems – Requirements” wants organizations to implement and maintain a management system for measures and capabilities to ensure that they are able to continue to operate their core business in the event of disruption.

The standard specifies and outlines the minimum requirements that an organization must establish to demonstrate its ability to manage failure safety.

With the new edition of the ISO 22301:2019, some requirements are now more stringent, such as the focus on failure safety from a business perspective.

Important Updates on the ISO 22301:2019

  • Chapter 8 now contains discipline-specific guidelines for a Business Continuity Management System.
  • Resilience is viewed from the perspectives of business, finance, interested parties and internal processes.
  • Top management has the clear mandate to understand the critical internal and external needs and expectations. Security objectives should be defined and critical processes, resources and interdependencies should be supported.
  • The management should also promote the understanding of BCM within the organization.
  • A Business Impact Analysis (BIA) with the time periods for prioritization needs to be developed.
  • The business continuity documentation including that of partners must be reviewed on a regular basis.
  • A separate chapter is now dedicated to audit planning for internal audits.
  • A Business Continuity Management System (BCMS) only needs to be considered for the relevant part of the organization, not for the entire organization.
  • Emphasis is placed on specifications and objectives, resources, review of effectiveness and CIP.
  • Changes to the alignment of the BCM should be planned.
  • The wording has been streamlined overall and was phrased in a more targeted manner.
  • Like in other management system standards, essential documents must exist. These are:
    • Guideline
    • Roles, responsibilities and authorizations
    • Emergency planning, communication
    • Business continuity plans
    • Internal audit
    • Management review
    • Measurement results and CIP measures

Do these changes affect my existing certification?

No, the changes do not have any direct influence on an existing certification until the transition. The transition period, which has been extended by 6 months based on international agreements, ends on April 30, 2023.

In addition, starting November 1st, 2021, all certification and re-certification audits will be carried out based on the new standard. For surveillance audits, you have a choice between the old and the new standard.

Does the revision of the standard create a higher audit expenditure?

There may be additional one-time audit expenditures. They vary depending on the organization and the timing of the transition:

  • Re-certification and surveillance: 2 hours additional on-site audit time.
  • Special audits for the transition to the new standard: 4 hours additional on-site audit time.

Are there ways to evaluate the gaps between old and new ISO 22301 versions during the transition period?

Yes, with our GAP analysis, we can together clarify questions such as: Will there be changes necessary within the organization? Is training required? Do essential documents or the management system documentation have to be adapted?

What is the connection between ISO 27001 and the revision of the ISO 22301?

The unified definitions and texts in the High Level Structure (HLS) create synergies between ISO 27001 and the revision of ISO 22301.

For which companies is an ISO 22301 certification suitable?

The ISO 22301 standard is suitable for all companies that will have to continue working despite and during a disruption. It also provides proof to customers and insurance companies. These can be companies from industries where quality is critical as well as organizations that require proof of their failure safety and resilience. They include, for example, companies in the automotive industry, insurance companies, banks and of course IT service providers.

Certification according to ISO 22301 will give you control over your ability to avoid and, if necessary, to control failures.

Are there companies that cannot be certified according to ISO 22301?

No. Generally, any company can be certified according to ISO 22301. Our experts will be happy to provide you with information about how a certification will benefit your company. However, ISO 22301 certification does not apply to products such as BCM tools.

What are the advantages of the introduction of a business continuity management system according to ISO 22301?

  • Appropriate measures increase your failure safety and resilience.
  • It provides a structured approach in the case of an incident.
  • It increases the stability of business processes.
  • It lets you show the performance capability and efficiency of your business activities.
  • It increases the satisfaction of your customers.
  • Your critical infrastructure becomes apparent.
  • Your business-critical risks become apparent.

Build trust among stakeholders with ISO 22301 – BCM

By certifying your business continuity management system as per ISO 22301 you align your business processes with your operational risk management process. That provides a comprehensive assessment of risk at all business levels and also ensures that managers are more involved in their company's emergency management. The certificate improves the stability of your business processes and provides precisely defined processes as a basis for a structured approach to incidents. It also reduces outage and recovery times for applications.

A certified business continuity management supports you in meeting internal and international standards requirements as well as the requirements your stakeholders place on you. Transparent procedures improve trust among interested parties and the public, and they increase your advantage over your competitors.

ISO 22301 certification helps you identify potential savings on insurance policies and service providers.

Benefits of certification as per ISO 22301

Step by step to your business continuity management certification

  1. Document review of ISO 22301 requirements for BCM
  2. Optional on-site preliminary audit
  3. Creation of an audit plan and scheduling
  4. Performance of the certification audit
  5. Certificate issue and addition to “Certipedia”, our online certificate database
  6. Annual surveillance audits

Process of a business continuity management certification (BCM)

ISO 22301 certification with knowledge and experience

Our experts assist you with their extensive experience in the field of certification. As a neutral provider of testing we are the right partner by your side when it comes to checking your crisis and emergency management system. In the context of certification, we examine your current situation and help you optimize your business continuity management. Rely on our extensive know-how and use our services to secure a considerable advantage over your competitors.

Would you like to know more about certification as per ISO 22301? Contact us!

Our experts have summarized the detailed certification process and other important information in our FAQs.

pdf Frequently asked questions 244 KB Download
pdf Business Continuity Management at Vodafone 227 KB Download
pdf Business Continuity Management at Huawei Technologies 192 KB Download
pdf Business Continuity Management at DZ BANK 196 KB Download

Our Sustainability Initiatives

Nothing less than the future is at stake. Companies, institutions, public authorities and each and every one of us can play a positive role in shaping the path to tomorrow. We provide you with comprehensive support to ensure that you operate safely, sustainably and efficiently for many years to come.

Sustainable Infrastructure

Comprehensive approaches for the long-term protection of infrastructure

Learn more!

Sustainability Service Search

Test, evaluate, certify, and more: our sustainability services

Learn more!

Sustainability Strategy 2025

Find out how we work with you to protect the future

Learn more!

Elevate your supply chain with our trusted audit services

Elevate your supply chain with our trusted audit services

Leveraging our seasoned experts, we assess your supplier behavior against pertinent international standards, collaborating to foster safe working conditions and promote responsible business practices. Find out more.

Remote auditing and certification

Remote auditing and certification

Remote audits offer a flexible alternative to traditional audit methods. Our remote audits offer the same level of quality you’ve come to expect from TUV Rheinland. We are committed to being a strong and reliable partner. Learn more!

Automotive Certification Services

Disclaimer: At TÜV Rheinland, the neutrality, objectivity, independency and impartiality of our activities are of utmost importance. Our assessment and audit activities follow these values in compliance with the applicable accreditation requirements. All the necessary structural, organizational and processual measures are in place in all levels of the organization in order to avoid conflicts of interest (e.g. rigorous separation of consultancy and certification) and to ensure impartiality. We do not offer or provide management system consultancy by an accredited certification body for management systems. Within the TR Group, we ensure a minimum 2-year interval between management system consultancy and certification activity for the same costumer.

Contact

Get in contact with us!

Get in contact with us!

Last Visited Service Pages