Secure Your Business


Tested emergency, contingency and disaster recovery plans can be life-saving.
The International Standard ISO 22301 for Business Continuity Management triggers off a new trend worldwide.


Awareness among the leaders and managers is increasing - certifications for business continuity management are emerging as a new trend worldwide. In 2012, the International Standard ISO 22301 was published on the basis of BS 25999, the British predecessor standard. Since early 2015, there has also been the pertaining Standard ÖNORM EN ISO 22301 in Austria. This Standard has the same text and has the title “Sicherheit und Schutz des Gemeinwesens – Business Continuity Management System – Anforderungen”. In terms of its contents, the BCM Standard is compact. On 34 pages, the Standard defines the requirements for planning, establishing, implementing, operating, reviewing, maintaining and continually improving a documented business continuity management system.

The authors of theISO rettungsring_iStock_cogal_fk22301 Standard have deliberately kept the requirements generic so that organizations of all sizes and sectors can put them to use. The process improvement model Plan-Do-Check-Act, which has stood the test in both quality

management and information security, also is

a central element for operating BCM systems.


Scope: Even products are certifiable
The main clauses of ISO 22301 describe the steps to be

taken to implement and operate a BCM System: According to Clause 4, it will, in a first step, be necessary to illuminate the context of the organization with its requirements relating to compliance

and the resources needed - services, raw materials, human resources - and establish the scope of certification. In contrast to EN ISO 9001 and ISO/IEC 27001, ISO 22301 does not only make it possible to certify business areas but also products, services or processes.

CIS - Certification & Information Security Services GmbH T +43 (0)1 532 98 90 office@cis-cert.com