Business Continuity Management (ISO 22301)

Business Continuity Management (ISO 22301)

Why does the organization need to improve their business continuity management?

  1. Risk-based thinking, i.e. to buildup the capability to response and effective recovery from the incident 
  2. IT service compliance with industrial legislation,, i.e. banking or financial services, emergency help desk
  3. Legal compliance, i.e. utility services, public infrastructure...
  4. Government regulation for IT service providers, i.e. telecommunication, financial, healthcare...etc.
  5. Contractual requirements, i.e. supply chain, supplier contract, service level agreement (SLA)
  6. Social responsibilities, the common practice for business and service continuity management 
  7. Technically sounds and effective, i.e. recovery procedures, BCP exercise, and testing
  8. Market competition, i.e. competitor

Critical success factors

  1. Business continuity policy, objectives, and activities that reflect business objectives;
  2. An approach and framework to implementing, maintaining, monitoring, and improving business continuity that is consistent with the organizational culture;
  3. Visible support and commitment from all levels of management;
  4. A good understanding of business continuity requirements;
  5. Effective marketing of business continuity and management to all managers, employees, and other parties to achieve awareness;
  6. Distribution of guidance on business continuity policy and standards to all managers, employees and other parties;
  7. Provision to fund business continuity and improvement activities;
  8. Providing appropriate awareness, training, and education;
  9. Establishing an effective business continuity, incident and problem management process;
  10. Implementation of a measurement system that is used to evaluate performance in business continuity management and reporting suggestions for improvement.

Starting Point of Business Continuity Management

Considered to be essential to an organization from a legal, legislative point of view include, depending on applicable legislation:

  • business objectives
  • compliance with industrial and legislation requirements 
  • fulfills service level agreements (SLA) 

Considered to be common practice for managing business continuity include:

  • Business/Organisational risk analysis according to risk management principal (ISO 31000)
  • Selection and define the BCMS implementation scope
  • Business continuity policy and objectives
  • Plan, prepare and perform Business Impact Analysis (BIA) 
  • Prepare recovery procedures and resources 
  • Backup and redundancy 
  • Incident response management 
  • Prepare, exercise and testing Business Continuity Plans (BCPs)
  • A post review and improve the BCP
  • Supplier audit(s)
  • Internal audit(s) 
  • Management review 

Learn how to manage business continuity with our experts.

The international standard ISO 22301 sets out the requirements to establish, implement and continually improve business continuity management systems (BCMS) for the organization. 

Base on BCMS (ISO 22301) family of standards, we are offering a serious of training programmes to help you to understand WHAT are the requirements, know HOW TO how to plan and implement a BCMS, and capability of the audit.


Course name  Course language
ISO 22301:2019 Lead Auditor (Business Continuity Management System) Training Course English
ISO 22301:2019 營運持續管理系統主導稽核員培訓課程 中文

Last modified: Thursday, 1 October 2020, 4:38 PM