ISO 22301

Security and resilience. Business continuity management systems. Requirements

ISO 22301 defines the requirements for Security, Sustainability and Business Continuity Management. Requirements include planning, setting up, implementing, operating, monitoring, reviewing, maintaining, and continuously improving a management system to respond effectively to incidents or events that may disrupt the normal functioning of the organization. The requirements set out in ISO 22301 are general and are intended to apply to all organizations, regardless of their type, size, or nature. The scope of these requirements depends on the workplace environment and the complexity of the organization concerned.
The standard is based on the PDCA (Plan-Do-Check-Act) cycle, which allows integration with other management systems.
The main benefits of implementation and subsequent certification in accordance with this standard include:
– tools for managing the critical processes of the organization
– enabling the organization to respond to major incidents by identifying appropriate measures
– minimizing losses resulting from damage or failure of cooperative processes
– preventing damage to critical processes throughout the supply chain
– improving the overall understanding of the organization by encouraging continuous upgrades
– competitive advantages on the market
– proof of compliance with applicable legislation and regulations
– providing a strong basis for negotiations with financial service providers
– increased trust of all stakeholders


1. Development and implementation in the organization of a system according to the respective ISO standard
2. Conducting an audit establishing the operation of the implemented system
3. Taking a decision on certification based on facts established during the audit