Search for content, post, videos

Past, Present and Future of ISO 22301 – The Business Continuity Standard Review

The history of Business Continuity

The world is currently witnessing disasters and crises that quickly cross borders. As these disasters dramatically increase in frequency, impact, and complexity, organizations need to provide careful planning to achieve the desired prosperity. The organizations should take all the necessary measures to be prepared for overcoming the ever-challenging aspects of disasters and unexpected situations. In addition to recessions, cyber-attacks, and natural disasters, organizations are also threatened by new risks related to public health or supply chain interruptions.

Given the continuous change in the causes, triggers, and impacts of disasters, businesses have to prepare protection schemes which help them deal with the unexpected events. Considering that many organizations operate and compete in a global market, businesses cannot afford interruptions of operations, as it will result in huge long-lasting negative impacts.


To avoid such severe impacts, it is important that every organization has a Business Continuity Plan in place. Business Continuity (BC) is the ability of an organization to continue operating during and after a disaster, and the ability to recover within a short period of time. Also, a Business Continuity Plan (BCP) is strongly related to contingency, as well as to resilience and recovery.

BC has been subject to significant changes, including influences and development in legislation and regulation. The developments and recent events have all played a key role in the on-going evolution of Business Continuity. ISO 22301, as an international standard, has been subject to modification since its initial draft version developed in 2010. The final version of the standard was released in 2012. This standard guides organization in adapting to internal and external threats, and helps them in establishing an effective business strategy for building organizational resilience.

Managing and preparing a Business Continuity Plan is the key factor for organizations, not only to thrive in their respective industry but also to minimize their operating costs. Thus, it is imperative to have a Business Continuity Management System in place to ensure that the organization possesses the adequate tools to provide proper protection from the existing and new threats that they may face.

family-tree-ISO 22399

Why is important to regularly Test your Business Continuity Plan?

By regularly testing your Business Continuity Plan (BCP), you ensure that you can effectively handle the events and control their results for minimal impact. The systematic testing of the management system helps you become familiar with your recovery scheme, personal responsibilities, as well as the expected length of a disaster.

A survey conducted by Harford Institute found that 59 % of companies have a formal and documented continuity plan in place, however, only a third of these BCP plans are regularly tested. Additionally, the survey results indicate that 33% of businesses have an informal undocumented BCP in place, while 8 % of them have no plan at all. As a result, businesses that do not implement nor document a Business Continuity Plan will be subject to many fundamental severe consequences at many levels as they are unprepared for properly responding to the existing threats.

Why do you need ISO 22301?

ISO 22301 will protect your company by introducing proactive measures to keep the probabilities of risks occurring as low as possible, and implementing mitigation processes to manage the crisis in acceptable ways. This means that when incidents occur, measures are taken in a timely manner and the people involved are trained and authorized to take the necessary actions to effectively minimize the impact. We are aware that some incidents have a higher probability of occurrence, and planning for them in advance is rather impossible. However, ISO 22301 provides techniques which can ensure that your business is capable of mitigation, and as such, it can remain competitive. The following statistic portrays the importance of having the ISO 22301 implemented within the organization:

“80% of Businesses that do not have Business Continuity plans go out of business within 13 months of a major incident”

Business Continuity Institute

What are the benefits of implementing ISO 22301 in your organization?

The implementation of ISO 22301 in your organization can have a significant impact on the future performance of your business.  ISO 22301 not only helps you in prioritizing the threats that your company is exposed to, but it also helps you in:

Saving money– Having a BCMS implemented in your organization means having a contingency plan that helps you maintain the market share in the event of a disaster. Such plan will provide your organization with the opportunity to continue your business profitability since the damage caused by these interruptions may have been greater if no measures were taken in advance.

Enhancing your brand reputation– Your commitment to providing excellent services, even in times of crises, will improve your brand image and thus enhance your reputation.

Gain competitive advantage– Adhering to the BCMS tools and framework, and having implemented a standard that is recognized worldwide, will increase the client’s confidence in your organization.

Continuous improvement– Being subject to regular BCMS audits means that your organization is encouraged to systematically engage in activities that ensure continual improvement of its processes and activities.


What are the requirements for ISO 22301?

  • Establish and maintain a sound Business Continuity Management structure that is supported by top management
  • Understand the organization by identifying its’ resources and critical activities
  • Define the Business Continuity Strategies which are employed to meet the organization’s objectives
  • Create and implement a Business Continuity Management Response plan
  • Have a documented structure and Response Plan to enable effective response and recovery from disruption
  • Set a Business Continuity Management in the organization
  • Test your organization’s Business Continuity Plan
  • Systematically review, plan and update the Business Continuity Plan
  • Increase employees’ awareness by properly communicating the BC Plan


What are the expected changes in ISO 22301 Revision?

There were numerous business continuity standards published by different certification bodies. The ISO/PAS 22399 (Societal security — Guideline for incident preparedness and operational continuity) was published in 2007, which provides general elements and principles for incident preparedness and operational continuity of the organization.  In 2010, a universally accepted international standard was introduced, and it was published in 2012. The ISO 22301:2012 replaced the ISO PAS 22399.

It is important to note that the ISO 22301:2012 was under periodic review in April 2017, where such review was completed in early September. Hence, the ISO will announce the official publication date of the standard and depict the changes that the committee has made.


8 Basic Steps for a Business Continuity Plan




PECB helps you build your Business Continuity Plan by offering training and certification courses in ISO 22301 around the world.



Leave a Reply

Your email address will not be published. Required fields are marked *