ISO 22301 Business Continuity Management Systems Certification: organizational resilience and ability to respond effectively to a critical event

ISO 22301 'Company security - Business continuity management systems - Requirements', is the international standard developed to guide organizations to identify potential threats to their business processes, and to build effective backup systems and processes to safeguard their interests and those of the stakeholders. The standard specifies the requirements for planning, implementing, monitoring, reviewing and improving the Business Continuity Management System of organizations, with the aim of reducing the impact on activities caused by outages.

The purpose of applying this rule within the organization is in fact precisely to ensure an adequate continuity plan for essential services in accordance with the market or customer service agreement. The objective is to guarantee the ability to react to accidents, respond to emergencies and disasters by ensuring, in the event of a crisis episode, the continuity of the supply of products and the provision of services, safeguarding the staff and the image of the company, allowing it to continue producing and selling its products and services.

The standard is applicable to all organizations wishing to define and improve their business continuity management and demonstrate the soundness of their system to stakeholders. In particular, it is recommended for companies operating in high-risk environments, such as public utilities, financial services, the Oil & Gas sector, transport, telecommunications and food production, or in which business continuity is a critical factor, such as the public sector.
ISO 22301 is a management standard that can be perfectly integrated with other ISOs such as ISO 9001.

The ISO 22301 standard 

ISO 22301 relates to the management of business continuity, specifies the requirements to plan, establish, implement, operate, monitor, maintain and continuously improve a documented management system aimed at protecting, reducing the possibility of occurrence, preparing , to the response and recovery referring to destabilizing events when they occur. The purpose of the standard is to


  • Provide a coherent infrastructure, based on international best practices, to manage business continuity.
  • Identify any impacts that threaten an organization and provide a model for building resilience and the ability to react effectively in order to safeguard the interests of key stakeholders, reputation, brand and activities aimed at creating value added.
  • Proactively improve the ability to resist incidents (resilience) that can lead to critical business interruptions on which the achievement of key objectives depends. Provide a proven method for restoring the ability to deliver critical products and services at a predefined level and within a predetermined time frame, following an outage.
  • Offer an adequate response to manage an outage.
  • Allow a clear understanding of how the entire organization works and allow you to identify opportunities for improvement.
  • Create the opportunity to reduce the insurance premium for the interruption of operations.

The advantages of ISO 22301 certification

The certification service against ISO 22301 consists in verifying the adequacy of the Management System with particular reference to the following elements: methods of identifying the phenomena that may affect the business, analysis of the consequent risks in the assessment of the relative impacts, definition systems for monitoring and managing activities, development of plans and programs aimed at minimizing impacts, development of procedures aimed at managing emergency situations. The certification of the business continuity management system allows to:

  • Facilitate compliance with contractual and legislative requirements
  • Strengthen the credibility and visibility of the company by safeguarding its image and assets and facilitating recovery from disruptions
  • Reduce the costs of accidents
  • Effectively finalize the investments used to implement accident management plans and business continuity plans
  • Ensure and give evidence to the interested parties 'stakeholders' that all the tools and technical and organizational measures necessary to ensure the delivery of critical products and services have been implemented
  • Provide a coherent infrastructure, based on international best practices, to manage business continuity
  • Identify any impacts that threaten an organization and provide a model for creating resilience and the ability to react effectively
  • Provide a proven method for restoring the ability to deliver critical products and services at a predefined level and within a predetermined time frame, following an outage.
  • Offer an adequate response to manage an outage
  • Allow a clear understanding of how the entire organization works and allow you to identify opportunities for improvement
  • Create the opportunity to reduce the insurance premium for the interruption of operations

Management Systems Certification for Business Continuity: the industrial sectors of interest and areas of attention

The need to ensure the supply of products and / or services even in the event of serious accidents of various kinds (such as natural disasters, breakdowns, strikes, terrorist or vandal acts, etc.) is now an indispensable element for all organizations. In this context, it is emphasized, in fact, that operational continuity in general cannot be achieved only with the introduction of technical tools, but requires adequate organization and appropriate procedures. Furthermore, the management of business continuity is strongly based on the participation of all key personnel, in some cases also of suppliers, customers and other interested parties (stakeholders). Organizations, therefore, must identify the specific criticalities according to the product sector to which they belong.

ISO 22301 certification for the financial sector

The world of financial services encompasses a variety of industries, from banks to insurance companies, all of which share the need to employ networked systems to perform monetary and data transactions. Peculiar elements are:

  • Ensure the continuity of transactions;
  • Ensure the protection and recovery of data;
  • Restore critical services on time.

The banking sector and consequently the strategic partners will be able to take advantage of the certification of their SGCO to provide objective evidence of compliance with the directives of the Bank of Italy in order to ensure business continuity.

ISO 22301 certification for the Utility sector

Suppliers of energy, telecommunications, transport, etc., are among the country's critical infrastructures. The transposition of the relevant European Directives will lead to the implementation of plans to ensure continuity of supply or service and the certification of the SGCO will be the natural evolution to ensure the updating, adequacy and continuous improvement of the management system.

ISO 22301 certification for the Industry and Commerce sector

The industrial and commercial sector needs to guarantee continuity in the production or provision of its services following a disaster, i.e. foresee possible scenarios in advance and be prepared and trained to ensure the survival of its organization, and ensure that your critical suppliers are as well. It's not enough to be optimistic and think it's not going to happen, it's best to be prepared for the worst. With the certification of its SGCO, however, an image and opportunity advantage over the competition is ensured.

ISO 22301 certification for the public sector

The public sector groups many different areas, for which the issue of business continuity is of fundamental importance; in particular this concerns the public administration proper (PA), defense, health, the provision of services to citizens. Understanding one's own reality, what threats it may be subject to, analyzing possible scenarios and impacts on services and infrastructures, planning in advance plans to reduce the impacts of these disastrous events, to manage accidents and have plans that allow for recovery functionality should be the responsibility of any good public administration. Certifying your business continuity management system means offering guarantees that what is planned is consistent, updated, effective, has been tested with appropriate exercises and is periodically reviewed and improved.