The full name of this standard is ISO 22301:2019 Security and resilience – Business continuity management systems – Requirements. It is an international standard published by the International Organization for Standardization (ISO), and it describes how to manage business continuity in an organization. This standard is written by leading business continuity experts and provides the best framework for managing business continuity in an organization. Adopting ISO 22301 can help organizations to minimize the impact of disruptions on their operations, protect their reputation, and maintain customer and stakeholder confidence. It can also help to demonstrate compliance with regulatory requirements and improve the organization’s resilience and ability to adapt to changing circumstances.
The focus of ISO 22301 is to ensure continuity of business delivery of products and services after occurrence of disruptive events. This is done by finding out business continuity priorities what potential disruptive events can affect business operations defining what needs to be done to prevent such events from happening, and then defining how to recover minimal and normal operations in the shortest time possible. Therefore, the main philosophy of ISO 22301 is based on analyzing impacts and managing risks: find out which activities are more important and which risks can affect them, and then systematically treat those risks.
Business continuity is part of overall risk management in a company, with areas that overlap with information security management and IT management.