ISO 22301: Why is Business Continuity Management Systems important for your company?

Contingency planning and disaster recovery were largely information technology-led responses to natural disasters and terrorism that affected businesses during the 1980s and early 1990s.

There was a growing recognition, however, that this needed to become a business-led process and encompass preparing for many forms of disruption. In light of this, the discipline became known as business continuity management (BCM).

As governments and regulators began to recognise the role of business continuity in mitigating the effects of disruptive incidents on society, they increasingly sought to gain assurance that key players had appropriate business continuity arrangements in place. Similarly, businesses recognised their dependence on each other and sought assurance that key suppliers and partners would continue to provide key products and services, even when incidents occurred.

A recognised benchmark of good practice in BCM was therefore needed and several national standards sought to address this issue, including those from Australia, Singapore, the United Kingdom (UK) and the USA. In the UK, BS 25999 was introduced to provide a management systems standard to which organisations could obtain accredited certification for the first time.

When organisations operating internationally started calling for a single International Standard, ISO/TC 223, Societal security, responded by developing ISO 22301:2012, Societal security – business continuity management systems-requirements. The new standard is the result of significant global interest, cooperation and input.


Demonstrating good practice

ISO 22301 is a management systems standard for BCM, which can be used by organisations of all sizes and types. These organisations will be able to obtain accredited certification against this standard and so demonstrate to legislators, regulators, customers, prospective customers and other interested parties that they are adhering to good practice in BCM. ISO 22301 also enables the business continuity manager to show top management that a recognised standard has been achieved.

While ISO 22301 may be used for certification and therefore includes rather short and concise requirements describing the central elements of BCM, a more extensive guidance standard (ISO 22313) is being developed to provide greater detail on each requirement in ISO 22301.

ISO 22301 may also be used within an organisation to measure itself against good practice, and by auditors wishing to report to management. The influence of the standard will, therefore, be much greater than those who simply choose to be certified against the standard.


What is ISO 22301?

As an international standard for Business Continuity Management System, the ISO 22301 is designed to protect, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. With a Business Continuity Management System, your organisation is prepared to detect and prevent threats. ISO 22301 enables you to respond effectively and promptly based on the procedures that apply before, during and after the event. Implementing a Business Continuity plan within your organisation means that you are prepared for the unexpected. Business Continuity Plan assures you that your organisation will continue to operate without any major impacts and losses.


Why is Business Continuity important for you?

Being certified against ISO 22301 gives you the power of providing a premium level of services to your shareholders no matter the circumstances. ISO 22301 acknowledges you the ability to secure data backups, minimise major losses and maximise the recovery time of critical functions. With ISO 22301, you will enhance your knowledge and skills and you will be able to advise your organisation on best practices in the management of business continuity. Given that, you will improve your ability to analyse and make decisions in the context of business continuity management.


Benefits of ISO 22301 Business Continuity Management

  • An ISO 22301 certification brings many benefits, such as:
  • Expand your knowledge on how a Business Continuity Management System will help you to meet business objectives
  • Gain the necessary knowledge to manage a team in the implementation of ISO 22301
  • Strengthen your reputation management
  • Increase your customer reliability
  • Identify risks and minimise the impact of incidents
  • Improve the recovery time
  • Achieve international recognition


ISO Internationally Certified: ISO 22301: Business Continuity Management System Trainings:

Crest Advisory Africa is accredited by the PECB to conduct internationally accredited training with our Public Courses through our CAA Training Academy (CAATA), we also offer correspondence training and if needed, to do it on site, with our In-house Training offerings.

The training for each of the standards consists of the following modules for different audiences:


(1 day)

  • ISO 22301 Introduction training course enables you to comprehend the basic concepts of a Business Continuity Management System (BCMS).
  • By attending the ISO 22301 Introduction course, you will understand the importance of a Business Continuity Management System and the benefits that businesses, society, and governments can obtain.


(2 days)

  • ISO 22301 Foundation training enables you to learn the basic elements to implement and manage a BCMS as specified in ISO 22301. During this training course, you will be able to understand the different modules of a BCMS, including BCMS policy, procedures, performance measurements, management commitment, internal audit, management review and continual improvement.
  • After completing this course, you can sit for the exam and apply for the “PECB Certified ISO 22301 Foundation” credential. A PECB Foundation Certificate shows that you have understood the fundamental methodologies, requirements, framework and management approach.

Lead Implementer (5 days)

  • ISO 22301 Lead Implementer training course enables you to develop the necessary expertise to support an organisation in establishing, implementing, managing and maintaining a Business Continuity Management System (BCMS) based on ISO 22301. During this training course, you will also gain a thorough understanding of the best practices of Business Continuity Management Systems and be able to provide a framework that allows the organisation to continue operating efficiently during disruptive events.

Lead Auditor

(5 days)

  • ISO 22301 Lead Auditor training enables you to develop the necessary expertise to perform a Business Continuity Management System (BCMS) audit by applying widely recognised audit principles, procedures, and techniques. During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process.
  • Based on practical exercises, you will be able to master audit techniques and become competent to manage an audit program, audit team, communication with customers, and conflict resolution.


Based on practical exercises, you will be able to master audit techniques and become competent to manage an audit program, audit team, communication with customers, and conflict resolution.

Organisational Gap analysis against ISO 22301

Organisations will then need to perform a gap analysis to assess the nature of changes that are required in their business. Should you not feel confident in conducting a gap analysis, you may call on a CAA qualified Lead Implementer and Auditor to assist. CAA offers guidance that will lead your team to certain compliance.

Once ready, you can contact CAA to conduct a pre-certification, or readiness audit, implement corrective action and you’re good-to-go.


Contact us

Contact us today if you would like to try out CAAS for 60 days for FREE.

Mobile: +27 (0) 76 403 4307