There are several steps which every organization should follow for successful implementation of ISO 22301:2012

Taking approval from top management

At the organization level, we can't do anything without approval from top management. For successful implementation of ISO 22301, financial and technical approval needed from the top management. Top management doesn't approve anything without seeing any benefit from it. As an ISO 22301 implementer in the organization, your task starts from here to present the benefits of ISO 22301.

Engage the whole business with good internal communication

ISO 22301 is not only law or regulations, it is also the requirements in the agreements with your clients (e.g., SLAs). You have to list all of these requirements and define how to communicate with each of the stakeholders/interested parties.

Compare existing business continuity management system with ISO 22301 requirements (If any existing business continuity plan available in the organization).

Establishment of business continuity policy and objectives

Top management needs to create a policy which contained the rules and regulation of the business continuity. Top management needs to set up the objective which defines what is expected from the BCMS.

Identify the team - Assign roles and responsibilities to each team member

Define the dedicated team in the organization for implementation and maintenance of ISO 22301. Define roles and responsibilities of each team member for the project.

Create a support documents

To comply with any standard or to run system smoothly, a required document is mandatory. As per the ISO 22301, create support documents.

Adopt the basic principle of ISO 22301 in your business like,

Business Impact analysis and risk assessment - Identify the business risk by disruptive incidents. You have to identify the recovery object time. It means how you can recover your business from the disruptive incidents.

Business continuity strategy - Make a strategy that how to achieve all the requirement of the ISO 22301 with the minimum level of investment.

Business continuity Plan - Defined the plan like the incident plan and recovery plan of the for the business continuity.

Motivate staff involvement with training and incentives

You need to make aware your all employees, clients, vendors, other stakeholders by giving them training and motivate them to follow the guidelines of ISO 22301 by giving some incentive like certification.

Document Maintenance

You have to maintain all the document up to date regardless of employee change or any other situation. Testing

Only training is not sufficient for successful operation of any project. Test the ISO 22301 policy in the live environment. Do testing by creating a mock drill. Involve all the stakeholder including top management, client, vendor, etc.

Post Incidents Reviews

If any incidents happened, do the post-incident review and check at what level and how fast you have recovered your business. You also find following things like - how people react, how ready they are, what improvements are needed in the plans, etc

Performance Evaluation

Evaluate the performance of the ISO 22301. Evaluate the outcomes of the ISO 22301 and check that objectives are achieved or not.

Internal Audit

Internal audit is a part of the performance evaluation. In the internal audit, the internal employee from the different department evaluated the requirement and check whether all the control implemented as per the ISO 22301 or not.

Corrective action

As per the findings of the internal audit, take necessary corrective action for non-conformances and area of improvement.

Management Review of the ISO 22301

Successful implementation is not sufficient. You have to regularly monitor the all the process, procedures and documents of ISO 22301 to ensure that it is aligned with the business objective.

Go for Certification

If your organization needed certificate to comply with the requirement of the client, go for third-party audit (certification audit). If any organization can't be able to allow a dedicated team for the implementation of ISO 22301, they can hire a third party organization for implementation of ISO 22301.





Related links

ISO 22301: 2012 works on PDCA Principle. It's applied to all the process and BCMS as a whole for continuous improvement

Read More


Praesent nec nisl a purus blandit viverra. Praesent ac massa at ligula laoreet iaculis. Nulla neque dolor, sagittis eget, iaculis quis, molestie non, velit. Mauris turpis nunc, blandit et, volutpat molestie, porta ut, ligula.