Business Continuity Management System

ISO 22301

Business Continuity Management System (BCMS)

ISO 22301 is an internationally recognised standard that helps organisations to ensure that operations continue, products and services are delivered, brands and value-creating activities are protected, and that the reputations and interests of key stakeholders are safeguarded should business disruptions occur.


A Business Continuity Management System (BCMS) is a set of policies, processes and procedures that are required to plan for and react to an event that threatens your businesses ability to operate normally and achieve its intended outcomes.

ISO 22301 is a well-proven example of a BCMS that can help you to:
  • Continually improve planning for and reactions to risks that can disrupt your business;
  • Achieve more business and compete more effectively in tenders;
  • Give your customers confidence that you can consistently deliver a service to them;
  • Address risks and opportunities to help build a sustainable business;
  • Demonstrate you have strong corporate governance and;
  • Work effectively with stakeholders and your supply chain.

The standard is based on seven quality management principles that senior management in your business need to focus on and address. They are:

  • Customer focus
  • Leadership
  • Engagement of people
  • Adopting a process approach
  • Improvement
  • Evidence based decision making
  • Relationship management

All recently updated versions of ISO standards have a common structure of 10 sections enabling any business, working to an ISO standard anywhere in the world, to show evidence of:

1-3 – The Scope of your BCMS including normative references, terms & definitions

– Understanding the context of your organisation including recognising the needs and expectations of interested parties

– Leadership and worker participation

– Planning of business activities including addressing risks and opportunities and setting objectives that are S.M.A.R.T. (specific, measureable, achievable, realistic and time-based) that have relevance at all levels of the business meaning each employee understands how their job supports meeting the Business Continuity Planning Objectives

– Providing support to enable those activities

– Operating your business to achieve the BCMS

– Evaluating performance through feedback, internal auditing and management review

10 Improvement!

Businesses should adopt a “Plan, Do, Check, Act” process approach that can be explained as:

Plan – Your management manual, procedures, work instructions etc.

Do – The actual work you do

Check – How do you monitor, measure, obtain feedback and assess objectives?

Act – Management review activities assess performance and act to improve

This “PDCA” cycle leads to continual improvement and can be summarised as follows:

Why have it?

Working and being certified to the ISO 22301 BCMS standard will help you to:

  • Identify and manage current and future threats to your business;
  • Take a proactive approach to minimising the impacts of incidents;
  • Keep critical functions up and running during any/all unexpected crises
  • Keep business downtime to an absolute minimum during incidents and aid in recovery time and;
  • Demonstrate to customers, suppliers and tendering bodies that your business is well-governed and has planned for resilience during any incidents or crises that you might encounter.

Following the massive impacts of COVID-19 in 2020 and 2021, holding ISO 22301 is also more and more likely to become a minimum requirement for a service provider to Central and Local Government, FM organisations and large business.

How do you do it?

You may be starting from scratch or you may have an existing (possibly already integrated) Management System.  Your first consideration should be a “Gap-Analysis” where you acquire a copy of the standard, study every section and detail and identify areas where there is work to be done to comply with the standards requirements.  You then create an action plan involving a logical sequence of activities including setting timescales for completion, responsibilities within your organisation and identifying resources needed – summarised as “What, When, Who and How”.

You would normally then run with the BCMS for a period and carry out a full internal audit to check everything is in place and the system is working effectively within your business.

Once you feel you are ready for assessment you can call QSS in to conduct your initial assessment audit.  We will spend, depending on the complexity of your business, at least the best part of one day auditing the BCMS against the standard and your documented procedures.  This may or may not reveal nonconformities that will have to be addressed and corrected (as applicable) before you are deemed as compliant.  Once you are deemed as being compliant QSS will issue a certificate providing third-party independent confirmation that you meet the requirements of ISO 22301.  After initial certification, QSS would re-audit you annually to confirm you continue to meet the requirements of the standard.

For a more detailed summary of the contents and requirements of ISO 22301, you may find this website helpful:


As mentioned above you need to first purchase a copy of the standard and then budget costs for implementing and running the BCMS prior to initial assessment.  You may wish to do this yourselves or you may engage an appropriately qualified and experienced independent consultant who can quote to assist you through the preparation process.

QSS can then, on request, complete your initial assessment and set up an annual surveillance cycle.

Please contact us for costs.

Call +44 (0)1923 699840,
email, or
Contact us for more information Apply online today

© Quality Service Standards Ltd. Registered in England & Wales, Company No. 03804633. Registered Address: Tangent House, 62 Exchange Road, Watford, Herts WD18 0TG.