ISO 2230163
The ISO 22301 business continuity management system standard, covering policy, risk assessment, business impact analysis, and continuity and recovery procedures.
Requirements in this framework
- Actions to address risks and opportunities
- Awareness
- BIA and risk assessment — General
- Business continuity governance
- Business continuity management system
- Business continuity objectives and planning
- Business continuity objectives and service priorities
- Business continuity plans
- Business continuity plans and procedures
- Business continuity strategies and solutions
- Business impact analysis
- Business impact analysis and risk assessment
- Business impact analysis and risk assessment
- Communication
- Competence
- Continual improvement
- Continual improvement
- Continuity strategy and plans
- Control of documented information
- Creating and updating
- Crisis communications management
- Determining the scope — General
- Determining the scope of the BCMS
- Documented information
- Documented information — General
- Establishing the business continuity policy
- Evaluation of BC documentation and capabilities
- Exercise and validation
- Exercise program governance
- Exercise programme
- Identification of strategies and solutions
- Implementation of solutions
- Internal audit
- Internal audit — General
- Internal audit programme
- Leadership and commitment
- Legal and regulatory requirements
- Management review
- Management review — General
- Management review inputs
- Management review outputs
- Monitoring — General
- Monitoring, measurement, analysis and evaluation
- Nonconformity and corrective action
- Operational planning and control
- Organizational roles, responsibilities and authorities
- Planning of changes
- Plans and procedures — General
- Policy
- Post-disruption review and corrective action
- Recovery
- Resource and dependency readiness
- Resource requirements
- Resources
- Response structure
- Risk assessment
- Scope of the BCMS
- Selection of strategies and solutions
- Strategies and solutions — General
- Understanding needs — General
- Understanding the needs and expectations of interested parties
- Understanding the organization and its context
- Warning and communication