Business Continuity Management

ISO 22301

ISO 22301:2019 is the International Standard for Business Continuity Management Systems.



We will only use your details for this request, they will not be used for any marketing. Read our privacy policy for more information.

We won't pass your details on to third parties.

What is ISO 22301?


In the event of an emergency, many businesses and organizations must have the ability to mitigate damage and continue operating. ISO 22301 is the international standard for Business Continuity Management (BCM). Published by the International Organization for Standardization, ISO 22301 is designed to help organizations prevent, prepare for, respond to and recover from unexpected and disruptive incidents. To do so, the standard provides a practical framework for setting up and managing an effective business continuity management system. ISO 22301 aims to safeguard an organization from a wide range of potential threats and disruptions.

This standard may be right for your organization if you need to demonstrate to stakeholders that your organization can rapidly overcome operational disruption to provide continued and effective service.

Around the world, many countries have legislation in place to define the emergency planning responsibilities of organizations. Those responsibilities often include the implementation of Business Continuity Management. As a result, ISO 22301 certification should be considered essential to any organization legally required to engage in contingency planning, including utilities, transport, health and essential public services. Whether you need to implement the standard to remain in compliance with industry regulations or not, pursuing ISO 22301 certification can help your organization develop resiliency and improve risk management.

“The rigour of a certified management system has sped up the process and ensured that we have been able to deliver what our clients need: an uninterrupted service.” E.L.F.S

NOTE: ISO 22301 is in a transition period from October 2019 for 3 years. For client guidance and tools to support you during this transition please click here.

What is ISO 22301 and How To Get ISO 22301 Certifcation

Helps you with

  • Operational resilience
  • Emergency preparedness
  • Corporate governance
  • Crisis management
  • Disaster recovery
  • Supply chain security
  • Protection of reputation in a crisis
  • Preparation for technology failures
  • Plan for sudden loss of critical resources
  • Preparation for other emergency situations

Benefits of ISO 22301 Certification

Customer satisfaction

Deliver products that consistently meet customer requirements and a service that is dependable and can be relied on.

Business resillience

Avoid downtime and financial losses with effective management of risk, emergency preparedness and contingency planning.

Legal compliance

Understand how statutory and regulatory requirements impact your organization and its customers.

Improved risk management

Greater consistency and traceability of products and services means problems are easier to avoid and rectify.

Proven business credentials

Independent verification against a globally recognized industry standard speaks volumes.

Ability to win more business

Procurement specifications often require certification as a condition to supply, so certification opens doors.

Global recognition as a reputable supplier

Certification is recognized internationally and accepted throughout industry supply chains, setting industry benchmarks for sourcing suppliers.

Is ISO 22301 Right For Me?

The requirements for Business Continuity Management systems outlined in ISO 22301 can apply to organizations and businesses of all kinds, regardless of size and service provided. Some organizations may need ISO 22301 certification to remain in compliance with industry regulations, while other businesses may seek certification hoping to earn more business or improve their reputations. While ISO certification remains voluntary, many businesses consider it essential to their short-term survival and long-term strategy.

Getting ISO 22301 certified requires an investment of time and resources — you must familiarize yourself with the ISO 22301 standard, implement your Business Continuity Management system and undergo auditing by an accredited certification body like NQA. The benefits of ISO 22301 certification, however, make the investment worthwhile in most cases.

ISO 22301 may be right for you if:

  • Your organization provides an essential service: In an emergency situation, will your company's failure to operate put people's lives at risk? If so, you may need ISO 22301 certification to protect your organization and your community. Organizations that provide essential services include hospitals, ambulance services, fire departments, police forces, transportation providers, utility services and telephone service providers.
  • You want to prepare for emergency situations: If you're concerned about your company's ability to recover after an emergency, you may benefit from ISO 22301 certification. This standard prepares organizations to minimize damage related to a wide range of emergencies and disruptive events, including terror attacks, natural disasters, technology failures and other incidents that originate inside and outside the organization.
  • You need ISO 22301 certification to serve as a supplier: In some industries, companies require their suppliers to have ISO 22301 certification, especially if they have to maintain business continuity. Getting certified can help you earn more business and improve customer satisfaction.

Changing Industry Landscape And Expectations

All organizations might be subject to disruptions; this may include technology failure, flooding, utility disruption, fire or terrorist attack. The standard is available to any organization (or its parts) regardless of their size, scope or complexity, that wishes to manage their overall business risks and develop the capability to plan for, and respond to, incidents and business disruptions.

The consequences of unexpected business disruptions may be far-reaching and might involve loss of life, loss of assets or income, or the inability to deliver products and services on which the organization's survival might depend.

By proactive identification of the impact of disruption, BCM identifies those products and services that are crucial for the organization's existence, and helps to establish what responses will be needed if a disruption occurs. ISO 22301 further provides the capability to adequately react in case of disruption.

Why Become ISO 22301 Certified?

Emergencies and disruptive incidents are often out of an organization's control. In these situations, the one thing you can control is how you respond.

By giving your organization the opportunity to plan, implement and improve a Business Continuity Management system, ISO 22301 certification will hand you the tools you'll need to respond appropriately. In this way, certification will help boost your organization's chances of survival and recovery after a disaster.

NQA And ISO 22301 Certification

With a wealth of experience providing accredited management systems certifications, NQA is ideally placed to partner with you to meet customer requirements and exceed industry expectations.

  • NQA, USA issued the first-ever PS-Prep certification in 2012.     
  • NQA,USA is the only Certification Body to offer the full suite of ISO and PS-Prep BCMS certifications including: ASIS SPC.1, ISO 22301 and NFPA 1600

Technical committees and industry relationships. NQA is highly involved in a wide variety of industry committees and standards writing teams, helping us to maintain a keen awareness of changes within this industry.  

NQA, USA is an active participant and recognized leader in the DHS PS-Prep and IAF BCMS working groups (convened by ANAB).

Knowledge transfer supporting our customer’s organizational strategy. NQA is committed to ensuring customer awareness regarding changes in industry strategy, regulations, and standard requirements that may impact your management system approach.

At NQA, we work hard to provide value for every investment. We offer competitive and transparent rates as well as access to world-class technical support.

To request a quote and get started on your journey to ISO 22301 certification, fill out our contact form today.

Steps to Certification

  1. Step 1

    Complete a Quote Request Form so that we can understand your company and requirements. You can do this by completing either the online quick quote or the online formal quote request form. We will use this information to accurately define your scope of assessment and provide you with a proposal for certification.

  2. Step 2

    Once you’ve agreed your proposal, we will contact you to book your assessment with an NQA Assessor. This assessment consists of two mandatory visits that form the Initial Certification Audit. Please note that you must be able to demonstrate that your management system has been fully operational for a minimum of three months and has been subject to a management review and full cycle of internal audits.

  3. Step 3

    Following a successful two stage audit, a certification decision is made and if positive, then certification to the required standard is issued by NQA. You will receive both a hard and soft copy of the certificate. Certification is valid for three years and is maintained through a programme of annual surveillance audits and a three yearly recertification audit.

See more details

Certification Toolkit

Download Certification Logos

Certification Journey

Guide to Transferring Certification

Start Your Journey

Ready to start your journey?

We'll give you a clear indication of the costs of gaining and maintaining certification.
Not ready yet? Call us at (800) 649-5289 or request a call back to discuss your certification requirements.