ISO 22301:2019 - Business Continuity Management System

What is ISO 22301:2019?

ISO 22301 is defined as the internationally recognized standard that specifies requirements for a Business Continuity Management Systems (BCMS) to implement, maintain and improve a management system to protect and recover from disruptions when they arise.

The current version of ISO 22301:2019 was released in October 2019.

The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size, and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity. This standard can be used to assess an organization's ability to meet its own business continuity needs and obligations.

Benefits of ISO 22301:2019 Certification

ISO 22301 helps organizations to ensure their customers consistently recover from disruptions when they arise, which in turn brings many benefits where some benefits are mentioned below:
  • Improved Business Continuity
  • Increased Customer Satisfaction
  • Reduced Operating Costs
  • Efficient Management Approach
  • Increased Focus on Risks
  • Greater Compliance
  • Gain Competitive Advantage
  • Improved stakeholder relationships
  • International Recognition

Journey to ISO 22301:2019 Certification

ISO 22301 Certification is a 3rd party audit performed by MQA, during the audit we will verify that your organization is following the requirements of ISO 22301, if received positive results then we will issue an ISO 22301 certificate. This certification is then maintained through annual surveillance audits by MQA, with re-certification of the ISO 22301 Certification after three years. See below cycle to know how you can get started on the road to certification:

MQA Certification Cycle

Year 1
Step 1.1 (Initial Application)
  • Client request a quotation.
  • MQA will assess Client’s requirements.
  • MQA will share proposal with client.
  • Client signed the 3-year Certification Contract with MQA.
Step 1.2 (Certification Audit)
  • MQA will conduct:
    1. Gap Assessment (Readiness Review)
    2. Stage-1 Audit (Documentation Review)
    3. Stage-2 Audit (Implementation Review)
  • MQA Auditor will share the audit reports to MQA’s Certification Decision Committee.
Step 1.3 (Certificate Management)
  • If certification decision is positive, then certificate is issued by MQA.
  • If certification decision is negative, then verification audit is planned by MQA.
  • Client will receive the MQA Portal access to:
    1. View the Audit Reports.
    2. Download the ISO Certificate.
    3. Review & Respond to Audit Findings, etc.
Year 2 & 3
Step 2.1 (Renewal Request)
  • MQA request for renewal.
  • Client agreed for Surveillance Audit.
Step 2.2 (Surveillance Audit)
  • MQA will conduct Surveillance Audit
  • MQA Auditor will share the audit reports to MQA’s Certificate Decision Committee.
Step 2.3 (Certificate Management)
  • If no critical non-conformity found, then certificate is renewed by MQA.
  • If any critical nonconformity found, then verification audit is planned by MQA.
  • Client have the MQA Portal access to:
    1. View the Audit Reports.
    2. Download the ISO Certificate.
    3. Review & Respond to Audit Findings, etc.

Why Was ISO 22301:2019 Revised?

All ISO standards are reviewed every five years to serve the business community and maintain its relevance in today’s marketplace. ISO 22301:2019 is designed to respond to the latest trends and be compatible with other management systems such as ISO 27001, etc.

ISO 22301:2019 is the latest standard which sets out the criteria for a Business Continuity Management System and is the only standard in the family that can be certified to.

What Are the Main Changes to the Standard?

The key changes relate to:
  • The new version follows a new, higher level structure to make it easier to use in conjunction with other management system standards as follows Annex SL.
  • Less prescriptive documentation and procedures
  • More emphasis on Risk Based Approach.
  • Terminology Changes, etc.

What Are the Impacts if You Are Certified to ISO 22301:2012?

If you’re ISO 22301:2012 certified, then you’ve to upgrade your company to ISO 22301:2019 version before 30th April 2023 otherwise your ISO 22301:2012 certificate will be expired automatically, and it will impact your market reputation.

MQA help you to certify your organization to ISO 22301:2019.

Get a Free Quote