ISO 22301 Business Continuity Management

Word cloud conept image centred on the phrase Incident Management, with various other related words included

What Is ISO 22301?

ISO 22301 is the international standard for business continuity management, supported by the accompanying Code of Practice, ISO 22399, and based on the former British standard BS 25999.

A business continuity management system enables an organisation to minimise and overcome risk. It does this by examining, identifying and providing a response to potential threats and disruptions, including their likely impact on the organisation’s capacity to continue operating and delivering its products or services in the event of a crisis. 

Business continuity management governs an organisation’s actions from the time that an incident occurs or a risk is identified through to the mitigation or elimination of the danger.

As part of the process, a documented business continuity plan is developed, providing the organisation with a tested response to a crisis, enabling it to continue with or resume its activities in the face of disruption. The organisation is able to protect itself financially, safeguarding its brand and reputation, and maintaining the confidence of its customers.

A business continuity management system implemented to the requirements of ISO 22301 can be audited to demonstrate that it complies with the standard. 

Why Is A Business Continuity Plan Essential?

All organisations need to have the resilience necessary to cope with disruptions caused by disasters or other unexpected events which could threaten their ability to operate and survive in the short or longer term. By having a tested business continuity plan in readiness, an organisation will be prepared for unforeseen events, enabling it to overcome them, and make a speedy and efficient recovery. The organisation will be up and running to full effectiveness again, in the swiftest possible time frame.

A business continuity plan is essential for many businesses that rely on a global supply chain that can be unpredictable and more difficult to control, which might be affected by international events.

Some organisations require their suppliers to have formal business continuity management arrangements in place. 

The Civil Contingencies Act 2004, and accompanying legal requirements, deliver a framework for civil protection in the United Kingdom. The Act provides for local arrangements for civil protection and emergency powers, setting out a range of roles and responsibilities for those involved in local emergencies.

Those responsible for responding to emergency situations are divided into two categories. Those in the first category are organisations that take a leading role when a crisis arises, such as the emergency services, local authorities and NHS bodies. These service providers are required to have business continuity plans and arrangements in place.

The organisations in the first category also depend on others, under a second category, to act in cooperation with them, including transport and utility companies and key suppliers. In an emergency, those in the second category will be heavily involved in any incidents that affect their sector and will therefore be required to have their own business continuity management plans and arrangements set up, in order to support the main service providers.

Even if an organisation is not legally required to have business continuity plans in place, it is still essential to do so, to deal effectively with threats to its operation and survival.

In assessing its business continuity management system against the requirements of ISO 22301, an organisation is able to demonstrate that it has established a robust business continuity plan.

How Touchstone Renard Supports Organisations With ISO 22301

Under ISO 22301, supported by the accompanying Code of Practice, ISO 22399, an organisation examines its objectives and its people as a whole. A risk assessment is undertaken to identify the range of potential threats that could occur. A business impact analysis assesses the impact of possible disruptive events on the ability of the business to perform.

As part of this process, an organisation can identify the period of time that can elapse before the situation becomes untenable. Strategies can then be determined that will enable an organisation to continue with its usual activities, possibly using alternative operating methods.

Business continuity plans can then be documented, setting out the ways in which an organisation can not only survive a major incident but continue to perform and deliver its goods or services to the satisfaction of its customers. The documentation will include topics such as policy and objectives; controls and measures; performance standards; and continuing improvement.

The plan can be tested for practical purposes by carrying out a business continuity exercise.

Even with a plan in place, it is essential for an organisation to remain ready to respond to a crisis by carrying out regular audits and reviews of its plan and by keeping its people informed and trained.

Touchstone Renard’s approach to business continuity management provides a practical framework that enables an organisation’s people to work in an effective and economic way to produce a successful business continuity plan.

If Touchstone Renard is selected to lead and guide an organisation and its people to achieve certification under ISO 22301, we do not allow the process itself to disrupt the day to day activities of our clients! We are also able to help organisations with existing business continuity managements systems and support full transition to ISO 22301.


STEP 1 – Understand Where Your Business Is Vulnerable

We will start by carrying out an audit and gap analysis in discussion with your selected managers and other representatives to provide an assessment of where you are, where you need to be and how to close the gaps.

STEP 2 – Define Your Business Continuity Strategy

We will take you through each step to ensure that policies and plans are tailored to your organisation’s needs, taking away from you as much of the work involved in doing this as we can. We will help you to safeguard the future of your business and position your organisation to bid more successfully for contracts.

STEP 3 – Develop Your Business Continuity Plan

We will work with you to produce a documented business continuity management system that can be independently audited and certified to ISO 22301.

STEP 4 – Bring About Cultural Change

We will train your people, your suppliers or partners in terms of awareness and the part that they must play in the process.

STEP 5 – Rehearse Your Business Continuity Plan

We will lead you through an exercise to test your plan and better prepare your organisation.

Achieving ISO 22301 Certification By A UKAS Accredited Body

The United Kingdom Accreditation Service (UKAS) is recognised by the UK government as the national accreditation body to assess organisations that provide certification to internationally recognised management standards, such as ISO 22301. Accreditation by UKAS is evidence of the competence, impartiality and performance capability of the bodies that are accredited and which carry out the certification process. UKAS is a non-profit-distributing private company.

Following the implementation of a new management system, Touchstone Renard always recommends that formal certification to the standard be carried out by an independent certification body, accredited by UKAS. This enables the final certification process to remain independent from the work carried out by Touchstone Renard in setting up the system. It is important in providing transparency, confidence and reassurance that the new procedures are sufficiently robust and that they comply with the requirements of the standard.

Touchstone Renard will support clients in designing and implementing a business continuity management system to the requirements of ISO 22301 before facilitating clients in selecting a UKAS accredited body (of the client’s choice) to carry out the final assessment and certification of the new system, independently of Touchstone Renard.

Following achievement of certification to ISO 22301 through an independent certification body, an organisation will be entitled to display the UKAS accredited body logo as evidence of its success.

Why Choose Touchstone Renard To Support ISO 22301?

Touchstone Renard has a developed a long track record, since the 1990s, in successfully helping organisations of all types and sizes, across the private and public sectors, to design and set up new or updated management systems, in compliance with a range of recognised standards. 

Our friendly and experienced team can help any organisation to implement and maintain a business continuity management system to the requirements of ISO 22301. We are able to provide the support needed while enabling our clients to continue with the smooth operation of their organisations, without distraction.

Our services include any or all of the steps required to help any organisation design, document, install and monitor the policies and procedures that it will need to achieve and maintain a management system under one or more standards. We can also offer awareness training and ‘dry run’ assessments, prior to formal assessment by an independent body.

Under our flexible service, if an organisation already has a management system in place or wishes to do part of the work itself to achieve certification, we can adapt the level of support required. An increased level of help can be offered to clients who would welcome more assistance. 

A business continuity management system can be integrated with other new or existing management systems, so that they share similar processes. This can save time, duplication of effort and confusion for people in dealing with different procedures, as well as reducing cost in implementing and maintaining several management systems. Touchstone Renard will be pleased to advise on the integration of management systems for any organisation and can offer support with most management standards, in addition to ISO 22301.

Once certification to ISO 22301 has been achieved, we can offer future support in maintaining and updating the system to meet the requirements of the standard, ensuring that re-certification continues to be obtained.

No assignment is too small or large for us and every client organisation that engages our services receives a free copy of the standard.

Please Contact Us

If you would welcome a discussion about achieving or maintaining certification to ISO 22301 or other management standards, please contact Phil Austin, Managing Director, without any obligation:

Email Us Phone Us

You may also like: