🔄
← Back to Standards Certifiable

ISO 22301

Security and resilience - Business continuity management systems - Requirements

Organization: ISO Category: Business Continuity
5
Related Articles
2
Articles with Obligations
7
Key Sections
8
Coverage Areas

Overview

Specifies requirements for a business continuity management system (BCMS) to protect against, prepare for, respond to, and recover from disruptive incidents. Essential for maintaining critical operations during cybersecurity incidents.

Applicability

Business continuity and resilience planning for all organizations

Relevance to Network and Information Security Directive (NIS2)

Critical for NIS2 business continuity and disaster recovery requirements for essential/important entities

Key Coverage Areas

1
Business continuity planning
2
Business impact analysis
3
Risk assessment and treatment
4
Incident response procedures
5
Recovery time objectives (RTO)
6
Recovery point objectives (RPO)
7
Testing and exercising plans
8
Continuous improvement

Standard Sections & Chapters

4

Context of the organization

5

Leadership and commitment

6

Planning (risk assessment, BIA)

7

Support and resources

8

Operation (incident response, recovery)

9

Performance evaluation

10

Improvement

Related Network and Information Security Directive (NIS2) Articles

Article I: SECTORS OF HIGH CRITICALITY

View Article →
Sections: All

Enhanced business continuity for essential entities

Implementation Guidance:

Critical sectors require certified BCMS with stringent recovery objectives

Article II: OTHER CRITICAL SECTORS

View Article →
Sections: 6, 8

Business continuity planning

Implementation Guidance:

Establish continuity plans appropriate to sector criticality

Article 20: Governance

View Article →
Sections: 5

Leadership commitment to business continuity

Implementation Guidance:

Ensure management commitment to resilience and continuity

Article 21: Cybersecurity risk-management measures

View Article →
Sections: 6, 8

Business continuity as part of risk management

Implementation Guidance:

Include continuity planning in risk treatment

Mapped Obligations:

  • Ensure business continuity through backup management and disaster recovery plans

Article 22: Union level coordinated security risk assessments of critical supply chains

View Article →
Sections: 4, 5, 6, 7, 8

Complete business continuity management system

Implementation Guidance:

Establish BCMS with BIA, continuity strategies, and recovery procedures

Quick Information

Organization
ISO
Category
Business Continuity
Certification
✓ Available

Related Pages

← All Network and Information Security Directive (NIS2) Standards View All Articles Compliance Guide
Get Implementation Help

🤝 Still Feeling Overwhelmed?

EU cybersecurity laws can be complex. Our free tools and guides work great for most people, but if you're dealing with something particularly challenging or have tight deadlines, we're here to help.

Talk to an expert → or Browse all our free resources →