Standard

UPDATE AVAILABLE

Track updates

AS ISO 22301:2020

[Current]

Security and resilience - Business continuity management systems - Requirements

Identically adopts ISO 22301:2019, which specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise.

Published: 25/09/2020

Pages: 21

Table of contents

Cited references

Content history

Table of contents

Header

5 Leadership

5.1 Leadership and commitment

5.2 Policy

5.2.1 Establishing the business continuity policy

5.2.2 Communicating the business continuity policy

5.3 Roles, responsibilities and authorities

About this publication

6 Planning

6.1 Actions to address risks and opportunities

6.1.1 Determining risks and opportunities

6.1.2 Addressing risks and opportunities

6.2 Business continuity objectives and planning to achieve them

6.2.1 Establishing business continuity objectives

6.2.2 Determining business continuity objectives

6.3 Planning changes to the business continuity management system

Preface

7 Support

7.1 Resources

7.2 Competence

7.3 Awareness

7.4 Communication

7.5 Documented information

7.5.1 General

7.5.2 Creating and updating

7.5.3 Control of documented information

7.5.3.1

7.5.3.2

National Foreword

8 Operation

8.1 Operational planning and control

8.2 Business impact analysis and risk assessment

8.2.1 General

8.2.2 Business impact analysis

8.2.3 Risk assessment

8.3 Business continuity strategies and solutions

8.3.1 General

8.3.2 Identification of strategies and solutions

8.3.3 Selection of strategies and solutions

8.3.4 Resource requirements

8.3.5 Implementation of solutions

8.4 Business continuity plans and procedures

8.4.1 General

8.4.2 Response structure

8.4.2.1

8.4.2.2

8.4.2.3

8.4.2.4

8.4.3 Warning and communication

8.4.3.1

8.4.3.2

8.4.4 Business continuity plans

8.4.4.1

8.4.4.2

8.4.4.3

8.4.5 Recovery

8.5 Exercise programme

8.6 Evaluation of business continuity documentation and capabilities

Foreword

9 Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

9.2 Internal audit

9.2.1 General

9.2.2 Audit programme(s)

9.3 Management review

9.3.1 General

9.3.2 Management review input

9.3.3 Management review outputs

9.3.3.1

9.3.3.2

Introduction

10 Improvement

10.1 Nonconformity and corrective action

10.1.1

10.1.2

10.1.3

10.2 Continual improvement

1 Scope

Bibliography

2 Normative references

Amendment 1: Climate action changes

3 Terms and definitions

Amendment control sheet

AS ISO 22301:2020

Amendment No. 1 (2025)

Revised text amendment

4 Context of the organization

4.1 Understanding the organization and its context

4.2 Understanding the needs and expectations of interested parties

4.2.1 General

4.2.2 Legal and regulatory requirements

4.3 Determining the scope of the business continuity management system

4.3.1 General

4.3.2 Scope of the business continuity management system

4.4 Business continuity management system

Cited references in this standard

Content history

AS ISO 22301:2020 Amd 1:2025

[Current]

ISO 22301:2019

[Current]

AS ISO 22301:2017

[Superseded]

DR AS ISO 22301:2020