Track updates

AS ISO 22301:2020


Security and resilience — Business continuity management systems — Requirements

Identically adopts ISO 22301:2019, which specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise.
Published: 25/09/2020
Inclusive of GST
Available formats
Available formats
Web Reader
Instantly view standards in your browser. Search, bookmark, highlight, and comment for anytime access - online and offline.
Web Reader (PDF)
View standards in PDF format in your browser. Search, bookmark, highlight, and comment for anytime access - online and offline.
Web Reader
1 user
Add to cart
visa logo
mastercard logo
amex logo
Table of contents
Cited references
Content history
Table of contents
About this publication
1 Scope
2 Normative references
3 Terms and definitions
4 Context of the organization
4.1 Understanding the organization and its context
4.2 Understanding the needs and expectations of interested parties
4.2.1 General
4.2.2 Legal and regulatory requirements
4.3 Determining the scope of the business continuity management system
4.3.1 General
4.3.2 Scope of the business continuity management system
4.4 Business continuity management system
5 Leadership
5.1 Leadership and commitment
5.2 Policy
5.2.1 Establishing the business continuity policy
5.2.2 Communicating the business continuity policy
5.3 Roles, responsibilities and authorities
6 Planning
6.1 Actions to address risks and opportunities
6.1.1 Determining risks and opportunities
6.1.2 Addressing risks and opportunities
6.2 Business continuity objectives and planning to achieve them
6.2.1 Establishing business continuity objectives
6.2.2 Determining business continuity objectives
6.3 Planning changes to the business continuity management system
7 Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information
7.5.1 General
7.5.2 Creating and updating
7.5.3 Control of documented information
8 Operation
8.1 Operational planning and control
8.2 Business impact analysis and risk assessment
8.2.1 General
8.2.2 Business impact analysis
8.2.3 Risk assessment
8.3 Business continuity strategies and solutions
8.3.1 General
8.3.2 Identification of strategies and solutions
8.3.3 Selection of strategies and solutions
8.3.4 Resource requirements
8.3.5 Implementation of solutions
8.4 Business continuity plans and procedures
8.4.1 General
8.4.2 Response structure
8.4.3 Warning and communication
8.4.4 Business continuity plans
8.4.5 Recovery
8.5 Exercise programme
8.6 Evaluation of business continuity documentation and capabilities
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.2.1 General
9.2.2 Audit programme(s)
9.3 Management review
9.3.1 General
9.3.2 Management review input
9.3.3 Management review outputs
10 Improvement
10.1 Nonconformity and corrective action
10.2 Continual improvement
Cited references in this standard
Security and resilience — Vocabulary
Content history
DR AS ISO 22301:2020