STANDARDS FOR CONTINUOUS IMPROVEMENT

22301 Security and Resilience – What are Business Continuity Management Systems (BCMS)?

Ensuring business continuity and uninterrupted business continuity has become important for organizations today. The business continuity management system (BCMS) specifies the structure and requirements for its implementation and maintenance; this system develops business continuity plans appropriate to the amount and type of impact that the organization can or cannot accept after a disruption. This standard has been developed by ISO to ensure that organizations prevent business interruptions and dissatisfaction of interested parties due to business interruptions by ensuring business continuity.

The most current version of the standard published by ISO was published in 2019 as ISO 22301:2019.

ISO 22301 Business Continuity Management System Basic Principles

The ISO 22301 standard includes specific elements for establishing and maintaining a business continuity management system

Business Continuity Management System Elements

Analysis of internal and external factors, leadership and risk assessment are the basic building blocks of the management system.

Implementation and Operation

It includes proactive issues to minimize the impact of incidents, improving the ability to remain effective during disruptions, and ensuring the continuity of critical functions during crises.

Politics

Defines the organization’s commitments and objectives related to business continuity and interruption prevention.

Control and Corrective Actions

It covers the processes of continuous monitoring of the organization’s business continuity activities, evaluating performance and planning corrective actions.

Risk Assessment and Planning

It covers the processes of identifying the organization’s business continuity risks, evaluating the effective and efficient proactive control of risks, managing and planning changes.

Management Review and Continuous Improvement

It includes regular review of business continuity policies and continuous improvement activities.

Your Business Continuity
Secure it

Make your organization prepared for possible interruptions and emergencies with ISO 22301 Business Continuity Management System. Secure your processes with our expert auditor team, maintain your operations without interruption and strengthen your stakeholder confidence.

Call Us Now Send Email
USB Certification

ISO 22301 Business Continuity Management System Certification Process

Organizations wishing to obtain ISO 22301 Security and Resilience – Business Continuity Management Systems (BCMS) Certificate, after establishing the business continuity management system, certification is carried out as follows.

01

Certification Audit:

Completion of the certification audit in two phases;
Stage 1 Audit: General examination of the documentation prepared by the company within the scope of ISO 22301 Security and Resilience – Business Continuity Management Systems (BCMS).
Stage 2 Audit: On-site inspection of the documentation applications prepared by the company within the scope of ISO 22301 Security and Resilience – Business Continuity Management Systems (BCMS) and identification of appropriate and potentially inappropriate issues.

02

Corrective Actions, Follow-up Audit and Certification:

If nonconformity is detected in the Stage 2 Audit, ISO 22301 Security and Resilience – Business Continuity Management Systems (BCMS) Certificate of Conformity is issued after the nonconformity is closed by the organization applying for certification or by the certification body through a follow-up audit, depending on the type and size of the nonconformity.

03

Surveillance Audits:

Surveillance audits are audits conducted in the second and third years after the certification audit. In surveillance audits, it is determined that the organization’s processes continue correctly after certification.

In the event that nonconformity is detected in the surveillance audit, it is decided to continue the ISO 22301 Security and Resilience – Business Continuity Management Systems (BCMS) Certificate of Conformity after the nonconformity is closed by the organization audited or by the certification body conducting the audit with a follow-up audit, depending on the type and size of the nonconformity.

Periodic surveillance audits are mandatory for the continued validity of the IISO 22301 Security and Resilience – Business Continuity Management Systems (BCMS) Standard Certificate and to determine that the organization’s management system continues to comply with the standard. These periodic surveillance audits are 1st Surveillance and 2nd Surveillance audits. The first of these surveillance audits must be completed within 12 months after the Stage 2 audit and the second within 24 months after the Stage 2 audit.

04

Recertification Audit:

It is a type of audit conducted in the fourth year after the Stage 2 audit and conducted to organizations that implement the ISO 22301 Security and Resilience – Business Continuity Management Systems (BCMS) Standard and have undergone the first certification audit. As in Stage 2, 1st Surveillance and 2nd Surveillance audits, documentation and application control of the organization is carried out by on-site audit.

ADVANTAGES

Why ISO 22301 Business Continuity Management System Standard?

The fact that an organization has the ISO 22301 Business Continuity Management System Standard certificate shows that its operations are prepared for interruptions, that it manages its processes sustainably and that it can continue its activities safely in crisis situations. This standard enables organizations to secure business continuity and reassure their stakeholders by identifying potential risks in advance.

  • Strengthening institutional resilience and crisis management capability
  • Systematic management of business continuity risks
  • Being prepared for possible interruptions and emergencies
  • Protection of critical processes and operations
  • Protecting and strengthening corporate reputation
  • Increasing stakeholder and customer trust
  • Compliance with legal and regulatory requirements
  • Reducing financial losses due to operational disruptions
  • Increasing credibility in international markets
  • Gaining competitive advantage
  • Supporting corporate sustainability

Frequently Asked Questions

In order to obtain the ISO 22301 Security and Resilience – Business Continuity Management Systems (BCMS) Standard Certificate, you must first obtain the standard and then systematize your organization to comply with the ISO 22301 standard.

The documents required in the ISO 22301 certification process may vary according to the size, field of activity, sector and existing system of your company. As legal documents; tax plate, trade registry newspaper, signature circular, certificate of activity, current SSI employee list are requested from the applicant organization.

ISO 22301 certification requirements include meeting all the requirements of the standard and establishing an effective Business Continuity Management Systems (BCMS).

Although obtaining ISO 22301 certification is not a legal obligation, it provides a competitive advantage for organizations to stand out especially in business continuity and sustainability, increase stakeholder satisfaction and get ahead of competitors.

ISO 22301 certificate is issued by certification bodies that provide management system certification services.

ISO 22301 certificate is issued for a maximum of three years. However, within this three-year period, a surveillance audit must be carried out at least once a year in order for the organization to maintain its compliance with the ISO 22301 Security and Resilience – Business Continuity Management Systems (BCMS) Standard. The certificates of organizations that do not receive surveillance audit services are canceled.

Depending on the working method and internal procedures of the certification body, ISO 22301 Security and Flexibility – Business Continuity Management Systems (BCMS) Certificate may be issued for one year. In such a case, the organization receiving certification services is sent a Certificate again at the end of the annual surveillance audits.

The cost of ISO 22301 certification varies according to the size, field of activity and existing system of your organization.

You can contact our experts for detailed information and support on fees.