This International Standard for business continuity management systems provides guidance based on good international practice for planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving a documented management system that enables organizations to prepare for, respond to and recover from disruptive incidents when they arise.
It is not the intent of this International Standard to imply uniformity in the structure of a BCMS but for an organization to design a BCMS that is appropriate to its needs and that meets the requirements of its interested parties. These needs are shaped by legal, regulatory, organizational and industry requirements, the products and services, the processes employed, the environment in which it operates, the size and structure of the organization and the requirements of its interested parties.
This International Standard is generic and applicable to all sizes and types of organizations, including large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors that wish to:
a) establish, implement, maintain and improve a BCMS;
c) make a self-determination and self-declaration of compliance with this International Standard.
b) ensure conformance with the organization’s business continuity policy; or This International Standard cannot be used to assess an organization’s ability to meet its own business continuity needs, nor any customer, legal or regulatory needs. Organizations wishing to do so can use an accredited third party certification body.
ISO 22313:2012 Referenced Document
ISO 22300 Security and resilience — Vocabulary*, 2021-02-24 Update
ISO 22301 Security and resilience*, 2024-01-01 Update
ISO 22313:2012 history
2020ISO 22313:2020 Security and resilience — Business continuity management systems — Guidance on the use of ISO 22301
2012ISO 22313:2012 Societal security - Business continuity management systems - Guidance