This International Standard for Business Continuity Management Systems provides guidelines based on internationally accepted practices for planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving a documented management system that enables organizations to prepare for business interruption incidents to react to them and to recover from them after they occur. This International Standard does not intend uniformity in the design of a BCMS, but requires an organization to design a BCMS that meets its needs and meets the requirements of its stakeholders. These needs are shaped by legal, regulatory, organizational and industry requirements, the products and services, the processes used, the operating environment, the size and structure of the organization and the requirements of stakeholders. This International Standard is generic and applies to all organization sizes and types, including large, medium and small companies, operating in the industrial, commercial, public and not-for-profit sectors and wishing to a) establish, implement, maintain and improve a BCMS, b) want to ensure compliance with an organization's guidelines for maintaining operational capability; or c) wish to make a self-assessment or self-declaration of compliance with this International Standard. This International Standard cannot be used to assess an organization's ability to meet its own continuity needs or to meet customer, legal or regulatory needs. Organizations that wish to do so can apply the requirements of ISO 22301 to demonstrate compliance to others or to request certification of their BCMS by an accredited third party certification body.
EN ISO 22313:2014 Referenced Document
ANSI/ASIS SPC.1-2009 Organizational Resilience: Security, Preparedness and Continuity Management Systems - Requirements with Guidance for Use*, 2024-04-20 Update
ISO 22301:2012 Societal security - Business continuity management systems - Requirements
ISO 22398:2013 Societal security.Guidelines for exercises
ISO 31000:2009 Risk management - Principles and guidelines
ISO/IEC 20000-1:2011 Information technology - Service management - Part 1: Service management system requirements
ISO/IEC 20000-2:2012 Information technology - Service management - Part 2: Guidance on the application of service management systems
ISO/IEC 20000-3:2012 Information technology - Service management - Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1
ISO/IEC 27002:2013 Information technology.Security techniques.Code of practice for information security controls
ISO/IEC 27031:2011 Information technology - Security techniques - Guidelines for information and communication technology readiness for business continuity
ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and operational continuity management
NFPA 1600-2013 Standard on Disaster/Emergency Management and Business Continuity Programs (Effective Date: 12/17/2012)
SS 540 SINGAPORE Standard for Business continuity management(BCM)
EN ISO 22313:2014 history
2020EN ISO 22313:2020 Security and resilience - Business continuity management systems - Guidance on the use of ISO 22301 (ISO 22313:2020)
2014EN ISO 22313:2014 Societal security - Business continuity management systems - Guidance