Telephone: 01908 041464 | Email:


Use the ISO 22301 standard to drive your management systems to prevent, respond to, and manage crisis and disruption when it hits your organisation


Why You Need ISO 22301

Disruption and Crisis can hit at any time

An inability to respond to a crisis or disruption can be costly and in some cases lethal to an organisation.

Benefits of ISO 22301
Business Continuity Management


Eliminate and reduce risks and costs caused by crisis or disruption


Improve your ability to respond to crisis and future disruptive events

your workers

Involve your workers in decision making and response to see positive results

ISO 22301 is the internationally recognised Business Continuity management (BCM) standard. The purpose of the Business Continuity Management System is to enable organisations to:

  • Continually seek methods to eliminate and reduce risks, which will improve your performance now and in the future
  • Reassure your customers that you are putting business continuity issues high on your agenda to ensure seamless services
  • Provide regulators with assurance that you comply with appropriate legislation and other requirements that relate to Business Continuity

Disciplines within Business Continuity management will overlap with those from other standards.

Procedures and instructions written for BC management, such as Fire Response can be the same as written for Safety systems. These can be extended to include the recovery processes to manage the return to a normal working status.

Business Continuity processes can also be applied to Human Resource processes as some elements of crisis can arise from behavioural issues.

Yes, Business Continuity can be managed in parallel with other ISO standards.

Procedures and instructions written for Business Continuity work effectively with response processes written for emergency procedures in environmental management and 'Safe Systems of Work' written for Occupational Health and Safety.

For example, a procedure written to manage environmental noise, or chemical handling will align with response procedures for Business Continuity, which means that control procedures can be combined.

Further ISO 14001 and ISO 45001 requirements will support an organisation planning for business continuity, in that the aspects of risk arising from significant disruptive events can be prepared for and actions put in place to manage them if they arise. Such planning can also be applied to the actions that take place during recovery; for example, assessing the risk of new premises or temporary working arrangements, waste management, reconstruction and finally transition back to the normal working condition.

Business Continuity management, as all the ISO management systems, has adopted the PDCA cycle as the basis of continual improvement. Organisations don’t have to be perfect in order to have an effective management system, but the expectation of the ISO standard is that you can demonstrate the journey your organisation is taking. Over time, your capabilities and effectiveness will improve if you critique your performance in order to improve.

In following the plan-do-check-act process, the management team will begin to improve their planning processes and develop their skills of critical assessment. Part of this improvement will be to crystallise Business Continuity management objectives at a strategic and an operational level.

The Plan-Do-Check-Act process is a critical element of the management system, and each time the cycle is followed through, the capabilities of the team will get better. Tangible improvement arising will include:

  • Identifying opportunities for eliminating risks with effective assessment processes
  • Improving controls for Business Continuity management
  • Reporting Business Continuity management performance and engaging with workers and contractors
  • Management review and leadership
  • Applying these skills to your organisation will enhance your Business Continuity management performance and improve your brand reputation and skills.

A Deeper Understanding

As with all ISO standards, you can sometimes get lost in the jargon. We've listed some frequently asked questions here.

We know that reading about it isn't the same as a good chat. Speak to us to find out what it means to you and your business.


Improve Performance

Enhance your business even further with the good practices and requirements in ISO 22301.
The Standard builds on common practices found in every good organisation.

Getting ISO 22301 Certification

Let Spedan take care of the process for you. Our consultants are based across the UK and ready to talk through your project, simply contact us to discuss your requirements.

How do I get ISO 22301?

The process of developing a Business Continuity management system that meets the ISO 22301 standard can take anywhere from 3 to 12 months depending on the level of maturity of the organisation. In some cases, it is simply a case of introducing some new governance processes or developing documentation, whereas in others, an organisation will need to start from scratch.

Getting ISO 22301 is then a process of being certified. UKAS accredited Certification Bodies are the organisations who will carry out a series of audits of the Business Continuity management system against the ISO Standard. As a result of the audit (and if the system meets the Standard) the Organisation is then awarded an ISO 22301 Certificate.

How long are ISO 22301 audits?

The process of developing an Business Continuity management system that meets the ISO 22301 standard can take anywhere from 3 to 12 months depending on the level of maturity of the organisation. In some cases, it is simply a case of introducing some new governance processes or developing documentation, whereas in others, an organisation will need to start from scratch.

The first phase of the ISO 22301 audit process is a ‘Stage 1’ Audit, which will look at the readiness of the system, and check against the required documentation.

The benefit of the Stage 1 audit is that the organisation can test out its ideas or identify gaps without risking failing. The audit will result in a report that defines the amount of work needed to be complete before the Stage 2 audit is completed.

Usually, there is a gap between the Stage 1 and Stage 2 audits of 4 weeks to 6 months, which allows the organisation to gather more data and increase its capabilities.

How much does ISO 22301 cost?

Like any product or service that an organisation buys, it is important to shop around Certification Bodies and ensure that you get a level of service you want, at a price that is acceptable.

The UKAS accredited Certification Bodies are subjected to quality standards themselves and UKAS acts as Ombudsmen, which gives you assurance that any issues will be resolved appropriately.

Typically, direct audit costs are charged on a day-rate basis and the number of days will vary according to the size of the business. Companies up to 50 people can expect initial certification costs of approximately £5k, and ongoing costs of up to 2-3k per annum.

Spedan Ltd are Associate Consultants to the major ISO Certification Bodies and can help clarify your costs before you commit to one supplier.

Read our ISO 22301 blogs

4 key questions for Business Continuity
3 approaches to Business Continuity
3 approaches to Business Continuity

Take a look at our other services.
iSHEQ. A premium toolkit for ISO 9001 Managers,
packed with information and resources.

See iSheq in action - Learn more

Telephone: 01908 255 525 | Email: