ARL Logo
Risky Thinking
On Risk Management, Business Continuity, and Security
19 September, 2017
Create your
Risk Register
the easy way
with the

ISO 22301 (Definition)

ISO 22301 is the international standard for Business Continuity Management. It's full title is Societal Security — Business Continuity Management Systems — Requirements.

Introduced in 2012, it is intended that it will be a replacement for the second part of the earlier British Standard BS 25999

Like its predecessor, it specifies the requirements of a Business Continuity Management System. The requirements are intended to be suitable for auditing, so that a company or department can claim that its management systems are ISO 22301 certified.

Certification is an important consideration in complex supply chains, where each company relies on the ability of many other companies to provide critical components or services. If one part of this supply chain is disrupted, it will have a significant effect on companies further down the chain. It is generally not feasible or desirable for each company to check that each of its suppliers has a suitable business continuity plan in place: doing so would be prohibitively expensive and, with one supplier providing supplies to many customers, would involve a major duplication of effort.

The belief is therefore that it would be simpler and cheaper if each major supplier obtained ISO 22301 certification.

Whether the requirement for supplier robustness in the face of disaster will eventually be perceived as being as important as supplier quality remains to be seen. It is only when a company relies on a large number of suppliers for a small number of products that supply chain risk starts to dominate other risks.

See Also: BS 25999.

You are welcome to use these definitions for any purpose provided that an acknowledgement is made
to www.riskythinking.com and (if you're using HTML) you provide a link back to this site.

[ Back to Risk Glossary ]

Risky Thinking Newsletter

Are you responsible for Business Continuity, Disaster Recovery, or Risk Management in your organization? Then you may wish to receive a free subscription to the the monthly Risky Thinking Newsletter. It contains news, opinions and articles of interest to people working in these areas.

View a sample issue, or click here to subscribe.

Recent articles have included:

It's common advice to not put all your eggs in one basket, but does that mean it's always the right thing to do? Read more...

© Albion Research Ltd. 2017