Subject and Scope:

ISO 22301:2021 is a standard for Business Continuity Management Systems (BCMS) that specifies requirements for planning, establishing, implementing, operating, monitoring, reviewing, maintaining, and continually improving a documented management system to protect against incidents that disrupt operations, reduce the likelihood of their occurrence, prepare for and respond to them, and recover from them when they occur.

The requirements specified in ISO 22301:2021 are generic and intended to be applicable to all organizations or parts thereof, regardless of the type, size, or nature of the organization. The extent of application of these requirements depends on the environment in which the organization operates and the complexity of the organization itself.

It is not the intention of this international standard to impose uniformity in the structure of Business Continuity Management Systems (BCMS). Rather, organizations are encouraged to design BCMS appropriate to their needs and to meet the requirements of their interested parties. These needs are shaped by legal and regulatory requirements, organizational and industry requirements, products and services, applied processes, the size and structure of the organization, and the requirements of its interested parties.

ISO 22301:2021 is applicable to organizations of all types and sizes that wish to:
a) Establish, implement, maintain, and continually improve a BCMS.
b) Ensure compliance with the business continuity policy statement.
c) Demonstrate compliance to others.
d) Seek certification/registration of their BCMS by an accredited certification body.
e) Self-determine compliance with this international standard.
ISO 22301:2021 can be used to assess the organization's ability to meet its own continuity needs and obligations.