The subject and scope of ISO 22301:2021 are as follows:

ISO 22301:2021 specifies the requirements for planning, establishing, implementing, operating, monitoring, reviewing, maintaining, and continually improving a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from incidents that disrupt, impact, or threaten an organization's operations.

The requirements specified in ISO 22301:2021 are generic and intended to be applicable to all organizations or parts thereof, regardless of the type, size, or nature of the organization. The extent of application of these requirements depends on the operating environment and the complexity of the organization.

It is not the intention of this international standard to impose uniformity in the structure of a business continuity management system (BCMS) but rather to enable an organization to design a BCMS appropriate to its needs and to meet the requirements of its interested parties. These needs are shaped by legal and regulatory requirements, organizational and industry requirements, products and services, applied processes, size and structure of the organization, and the requirements of its interested parties.

ISO 22301:2021 is applicable to organizations of all types and sizes that wish to:

a) establish, implement, maintain, and improve a BCMS,
b) ensure compliance with stated business continuity policy,
c) demonstrate conformity to others,
d) seek certification/registration of its BCMS by an accredited Certification Body, or
e) make a self-determination and self-declaration of conformity with this international standard.

ISO 22301:2021 can be used to assess an organization's ability to meet its own requirements and obligations for business continuity.

Top of Form