AS ISO 22301-2020 PDF

Full title and description

AS ISO 22301:2020 — Security and resilience — Business continuity management systems — Requirements. This Australian adoption identically adopts ISO 22301:2019 and specifies requirements for establishing, implementing, maintaining and continually improving a Business Continuity Management System (BCMS) to protect against, reduce the likelihood of, prepare for, respond to and recover from disruptive incidents.

Abstract

AS ISO 22301:2020 defines the normative requirements for a BCMS applicable to organizations of any size or type. It covers leadership and governance, planning (including business impact analysis and risk assessment), support and resources, operational controls (strategies, plans and procedures), performance evaluation (monitoring, internal audit and management review) and continual improvement to ensure timely resumption of critical activities after disruption.

General information

• Status: Published / Current (Australian adoption).
• Publication date: 25 September 2020.
• Publisher: Standards Australia (identical adoption of ISO).
• ICS / categories: 03.100.01; 03.100.70 (Security and resilience; Business continuity).
• Edition / version: AS ISO 22301:2020 — adoption of ISO 22301:2019 (Edition 2).
• Number of pages: 21 pages (core standard document).

Scope

The standard specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of, prepare for, respond to and recover from disruptions when they arise. Requirements are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature; the extent of application depends on the organisation’s context and complexity.

Key topics and requirements

• Leadership and commitment, business continuity policy, and roles, responsibilities and authorities.
• Context of the organization, interested parties and scope determination for the BCMS.
• Planning: actions to address risks and opportunities, business continuity objectives and change management.
• Support: resources, competence, awareness, communication and documented information control.
• Operation: business impact analysis (BIA), risk assessment, continuity strategies, plans and procedures, exercises and capability evaluation.
• Performance evaluation: monitoring, measurement, internal audit and management review.
• Improvement: nonconformity and corrective action, continual improvement of the BCMS.
• Integration with related management systems and consideration of climate and resilience factors (as addressed by subsequent amendments).

Typical use and users

Used by organizations across public and private sectors seeking a systematic, auditable approach to business continuity and resilience. Typical users include BCMS practitioners, risk managers, compliance teams, executive leadership, auditors, consultants and regulators. It is suitable for organizations aiming for certification to an internationally recognized BCMS standard or for aligning continuity planning with international best practice.

Related standards

Commonly used together with ISO 22313 (guidance on ISO 22301), ISO 22300 (vocabulary), ISO 31000 (risk management), ISO/IEC 27001 (information security management), and national standards such as AS 5050 (managing disruption-related risk). Amendments and national corrigenda that affect ISO 22301 (for example climate-related changes) may also apply.

Keywords

business continuity, BCMS, resilience, disruption recovery, business impact analysis (BIA), risk assessment, continuity planning, exercises, incident response, contingency planning.

FAQ

Q: What is this standard?

A: AS ISO 22301:2020 is the Standards Australia adoption of ISO 22301:2019. It sets out the requirements for a Business Continuity Management System to help organisations prepare for, respond to and recover from disruptive incidents.

Q: What does it cover?

A: It covers the full BCMS lifecycle: establishing context and scope; leadership and policy; planning (including BIA and risk assessment); support and resources; operational controls, plans and exercises; monitoring, internal audit and management review; and continual improvement.

Q: Who typically uses it?

A: Organizations of all sizes and sectors, BCMS implementers, risk and continuity professionals, auditors, regulators and consultants—anyone responsible for ensuring continuity of critical products and services.

Q: Is it current or superseded?

A: AS ISO 22301:2020 is the current Australian adoption (published 25 September 2020). It superseded earlier Australian editions (for example AS ISO 22301:2017). ISO has issued amendments (for example an amendment addressing climate-related changes) and work to revise the ISO standard is ongoing; users should check for the latest amendments or national corrigenda when implementing the standard.

Q: Is it part of a series?

A: Yes. It is part of the ISO 22300-series and related security and resilience publications, including ISO 22313 (guidance), ISO 22300 (vocabulary) and other complementary risk and resilience standards.

Q: What are the key keywords?

A: Business continuity, BCMS, resilience, disruption recovery, business impact analysis, risk assessment, continuity planning, incident response, contingency planning.