ISO 22301 - Business Continuity Management System (BCMS)
Ask for a certification
ISO 22301 Business Continuity Management certification is suitable for all organizations that want to:
- Establish and validate security policies and security strategies from physical, technical, IT, compliance to personnel security.
- Ensure the organization's strategic and tactical capability, preparedness and timely response to incidents and disruptions.
- Effectively assess the risks associated with disruptions to the organisation and analyse the impact to the business, i.e. know what threatens key processes and have adequate measures in place
- Maintain a positive relationship with customers by addressing disruptions to the organisation in a timely manner. This means that the organisation remains able to meet its obligations to them and maintain its credibility.
- Protect assets and people effectively and minimize the need to improvise in crisis situations because a backup plan is already tested and prepared in advance.
|Step||Activity||Who performs the activity|
|1.||Demand for certification||Customer|
|2.||Offer for certification||CSQ|
|3.||Request for certification||Customer|
|4.||Preparation and conclusion of the certification contract||CSQ|
|5.||Level 1 Certification Audit|
Goal of the audit: to get acquainted with the audited organization, to find out basic information about the management system, to plan the certification audit of the 2nd level
Main output: audit report identifying strengths and areas where non-conformities to the standard could be found.
CSQ Auditors on-site
|6.||Level 2 certification audit|
Objective of the audit: verification of the functionality of the entire management system against all requirements of the relevant standard, identification of possible non-conformities.
Main output: audit report, reports on findings
|CSQ Auditors on-site|
|7.||Implementation of corrective actions (where non-conformities have been identified)||Customer|
|8.||Meeting of the certification committee and decision to issue the certificate||CSQ|
|9.||Issuance of certificate (for a period of 3 years)||CSQ|
|10.||Conductin surveillance audits after the first and second year after certification||CSQ Auditors on-site|
|11.||(Re)certification audit and issuance of a new certificate (after the expiry of the 3-year validity of the issued certificate)||CSQ Auditors on-site|