ISO 22301 - Business Continuity Management System (BCMS)
Ask for a certification
Ask
ISO 22301 Business Continuity Management certification is suitable for all organizations that want to:
- Establish and validate security policies and security strategies from physical, technical, IT, compliance to personnel security.
- Ensure the organization's strategic and tactical capability, preparedness and timely response to incidents and disruptions.
- Effectively assess the risks associated with disruptions to the organisation and analyse the impact to the business, i.e. know what threatens key processes and have adequate measures in place
- Maintain a positive relationship with customers by addressing disruptions to the organisation in a timely manner. This means that the organisation remains able to meet its obligations to them and maintain its credibility.
- Protect assets and people effectively and minimize the need to improvise in crisis situations because a backup plan is already tested and prepared in advance.
| Step | Activity | Who performs the activity |
|---|---|---|
| 1. | Demand for certification | Customer |
| 2. | Offer for certification | CSQ |
| 3. | Request for certification | Customer |
| 4. | Preparation and conclusion of the certification contract | CSQ |
| 5. | Level 1 Certification Audit Goal of the audit: to get acquainted with the audited organization, to find out basic information about the management system, to plan the certification audit of the 2nd level Main output: audit report identifying strengths and areas where non-conformities to the standard could be found. | CSQ Auditors on-site |
| 6. | Level 2 certification audit Objective of the audit: verification of the functionality of the entire management system against all requirements of the relevant standard, identification of possible non-conformities. Main output: audit report, reports on findings | CSQ Auditors on-site |
| 7. | Implementation of corrective actions (where non-conformities have been identified) | Customer |
| 8. | Meeting of the certification committee and decision to issue the certificate | CSQ |
| 9. | Issuance of certificate (for a period of 3 years) | CSQ |
| 10. | Conductin surveillance audits after the first and second year after certification | CSQ Auditors on-site |
| 11. | (Re)certification audit and issuance of a new certificate (after the expiry of the 3-year validity of the issued certificate) | CSQ Auditors on-site |