This document provides guidance based on good international practice. It is not the intent of this document to imply uniformity in the structure of a BCMS but for an organization to design a BCMS that is appropriate to its needs and that meets the requirements of its interested parties, particularly customers and employees. These needs are shaped by legal, regulatory, organizational and industry requirements, the products and services, the processes employed, the environment in which it operates, the size and structure of the organization and the requirements of its interested parties. This document is generic and applicable to all sizes and types of organizations, including large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors that wish to: a) implement and maintain a BCMS; b) ensure conformance with the organization’s business continuity policy; c) continue delivery of products and services at acceptable predefined capacities during a disruption; d) enhance their resilience; e) make a self-determination and self-declaration of compliance with this document. This document should not be used to assess an organization’s ability to meet its own business continuity needs, nor any customer, legal or regulatory needs. Organizations wishing to do so can use the ISO 22301 requirements to demonstrate conformance to others or seek certification of its BCMS by an accredited third-party certification body.