This document provides guidance based on good international practice.
It is not the intent of this document to imply uniformity in the structure of a BCMS but for an
organization to design a BCMS that is appropriate to its needs and that meets the requirements of its
interested parties, particularly customers and employees. These needs are shaped by legal, regulatory,
organizational and industry requirements, the products and services, the processes employed, the
environment in which it operates, the size and structure of the organization and the requirements of its
interested parties.
This document is generic and applicable to all sizes and types of organizations, including large, medium
and small organizations operating in industrial, commercial, public and not-for-profit sectors that wish to:
a) implement and maintain a BCMS;
b) ensure conformance with the organization’s business continuity policy;
c) continue delivery of products and services at acceptable predefined capacities during a disruption;
d) enhance their resilience;
e) make a self-determination and self-declaration of compliance with this document.
This document should not be used to assess an organization’s ability to meet its own business continuity
needs, nor any customer, legal or regulatory needs. Organizations wishing to do so can use the ISO
22301 requirements to demonstrate conformance to others or seek certification of its BCMS by an
accredited third-party certification body.
