ISO 22301:2019

Security and resilience — Business continuity management systems — Requirements

Get ready and start to take your career to the next level

Enroll for Free Newsletter updates

We'll send you a periodic update.

Don't worry, it's not the least bit annoying.


0.1   General

This course specifies the structure and requirements for implementing and maintaining a business continuity management system (BCMS) that develops business continuity appropriate to the amount and type of impact that the organization may or may not accept following a disruption.

The outcomes of maintaining a BCMS are shaped by the organization’s legal, regulatory, organizational, and industry requirements, products and services provided, processes employed, the size and structure of the organization, and the requirements of its interested parties.

A BCMS emphasizes the importance of:

  • — understanding the organization’s needs and the necessity for establishing business continuity policies and objectives;
  • — operating and maintaining processes, capabilities, and response structures for ensuring the organization will survive disruptions;
  • — monitoring and reviewing the performance and effectiveness of the BCMS;
  • — continual improvement based on qualitative and quantitative measures.

A BCMS, like any other management system, includes the following components:

  • a) a policy;
  • b) competent people with defined responsibilities;
  • c) management processes relating to:
    • 1) policy;
    • 2) planning;
    • 3) implementation and operation;
    • 4) performance assessment;
    • 5) management review;
    • 6) continual improvement;
  • d) documented information supporting operational control and enabling performance evaluation.

Benefits of a business continuity management system

The purpose of a BCMS is to prepare for, provide and maintain controls and capabilities for managing an organization’s overall ability to continue to operate during disruptions. In achieving this, the organization is:

  • a) from a business perspective:
    • 1) supporting its strategic objectives;
    • 2) creating a competitive advantage;
    • 3) protecting and enhancing its reputation and credibility;
    • 4) contributing to organizational resilience;
  • b) from a financial perspective:
    • 1) reducing legal and financial exposure;
    • 2) reducing direct and indirect costs of disruptions;
  • c) from the perspective of interested parties:
    • 1) protecting life, property, and the environment;
    • 2) considering the expectations of interested parties;
    • 3) providing confidence in the organization’s ability to succeed;
  • d) from an internal processes perspective:
    • 1) improving its capability to remain effective during disruptions;
    • 2) demonstrating proactive control of risks effectively and efficiently;
    • 3) addressing operational vulnerabilities.

Plan-Do-Check-Act (PDCA) cycle

This course applies the Plan (establish), Do (implement and operate), Check (monitor and review) and Act (maintain and improve) (PDCA) cycle to implement, maintain and continually improve the effectiveness of an organization’s BCMS.

This ensures a degree of consistency with other management systems standards, such as ISO 9001, ISO 14001, ISO/IEC 20000-1, ISO/IEC 27001, and ISO 28000, thereby supporting consistent and integrated implementation and operation with related management systems.

In accordance with the PDCA cycle, Clauses 4 to 10 cover the following components.

  • — Clause 4 introduces the requirements necessary to establish the context of the BCMS applicable to the organization, as well as needs, requirements, and scope.
  • — Clause 5 summarizes the requirements specific to top management’s role in the BCMS, and how leadership articulates its expectations to the organization via a policy statement.
  • — Clause 6 describes the requirements for establishing strategic objectives and guiding principles for the BCMS as a whole.
  • — Clause 7 supports BCMS operations related to establishing competence and communication on a recurring/as-needed basis with interested parties while documenting, controlling, maintaining, and retaining required documented information.
  • — Clause 8 defines business continuity needs, determines how to address them, and develops procedures to manage the organization during a disruption.
  • — Clause 9 summarizes the requirements necessary to measure business continuity performance, BCMS conformity with this course, and to conduct a management review.
  • — Clause 10 identifies and acts on BCMS nonconformity and continual improvement through corrective action.

Contents of this course

This course conforms to ISO’s requirements for management system standards. These requirements include a high-level structure, identical core text, and common terms with core definitions, designed to benefit users implementing multiple ISO management system standards.

This course does not include requirements specific to other management systems, though its elements can be aligned or integrated with those of other management systems.

This course contains requirements that can be used by an organization to implement a BCMS and assess conformity. An organization that wishes to demonstrate conformity to this course can do so by:

  • — making a self-determination and self-declaration; or
  • — seeking confirmation of its conformity by parties having an interest in the organization, such as customers; or
  • — seeking confirmation of its self-declaration by a party external to the organization; or
  • — seeking certification/registration of its BCMS by an external organization.

Clauses 1 to 3 in this course set out the scope, normative references, and terms and definitions that apply to the use of this course. Clauses 4 to 10 contain the requirements to be used to assess conformity to this course.

In this course, the following verbal forms are used:

  • a) “shall” indicates a requirement;
  • b) “should” indicates a recommendation;
  • c) “may” indicates permission;
  • d) “can” indicates a possibility or a capability.

Information marked as “NOTE” is for guidance in understanding or clarifying the associated requirement. “Notes to entry” used in Clause 3 provide additional information that supplements the terminological data and can contain provisions relating to the use of a term.

More Options. No Obligations.

Pay as you go. No long-term contracts.

Workshop Date in October

  • 1st Session: 3rd week of October
  • 2nd Session: 4th week of October
  • 3rd Session: To be arranged individually
  • Online workshop via Zoom
  • Fees include Workshop & Certification

Workshop Date in November

  • 1st Session: 3rd week of November
  • 2nd Session: 4th week of November
  • 3rd Session: To be arranged individually
  • Online workshop via Zoom Feature
  • Fees include Workshop & Certification

Workshop Date in December

  • 1st Session: 3rd Week of December
  • 2nd Session: 4th Week of December
  • 3rd Session : To be arranged individually
  • Online workshop via Zoom
  • Fees include Workshop & Certification

Note: Minimum No of trainees 6

Are you ready to find out how we can help you succeed?

Book here a strategical session with the Senior Lead Auditor free of charge to discuss all the details

Frequently Asked Questions

What our Participants are saying...

Maryam Alaboud, Translator - KSA

إن الحمدلله أولاً وأخيراً،

حصلت على شهادة الآيزو 17100 في جودة خدمات الترجمة للأفراد
كل الشكر لكل من ساندني وشجعني وعلى رأسهم الدكتور الفاضل Dr. Mohamed-Ali Ibrahim، أشكر له مهنيته وتفانيه وحرصه الشديد على أن تسير جلسات التقييم بالشكل الاحترافي الأمثل.

Thank God first and foremost,

I got the ISO 17100 Certificate in the quality of translation services for individuals

All thanks to all those who supported me and encouraged me, led by Dr. Mohamed-Ali Ibrahim, I thank him for his professionalism, dedication, and  .keenness that the evaluation sessions go in such a professional way.

Maha Alfaleh

Felwa Almazyad
Translator at SDAIA | سدايا

I’m pleased to announce that I have a certification of #iso #iso17100 17100:2015-05
Special thanks to Dr. Mohamed-Ali Ibrahim for his support and guidance during the journey.


Aura AlMutlaq
Riyadh - KSA

Dear Dr. Mohamed-Ali Ibrahim
I am very honored to have this golden opportunity with you, this course was extremely enriching and has widened my view on many aspects.
My utmost gratitude,




د. محمد علي إبراهيم

Top Skills  

Quality & Risk Management,
      Intercultural Skills,
Management Consulting
Master in Translation Studies
Master in Interpretation
Ph.D. in Quality & Risk Management
English, Arabic, German

- Austrian State Award
- International German Award
- SABRE International Award (PR Oscar)
-Best Practice Award, Vienna-Austria
-Top Expert 2021 and 2022 in Quality Management (Erfolg 2021 and 2022)

Publications المؤلفات
25 books (on Amazon) about Business Administration, Quality Management, and Translation Science.
The most important literature on the platform AMAZON

The Senior Lead Auditor of TÜV AUSTRIA

CEO of IQC-Vienna, International Qualification & Certification, Vienna, Austria
Vienna - Austria
Dr. Mohamed-Ali Ibrahim is an accredited Lead Auditor for the following Standards: ISO/IEC 27001:2022 Information security management systems, ISO 22301:2019 Business continuity management systems, ISO 9001:2015 Quality Management Systems, the International PR Standard CMS

ISO HR Standards: ISO 10667-1:2020 / ISO 10667-2:2020 / ISO 24179:2020 / ISO 30401:2018 / ISO 30405:2016 / ISO 30406:2017 / ISO 30407:2017 / ISO 30408:2016 / ISO 30409:2016 / ISO 30410:2018 / ISO 30411:2018 / ISO 30414:2018 / 30423:2021

ISO Standards in the Education: ISO 29991:2014 / ISO 29993:2017 / ISO 29994:2017 / ISO 21001:2018

Plus the following 10 further ISO Standards in the Translation/Localization/MPE industry: ( ISO 21989, ISO 20228, ISO 2603, ISO 24019, ISO 18841, ISO 21720, ISO 20771, ISO 22259, ISO 11669, ISO 23155).

The expertise includes Consultation, Training, and Certification.

A former member of the Standards Committee at the Austrian Quality Authority and participated in developing the European Norm EN15038 for the field of translation
which became the basis for ISO17100:2015

Conducted +750 different Quality Audits (Pre-Audits, Initial Audits, Surveillance Audits, and Recertification Audits) worldwide.

Key-note speaker at international sector conferences. Trainer, Coach, Consultant, and Lead Auditor since 1998.

Master in Translation Studies from Karl-Franzens University, Graz, Austria

Master in Interpretation from Karl-Franzens University, Graz, Austria

Ph.D. in Quality & Risk Management in healthcare institutions