ISO 22301 Readiness Checklist
This checklist assesses the maturity level of your organization Business Continuity Management System (BCMS) against ISO 22301:2019 requirements. Each item references the corresponding normative clause for traceability.
0 of 18 completed
Context and leadership
Impact analysis and risks
Continuity and response plans
Exercises, evaluation, and improvement
FAQ
What is the difference between ISO 22301 and a traditional contingency plan
ISO 22301 establishes a comprehensive management system (BCMS) that goes beyond an isolated contingency plan. It includes business impact analysis (BIA), systematic disruption risk assessment, recovery strategies, periodic exercises, and continual improvement.
What is Business Impact Analysis (BIA)
The BIA is the process through which the organization identifies its critical activities, determines maximum tolerable periods of disruption (MTPD), and establishes recovery time objectives (RTO) and recovery point objectives (RPO). It is the foundation of the entire BCMS.
How often should business continuity exercises be performed
ISO 22301 requires exercises at planned intervals and when significant changes occur, without defining a fixed frequency. Recommended practice is at least once a year for each critical continuity plan.
Can ISO 22301 be integrated with ISO 27001
Yes. Both standards share the ISO High Level Structure (HLS). ISO 27001 includes control A.5.30 on business continuity linked to information security. Organizations implementing both can unify risk assessment, internal audits, and management review.