Checklist

ISO 22301 Readiness Checklist

Verification checklist with 20 points to assess your organization readiness for ISO 22301:2019 business continuity requirements.

This checklist assesses the maturity level of your organization Business Continuity Management System (BCMS) against ISO 22301:2019 requirements. Each item references the corresponding normative clause for traceability.

Verification points

Context and leadership

Internal and external issues relevant to business continuity have been identified[4.1]

Interested parties and their requirements have been determined, including legal and regulatory requirements[4.2]

The BCMS scope is defined, considering critical activities and interdependencies[4.3]

Top management has issued a business continuity policy and demonstrates active commitment to the BCMS[5.2]

Roles, responsibilities, and authorities for the BCMS have been assigned[5.3]

Impact analysis and risks

A Business Impact Analysis (BIA) identifying critical activities, MTPD, and recovery objectives (RTO/RPO) has been performed[8.2.2]

Disruption risks that may affect critical activities have been identified and assessed[8.2.3]

Resource needs for the continuity of critical activities have been determined[8.2.2]

Strategies and treatment measures for identified disruption risks have been defined[8.3]

Continuity and response plans

Documented business continuity plans exist for critical activities identified in the BIA[8.4.1]

Plans define incident response structure, including activation, escalation, and communication[8.4.2]

A crisis communication procedure with internal and external interested parties has been established[8.4.3]

Plans include recovery procedures with assigned responsible parties and defined activation sequence[8.4.4]

Exercises, evaluation, and improvement

Exercises and tests of continuity plans are performed at planned intervals[8.5]

Exercise results are documented and generate improvement actions in the plans[8.5]

Internal BCMS audits are performed at planned intervals[9.2]

Top management reviews the BCMS at planned intervals, including BIA and exercise results[9.3]

Nonconformities are recorded and corrective actions are implemented with effectiveness verification[10.1]

CriticalRecommendedOptional

Frequently asked questions

ISO 22301 establishes a comprehensive management system (BCMS) that goes beyond an isolated contingency plan. It includes business impact analysis (BIA), systematic disruption risk assessment, recovery strategies, periodic exercises, and continual improvement.

The BIA is the process through which the organization identifies its critical activities, determines maximum tolerable periods of disruption (MTPD), and establishes recovery time objectives (RTO) and recovery point objectives (RPO). It is the foundation of the entire BCMS.

ISO 22301 requires exercises at planned intervals and when significant changes occur, without defining a fixed frequency. Recommended practice is at least once a year for each critical continuity plan.

Yes. Both standards share the ISO High Level Structure (HLS). ISO 27001 includes control A.5.30 on business continuity linked to information security. Organizations implementing both can unify risk assessment, internal audits, and management review.

Professional readiness assessment

Assessment within 72 business hours. ISO methodology. No ties to certification bodies.

Request diagnosis

Loading content…

Frequently asked questions