Societal security - Business continuity management systems - Requirements
ISO 22301specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.
Business Continuity includes three key elements:
critical business functions and the supporting infrastructure are designed and engineered in such a way that they are materially unaffected by most disruptions, for example through the use of redundancy and spare capacity,
arrangements are made to recover or restore critical and less critical business functions that fail for some reason.
the organization establishes a generalized capability and readiness to cope effectively with whatever major incidents and disasters occur, including those that were not, and perhaps could not, have been foreseen. Contingency preparations constitute a last-resort response if resilience and recovery arrangements should prove inadequate in practice.