EGAC Accredited
ISO 22301:2019 — Business Continuity
Build organisational resilience and ensure continuity through disruption. EGAC-accredited BCMS certification for critical operations.
EGAC
ISO 22301:2019
ISO/IEC 17021-6:2014
ISO 22301:2019
BCMS
What is Business Continuity Management Systems?
ISO 22301:2019 specifies requirements to plan, establish, implement, operate, monitor, review, maintain, and continually improve a Business Continuity Management System (BCMS) to protect against, reduce the likelihood of, and ensure recovery from disruptive incidents.
Who Is This For?
Critical infrastructure operators, financial institutions, IT service providers, healthcare organisations, utilities, logistics companies, and any organisation where disruption would have serious consequences for operations, customers, or regulatory compliance.
Key Benefits
- Structured response to disruptions — minimise impact and recovery time
- Demonstrates resilience to clients, partners, and regulators
- Required by some financial regulators and supply chain contracts
- Reduces insurance premiums for business interruption cover
- Identifies critical functions and dependencies across the organisation
- Builds stakeholder and investor confidence
Certification Process
1
Application & Review
Submit your application. CAS reviews your organisation's scope, personnel, sites, and activities to prepare a detailed audit time calculation and formal commercial proposal.
2
Stage 1 — Document Review
On-site or remote review of your management system documentation, readiness assessment, and confirmation of Stage 2 audit scope and plan.
3
Stage 2 — On-site Audit
Full on-site audit of the implemented management system against the standard's requirements. Findings are reported; nonconformities must be closed before certification.
4
Certification Decision
CAS's independent certification committee reviews the audit findings and issues the certificate. The certificate is valid for 3 years.
5
Surveillance & Recertification
Annual surveillance audits (~1/3 of initial audit time) maintain certification. Recertification audit (~2/3 of initial time) is conducted before certificate expiry to renew for a further 3 years.
Frequently Asked Questions
A BIA identifies your organisation's critical activities, their dependencies, and the impact of disruption over time. It is a core requirement of ISO 22301 and forms the basis of your continuity strategy.
Yes — it covers all types of disruptive incidents including cyber attacks, natural disasters, pandemics, supply chain failures, and key personnel loss. It complements ISO/IEC 27001 for information security.
Related Services