ISO 22301:2019 is the international standard for a Business Continuity Management System (BCMS). It specifies requirements to plan, establish, implement, operate, monitor, review, maintain, and continually improve a documented system that protects against, reduces the likelihood of, and ensures recovery from disruptive incidents.

Is the current version 2019?

Yes. ISO 22301:2019 is the current edition. As of 2026 it remains the in-force version, with no confirmed publication date for a revision.

How does it relate to ISO 27001?

ISO 22301 and ISO 27001 share the ISO harmonized (high-level) structure, so the management-system clauses (4-10) overlap heavily. Organizations frequently run them together and can pursue a combined audit, reusing leadership, risk, and improvement processes across both.

What is a business impact analysis?

A business impact analysis (BIA) identifies an organization's critical activities, their dependencies, and the impact of disruption over time. It drives the recovery time and recovery point objectives (RTO/RPO) and the continuity strategies the BCMS puts in place.

Business continuity, certifiable

Build a BCMS with ISO 22301

ISO 22301:2019 as a working program — business impact analysis, continuity strategies, plans, and exercises — that reuses your ISO 27001 management system.

Start free trial Book a demo

What is ISO 22301?

ISO 22301:2019 is the international standard for a Business Continuity Management System (BCMS). It defines the requirements for a documented, repeatable system that helps an organization prepare for, respond to, and recover from disruptive incidents — from outages and natural disasters to supply-chain failures and cyber attacks. It is certifiable, and it follows the Plan-Do-Check-Act model common to ISO management-system standards.

What a BCMS covers

At its core, ISO 22301 is driven by a business impact analysis (BIA) and a risk assessment that together identify an organization's critical activities, their dependencies, and the impact of disruption over time. From there, the organization defines continuity strategies, sets recovery time and recovery point objectives (RTO/RPO), documents continuity and incident-response plans, and validates them through an exercise and testing program with reviews and corrective actions.

How it relates to ISO 27001

ISO 22301 shares the ISO harmonized structure (clauses 4–10) with ISO 27001, so the leadership, risk-management, and continual-improvement processes overlap substantially. Many organizations run the two together and pursue a combined audit, and the BCMS also strengthens the availability story for SOC 2.

How episki helps

episki implements ISO 22301 as a working BCMS: a BIA builder, disruption-scenario risk assessment, continuity plans tied to your recovery objectives, and an exercise program with corrective actions tracked to closure. Because it reuses your ISO 27001 management system, the BCMS is an extension of your program rather than a separate binder.

ISO 22301 outcomes with episki

Quantify the impact security and compliance brings to your business.

:2019

The current edition of the international BCMS standard.

BIA-driven

Continuity priorities set by a documented business impact analysis.

27001 aligned

Shares the ISO harmonized structure with ISO 27001 for reuse.

Why teams choose episki for ISO 22301

Framework-specific automation, collaboration, and reporting in one workspace.

A real BCMS, not a binder

The ISO 22301 management system implemented as living artifacts.

Business impact analysis and risk assessment
Continuity strategies and solutions
Documented plans and recovery objectives

Tested and improved

Exercises, reviews, and corrective actions that satisfy auditors.

Exercise and test scheduling
Post-incident and post-exercise reviews
Corrective actions tracked to closure

Reuse your ISMS

ISO 22301 shares the harmonized structure with ISO 27001.

Shared clauses 4-10 with ISO 27001
One combined audit where scoped together
Crosswalk to SOC 2 availability criteria

ISO 22301 readiness inside episki

What a BCMS needs in place.

Plug episki into your stack and work directly from this checklist during the free trial.

✓ BCMS scope, policy, and objectives
✓ Business impact analysis (BIA)
✓ Risk assessment of disruption scenarios
✓ Continuity strategies and recovery objectives (RTO / RPO)
✓ Business continuity and incident response plans
✓ Exercise program, reviews, and corrective actions

ISO 22301 accelerators

Business continuity accelerators

Stand up a certifiable BCMS without a parallel project.

BIA builder

Capture critical activities, dependencies, and recovery objectives.

Continuity plan templates

Document plans tied to your BIA and recovery objectives.

ISO 27001 crosswalk

Reuse your ISMS management-system evidence for the BCMS.

ISO 22301 frequently asked questions

Build a certifiable BCMS in episki

Stand up ISO 22301 alongside ISO 27001 and reuse the management-system work.

Start free trial Book a walkthrough