JDA Advisory

ISO 22301 Implementation BCMS

ISO 22301 Implementation BCMS – Gain a competitive advantage through effective business continuity implementation.

Discover the key benefits of implementing ISO 22301 for the stability and security of your organization ISO 22301 Implementation BCMS

ISO 22301 Implementation BCMS – Enhanced organizational resilience.

ISO 22301 implementation ensures business continuity even in unforeseen situations, minimizing the risk of disruptions and losses.

ISO 22301 Implementation BCMS- Compliance with international standards.

Our solutions ensure full compliance with ISO standards, enhancing your company’s credibility and market position.

Optimization of management processes.

Streamlined procedures enable more effective crisis response and better planning of corrective actions.

We provide effective business continuity management for your organization.

We present the key challenges in maintaining business continuity and how ISO 22301 supports their effective resolution.

Risk analysis and threat assessment

Our approach identifies potential threats, enabling the swift and precise implementation of preventive measures.

Business continuity strategy design

We create customized plans that transform disruption risks into stable and controlled processes.

Implementation of a management system compliant with ISO 22301

We help eliminate barriers and optimize processes so the system operates efficiently and without disruption.

Training and internal audits

Organizujemy kompleksowe szkolenia oraz audyty, które zapewniają trwałość i doskonalenie systemu ciągłości działania.

How we implement ISO 22301

Discover our proven ISO 22301 implementation process that step by step enables effective business continuity management in your organization.

Step One: Needs Analysis

We thoroughly analyze your company’s specifics to tailor ISO 22301 implementation to its unique requirements.

Step Two: Planning and Strategy

We develop a comprehensive action plan to ensure effective implementation and integration of the business continuity management system.

Step Three: Implementation and Support

We implement solutions according to the plan, providing full support and training for your team to ensure lasting results.

Our ISO 22301 Implementation Offer

We offer comprehensive solutions supporting your organization’s business continuity, ensuring professionalism and full support.

Initial consultation

We analyze your company’s needs to tailor the standard implementation process to your specific operations.

System design

We create customized procedures and documentation compliant with ISO 22301.

Training and workshops

We prepare your team for effective business continuity management.

Audit and certification

We assist with conducting the audit and obtaining the official ISO 22301 certificate.

more details…

Methodology for implementing ISO 22301:2019 (Business Continuity Management System – BCMS),

ISO 22301:2019 Implementation Methodology

ISO 22301 implementation follows six major phases, each with clear deliverables and milestones. The methodology is proportionate and suitable for organisations of any size.

PHASE 1 — Initiation & Project Mobilisation

Objectives
  • Establish governance for the BCMS project.
  • Define scope, boundaries, and organisational context.
  • Identify critical stakeholders and resources.
Key Activities
  • Appoint BCMS Manager and Steering Committee.
  • Define BCMS scope (processes, locations, services).
  • Identify internal/external issues (Clause 4.1).
  • Identify interested parties and their continuity requirements (Clause 4.2).
  • Approve project plan and communication plan.
Deliverables
  • BCMS Project Charter
  • BCMS Scope Statement
  • Stakeholder Register
  • Communication Plan
Milestone

M1: BCMS project formally launched

PHASE 2 — Business Impact Analysis (BIA) & Risk Assessment

Objectives
  • Identify critical activities, dependencies, and recovery priorities.
  • Assess risks that may disrupt operations.
Key Activities
  • Conduct Business Impact Analysis (BIA):
    • Identify critical activities
    • Determine MTPD, RTO, RPO
    • Identify dependencies (people, ICT, suppliers, facilities)
  • Conduct risk assessment:
    • Identify threats and vulnerabilities
    • Evaluate likelihood and impact
    • Define risk treatment options
Deliverables
  • BIA Report
  • Risk Assessment Report
  • Risk Treatment Plan
Milestone

M2: BIA and risk assessment completed

PHASE 3 — Strategy & Continuity Requirements

Objectives
  • Define continuity strategies and recovery options.
  • Align resources with recovery objectives.
Key Activities
  • Define continuity strategies for:
    • People
    • ICT systems
    • Facilities
    • Suppliers
    • Communications
  • Define recovery priorities and resource requirements.
  • Validate strategies with management.
Deliverables
  • Business Continuity Strategy Document
  • Resource Requirements Matrix
Milestone

M3: Continuity strategy approved

PHASE 4 — BCMS Documentation & Plan Development

Objectives
  • Develop and formalise BCMS documentation.
  • Create and implement continuity and recovery plans.
Key Activities
  • Develop mandatory BCMS documentation:
    • Business Continuity Policy
    • BCMS Manual
    • Incident Response Procedure
    • Crisis Management Plan
    • Business Continuity Plans (BCPs)
    • Disaster Recovery Plan (DRP)
    • Communication Plan (internal/external)
    • Supplier Continuity Requirements
  • Establish document control and governance.
  • Train process owners and crisis teams.
Deliverables
  • Full BCMS Documentation Set
  • BCPs and DRP
  • Crisis Communication Plan
  • Training Records
Milestone

M4: BCMS documentation and plans implemented

PHASE 5 — Exercising, Testing & BCMS Operation

Objectives
  • Validate the effectiveness of continuity plans.
  • Ensure the BCMS is operational and producing evidence.
Key Activities
  • Conduct exercises:
    • Table‑top exercises
    • Technical recovery tests
    • Communication tests
    • Supplier continuity tests
  • Collect evidence of BCMS operation.
  • Perform internal BCMS audit.
  • Conduct management review.
  • Address nonconformities and corrective actions.
Deliverables
  • Exercise & Test Reports
  • Internal Audit Report
  • Management Review Minutes
  • Corrective Action Plan

Milestone

M5: BCMS tested, audited, and reviewed

PHASE 6 — Certification Audit Preparation & Support

Objectives
  • Prepare for Stage 1 and Stage 2 certification audits.
  • Ensure all evidence is complete and compliant.
Key Activities
  • Pre‑audit readiness assessment.
  • Prepare evidence package for auditors.
  • Support during Stage 1 (documentation review).
  • Support during Stage 2 (implementation audit).
  • Address any findings.
Deliverables
  • Certification Readiness Report
  • Evidence Package
  • Audit Findings Response Plan
Milestone

M6: ISO 22301:2019 certification achieved

Typical ISO 22301 Implementation Schedule (4–7 Months)

MonthPhaseKey Milestones
1Phase 1Project launch, scope approval
1–2Phase 2BIA + risk assessment
2–3Phase 3Continuity strategy
3–5Phase 4BCMS documentation + BCP/DRP
5–6Phase 5Exercises + internal audit + management review
6–7Phase 6Certification audit support

Small organisations: 3–4 months Mid‑sized organisations: 4–7 months Large/complex organisations: 7–12 months

ISO 22301:2019 Implementation Checklist

This checklist covers all mandatory clauses and Annex A controls.

1. Context of the Organisation

  • [ ] BCMS scope defined
  • [ ] Internal/external issues identified
  • [ ] Interested parties identified
  • [ ] BCMS boundaries documented

2. Leadership

  • [ ] Business Continuity Policy approved
  • [ ] Roles and responsibilities defined
  • [ ] Top management commitment demonstrated

3. Planning

  • [ ] BIA methodology defined
  • [ ] BIA performed
  • [ ] Risk assessment performed
  • [ ] Continuity strategy defined
  • [ ] Objectives and KPIs defined

4. Support

  • [ ] Competence requirements defined
  • [ ] Training and awareness conducted
  • [ ] Communication plan implemented
  • [ ] Documented information controlled

5. Operation

  • [ ] Incident response procedure implemented
  • [ ] Crisis management structure established
  • [ ] Business Continuity Plans developed
  • [ ] Disaster Recovery Plan developed
  • [ ] Supplier continuity requirements defined

6. Performance Evaluation

  • [ ] Monitoring and measurement defined
  • [ ] BCMS exercises conducted
  • [ ] Internal audit performed
  • [ ] Management review completed

7. Improvement

  • [ ] Nonconformities recorded
  • [ ] Corrective actions implemented
  • [ ] Continual improvement demonstrated

Annex A Controls Checklist (ISO 22301:2019)

A.8 Business Impact Analysis & Risk Assessment

  • [ ] BIA documented
  • [ ] Risk assessment documented
  • [ ] Recovery priorities defined

A.9 Business Continuity Strategies

  • [ ] Strategies for people, ICT, facilities, suppliers
  • [ ] Resource requirements defined

A.10 Business Continuity Plans

  • [ ] BCPs documented
  • [ ] DRP documented
  • [ ] Communication plan documented

A.11 Exercise Programme

  • [ ] Exercise schedule defined
  • [ ] Exercises performed
  • [ ] Lessons learned documented

A.12 Evaluation of BCMS

  • [ ] Internal audit performed
  • [ ] Management review completed

A.13 Improvement

  • [ ] BCMS updated based on lessons learned
  • [ ] Corrective actions implemented
ISO 22301:2019