Lead the AI era of GRC at Elevate 2026 — Join us April 22–24 in Atlanta Register nowarrow_forward

menu

Lead the AI era of GRC at Elevate 2026 — Join us April 22–24 in Atlanta Register now

arrow_forward

language

Products

arrow_drop_down

Solutions

arrow_drop_down

Resources

arrow_drop_down

Diligent AI

Request a demo

Governance

Risk

Compliance

Audit

Diligent Boards

Automate meeting prep, secure sensitive data and give directors the clarity to make the best decisions.

BoardEffect

Secure, flexible board management software for nonprofits and higher education.

Community

Increase transparency, streamline governance and empower your school board or local government.

Diligent Market Intelligence

On-demand access to exclusive shareholder activism, executive compensation and ESG data.

FEATURED

Diligent One Platform

Centralize and unify all your board management and GRC activities

Role

Use Cases

Company Type

Industries

General Counsel

Safeguard your organization with centralized oversight of governance, risk and compliance.

Corporate Secretary

Run governance flawlessly with AI tools that eliminate busywork and ensure audit-readiness.

Executive Assistant

Streamline board prep, communications and approvals with AI workflows for seamless meetings.

C-Suite

Accelerate decisions and inspire confidence with AI-powered reporting and real-time risk intelligence.

Directors & Trustees

Prepare faster, mitigate risk and make smarter decisions with purpose-built board tools.

Risk Manager

See enterprise risk in real time, act decisively, and deliver AI-powered insights.

Information Security

Unify IT risk, compliance and cyber oversight in one secure platform.

Compliance Officer

Turn regulatory obligations into clear, actionable metrics — proving compliance and ROI.

Internal Auditor

Connect audit management, analytics and monitoring in a secure, AI-powered hub.

FEATURED

Diligent One Platform

Centralize and unify all your board management and GRC activities

Content Library

Case Studies

Virtual Summits

Events

Resources Hub

Discover all of Diligent's insights in one place. Stay ahead of trends with expert perspectives, exclusive research and information you won't find anywhere else.

MEDIA TYPE

Blog Guides Videos Podcasts Content Toolkits Research & Reports

BY TOPIC

Governance Risk & Audit Compliance AI & Cyber Public Sector Diligent Institute

FEATURED

Diligent named a Leader in 2025 Gartner® Magic Quadrant™ for GRC

What is ISO 22301?

October 28, 2020

•

4 min read

Colleagues discussing the effects of ISO 22301 on their firm

The Diligent team

GRC trends and insights

Share:

ISO 22301 is a framework of requirements to build and maintain a robust business continuity management system. This internationally recognized standard outlines a set of processes to overcome and resolve business disruption through best practice risk management. The ISO 22301 standard can be adopted by any size, or type, of organization and will help your organization assess and improve resilience to potential business disruption. This article explores ISO 22301, the benefits it may bring to an organization and the value of getting certified.

ISO 22301:2019 Explained

ISO 22301 was created by the International Organization for Standardization (ISO) as the international standard for business continuity management. The most up-to-date version (second edition) was launched in 2019, so the standard is generally known as ISO 22301:2019. The first edition of ISO 22301 was published in 2012. The ISO 22301:2019 provides a framework for risk management within an organization. It helps to plan and integrate a system for continuing service or product delivery in times of disruption. ISO 22301 also focuses on the steps needed to return to normal levels of operation. The ISO 22301 reflects the structure of other ISO standards such as the ISO 9001 quality management standard. It consists of 10 clauses, a list of requirements that need to be met to ensure compliance with the ISO 22301 standard.

The ISO 22301 Clauses

The ISO 22301 is broken down into 10 clauses. The first three clauses provide introductory information and are not mandatory requirements. The remaining seven clauses include the mandatory requirements to be compliant with ISO 22301 standards. The 10 ISO 22301 clauses are:

Scope The overall scope of the ISO 22301 standard.
Normative references References and terms used through ISO 22301 explained.
Terms and definitions Definitions of terms within ISO 22301 explained.
Context of the organization Put the organization in context to understand the requirements of the continuity management system. This section will help define the organization, its structure, any external obligations, and potential risks.
Leadership Clear leadership is needed during times of business disruption. This helps to layout management policy, responsibility, and actions in relation to the business continuity management system.
Planning Planning is an important part of risk management. This clause sets out clear aims for the system, the risks involved, and its success criteria.
Support Ensures resources are appropriately placed to respond to an incident, and stakeholders are informed and prepared for their roles in mitigating disruption.
Operation An important clause, it deals with the plans for business continuity including steps to return to normal levels of operation. The first step is an internal audit to highlight potential risks to production and how it may affect the operation. There is an emphasis on testing business continuity plans through this exercise to prove they function.
Performance evaluation Requirements for evaluating performance through internal audits and reviews against defined metrics.
Improvement The steps needed to continuously improve the business continuity management system using reviews and internal audits.

The Benefits of ISO 22301

Business disruption can mean the loss of service and earnings, as well as damage to reputation. A business disruption management system will minimize disruption and outline the steps to regain normality. The ISO 22301 is the international standard for dealing with business disruption. ISO 22301 compliance can bring the following benefits:

Prove compliance with business continuity regulation and laws, and as a result reduce or avoid penalties.
Best-in-industry policies for disruption management promote a reputation for resilience with customers and partners.
Clearly documented continuity processes give assurance to all areas of the organization.
Prevent potential disruption through proper risk management, saving time and money.
Develop a systematic approach to business disruption and the return to normal operation.

ISO 22301 Certification

Certification is a way of showing that a best-practice business continuity management system is in place. The system will build business resilience, whilst accreditation will build reputation. It proves to regulators that the organization is compliant with ISO 22301, the international standard of business continuity management. Accreditation is a clear trust signal to both customers and potential partners. It indicates a resilient organization, with clear risk management processes in place. Certification is also important to the organization itself. It ensures that the system is fully integrated and that best-practice processes are embedded. These processes will have been tried and tested by the organization, giving peace of mind in times of disruption.

Diligent Can Help

Diligent Compliance software will help streamline ISO 22301 compliance in your organization. Perform compliance monitoring against ISO 22301, spot gaps, identify risks and turn this into a project plan for your team to ensure continual improvement within your compliance program. Book a demo with Diligent Compliance today.