What is ISO 22301—and why it matters

ISO 22301:2019 provides the requirements for a BCMS that keeps critical services available through disruption and ensures a structured recovery. It integrates naturally with other ISO management systems and follows the Plan‑Do‑Check‑Act cycle for continual improvement. 

Why choose Inoni for ISO 22301 consulting

A proven, time‑efficient process that models dependencies, sets realistic recovery objectives, and integrates training and exercising.

Consultant‑led, standards‑aligned delivery

Our team designs, embeds and tests continuity programmes for diverse industries, with ISO 22301 expertise.
Learn more

A proven, time‑efficient process

We model dependencies, sets realistic recovery objectives, and integrates training and exercising
Learn more

Real‑world proof

Across case studies, including projects focused on ISO 22301 outcomes.
Learn more

Software‑supported outputs

So plans are consistent, maintainable and easy to access—without heavy admin.
Learn more

I wanted to let you know the audit went extremely well. The auditor was very positive about the system, particularly the BCP and BIA, and how easy they were to follow and understand even on first viewing. She was also very complimentary about the runbooks and how everything is contained on just a couple of concise pages that make it easy for someone to know exactly what is required.

What we deliver

A structured suite of services that builds a robust, auditable and fully aligned BCMS (click + to expand each):

ISO 22301 Gap Assessment & Roadmap

We assess your current programme against ISO 22301 requirements (context, leadership, planning, support, operation, performance evaluation and improvement) and produce a priority‑ordered roadmap with effort, owners and evidence needs.

BCMS Design & Documentation

We define BC policy, roles, objectives and governance; establish document control; and build a pragmatic BCMS that fits your organisation and interfaces cleanly with existing ISO systems. 

Business Impact Analysis (BIA) & Risk Assessment

We run focused BIA to identify critical processes, tolerable downtime, dependencies and recovery priorities; we assess disruption risks and select proportionate strategies.

Strategy, Plans & Runbooks

We translate BIA insights into strategies, response structures and scenario runbooks (including cyber/IT scenarios) so teams know exactly what to do when it matters.

Exercising, Awareness & Training

We design and facilitate tabletop exercises and simulations, building confidence and generating evidence for audits and stakeholders.

Internal Audit & Certification Readiness

We prepare evidence packs, run internal audits and management review, and support you through Stage 1 / Stage 2 with your chosen certification body.

What you get

  • ISO 22301 gap report and prioritised roadmap with evidence matrix.
  • BC policy, roles, objectives, governance artefacts and document control.
  • BIA outcomes (critical activities, MTPD/RTO, dependencies) and risk assessment.
  • Response structures, plans, and scenario runbooks (incl. ransomware / SaaS outage options).
  • Exercise design, facilitation outputs and actions. 
  • Internal audit pack and management review inputs ahead of certification.

 

How we've helped other clients achieve ISO 22301 certification

Case study: From insurance requirement to sustained ISO 22301 maturity

20/02

Case study: From insurance requirement to sustained ISO 22301 maturity

Read more
BCP for a European Medical Equipment Provider

18/06

BCP for a European Medical Equipment Provider

Read more
Business continuity management for an IT Managed Service Provider

25/01

Business continuity management for an IT Managed Service Provider

Read more
Business continuity planning for an aerospace manufacturer

13/01

Business continuity planning for an aerospace manufacturer

Read more

Results we’re known for

Our consultants help clients map realistic recovery tolerances, align BC with technology recovery, and pass stakeholder or certification scrutiny without turning the BCMS into an administrative burden. See some ISO22301 case studies here

 

Speak to the Business Continuity Planning Specialists Today

Every organisation faces risks, whether operational disruptions, compliance challenges, or unexpected crises. At Inoni, we help you proactively strengthen your business with expert Business Continuity Planning (BCP), Crisis Simulation and Readiness solutions.

By speaking with us, you’ll discover:

  • Gaps in your current resilience strategy and how to address them
  • Practical, tailored solutions to enhance crisis preparedness
  • Proven methods to ensure your team is trained and ready for any disruption

FAQs

Do we need ISO 22301 certification, or is alignment enough?
Certification adds audit rigour and a third‑party certificate; many organisations start with alignment and move to certification when a regulator, customer or tender requires it. The requirements are the same—the difference is formal auditing and evidence depth.

How does ISO 22301 interact with risk, quality or security standards?
ISO 22301 follows the ISO high‑level structure, so it integrates with systems like ISO 9001 or 27001—shared clauses make governance and audits more efficient.

What changed in the 2019 revision and 2024 amendment?
The 2019 update improved clarity and aligned with current practice; the 2024 amendment introduces climate‑action changes—worth including in scope/risk reviews.

How long does certification take?
Timelines depend on scope and readiness; we typically compress groundwork into focused sprints, then support Stage 1/Stage 2 audits with your chosen certifier.