business continuity resources

you are here:

Route to ISO 22301 Certification

  • Read and become familiar with ISO 22301 and ISO 22313 (Specification and Guidance Document)
  • Determine the scope of your BCMS (based on your key products and services)
  • If appropriate, review existing BCM arrangements and undertake analysis in line with the requirements of ISO 22301
  • Commence work on your BCMS, aligning this with any existing Management Systems that are in place, to save unnecessary duplication of work. Familiarise yourself with the contents of Annex SL (ISO Guidance Document)
  • Identify internal training needs for specific BCM roles as well as your companywide communications process
  • Consider arranging an independent Gap Analysis to identify how your BCMS meets ISO 22301 requirements
  • Identify your preferred Certification Body and make formal application to them. (Allow 3-6 months prior to when you wish to be certified)
  • Consider arranging an independent Pre Certification Assessment to review your progress towards readiness for formal certification
  • Stage 1 certification audit is undertaken by Certification Body. This is a review of the fundamentals of ISO 22301 and will provide a clear indication of preparedness for full certification. Stage 2 certification audit is likely to be 1-3 months later, based on audit findings
  • Stage 2 certification audit is undertaken by Certification Body. This will include a full assessment of all critical locations
  • Certification achieved and certificate issued

What to expect after the certification audit

  • Ongoing surveillance audits by the Certification Body to ensure that your BCMS is being maintained. These will most likely be annually but may be more frequent depending on the nature of your business or the Certification Body’s individual requirements
  • A full re certification audit is likely to take place every three years from original certification date. This will follow a similar format as the initial audit.
  • Internal maintenance of the BCMS is required on an ongoing basis. This will include internal audits, Management Review meetings and documentation reviews. This will be in addition to the maintenance of your BCM arrangements which must also be maintained.

Maintaining the "continual improvement" momentum in BCM

Does the phrase continual improvement turn you cold? Do you feel under pressure to keep reinventing the Business Continuity Management System (BCMS) wheel? …

Business continuity and your stakeholders. Who has a stake in your business?

Who are your stakeholders, how do they affect your business and why should you consider them as part of your business continuity arrangements?

What to expect from your BS 25999 audit

The word audit may conjure up thoughts of fear and dread in peoples' minds and it's true to say that those being audited are understandably anxious about the audit that they are about to go through. This article looks at what the auditor will be expecting to see within your business continuity management system as well as give you some useful hints on what you can do to make the experience as pain-free as possible.

Does your reputation precede you?

This article published on Talking Business Continuity website is about managing your reputation through your communication policies.

Getting your house in order

On pages 31 and 32, Hilary Estall walks us through the many pitfalls which organisations experience when seeking certification and provides advice on avoiding these.

What is Risk Appetite?

July / August 2009, Continuity: The magazine of the Business Continuity Institute, p. 46.

The term is frequently used but not fully understood.

Read an article written by Hilary and first published in Continuity Magazine (courtesy of the BCI at

Exercising business continuity arrangements

In recognition of the fact that exercising business continuity arrangements is one of the least practiced areas of business continuity, Perpetual Solutions in association with BSI Management Systems, has recorded a Webinar about exercising; what to consider beforehand and choosing the most appropriate type of exercise based on current circumstances. It also discusses the requirements of BS 25999:2

If you would like to discuss how to conduct exercises or any other aspects of exercising your business continuity arrangements then please contact Perpetual Solutions and we will be pleased to help you.

Contact us

For further information and advice on how Perpetual Solutions can help your organisation, please contact us at:

Mob: 07525 470589



Download Hilary Estall's profile