By CAS — EGAC-accreditedCAS & EGACBCMS

ISO 22301:2019 — Business Continuity

Build organisational resilience and ensure continuity through disruption. EGAC-accredited BCMS certification for critical operations — updated with Amendment 1:2024 for climate change alignment.

Standard

ISO 22301:2019 + Amd.1:2024

Service type

EGAC accredited

Issued under

EGAC CAB 012418

Audit per

ISO/IEC 17021-6:2014

IAF rule

ISO/IEC 17021-6:2014

Sectors

All sectors

Standards & technical basis

Certified standard

ISO 22301:2019 + Amd.1:2024

Certification-body competence

ISO/IEC 17021-1:2015 · ISO/IEC TS 17021-6:2014

CAS audits and certifies to the requirements of ISO/IEC 17021-1:2015 and ISO/IEC TS 17021-6:2014 — which sets the competence requirements for auditing and certification of business continuity management systems.

Mark & recognition

Carries the EGAC accreditation mark.

What it is

ISO 22301:2019 specifies requirements to plan, establish, implement, operate, monitor, review, maintain, and continually improve a Business Continuity Management System (BCMS) to protect against, reduce the likelihood of, and ensure recovery from disruptive incidents.

Who needs it

Critical infrastructure operators, financial institutions, IT service providers, healthcare organisations, utilities, logistics companies, and any organisation where disruption would have serious consequences for operations, customers, or regulatory compliance.

Benefits of certification

Structured response to disruptions — minimise impact and recovery time
Demonstrates resilience to clients, partners, and regulators
Required by some financial regulators and supply chain contracts
Reduces insurance premiums for business interruption cover
Identifies critical functions and dependencies across the organisation
Builds stakeholder and investor confidence

Frequently asked questions

Common questions

What is a Business Impact Analysis?

A BIA identifies your organisation's critical activities, their dependencies, and the impact of disruption over time. It is a core requirement of ISO 22301 and forms the basis of your continuity strategy.

Does ISO 22301 cover cyber incidents?

Yes — it covers all types of disruptive incidents including cyber attacks, natural disasters, pandemics, supply chain failures, and key personnel loss. It complements ISO/IEC 27001 for information security.

Related services

ISO 9001:2015 + Amd.1:2024

Quality Management Systems

ISO/IEC 27001:2022 + Amd.1:2024

Information Security Management Systems

ISO 22000:2018 + Amd.1:2024

Food Safety Management Systems

Ready to certify against ISO 22301:2019 + Amd.1:2024?

Send us a brief description of your organisation — we’ll come back with a quotation within one working day.

Request a quotation →