© ISO 2012Societal security — Business continuity management systems — Requirements Sécurité sociétale — Gestion de la continuité des affaires — ExigencesINTERNATIONAL STANDARDISO 22301 First edition 2012-05-15 Reference number ISO 22301:2012(E)--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---ISO 22301:2012(E) ii © ISO 2012 – All rights reservedCOPYRIGHT PROTECTED DOCUMENT © ISO 2012 $OOULJKWVUHVHUYHG8QOHVVRWKHUZLVHVSHFL¿HGQRSDUWRIWKLVSXEOLFDWLRQPD\EHUHSURGXFHGRUXWLOL]HGLQDQ\IRUPRUE\DQ\PHDQV HOHFWURQLFRUPHFKDQLFDOLQFOXGLQJSKRWRFRS\LQJDQGPLFUR¿OPZLWKRXWSHUPLVVLRQLQZULWLQJIURPHLWKHU,62DWWKHDGGUHVVEHORZRU,62¶V PHPEHUERG\LQWKHFRXQWU\RIWKHUHTXHVWHU ,62FRS\ULJKWRI¿FH &DVHSRVWDOH‡&+*HQHYD Tel. + 41 22 749 01 11 )D[ (PDLOFRS\ULJKW#LVRRUJ Web www.iso.org 3XEOLVKHGLQ6ZLW]HUODQG --`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---ISO 22301:2012(E) © ISO 2012 – All rights reserved iiiContents 3DJH Foreword ............................................................................................................................................................................ iv 0 Introduction ..................................................................................................................................................................... v 0.1 General .......................................................................................................................................................................... v 0.2 The Plan-Do-Check-Act (PDCA) model ................................................................................................................ v 0.3 Components of PDCA in this International Standard ...................................................................................... vi 1 Scope ...................................................................................................................................................................... 1 2 Normative references ......................................................................................................................................... 1  7HUPV DQGGH¿QLWLRQV ......................................................................................................................................... 1 4 Context of the organization .............................................................................................................................. 8 4.1 Understanding of the organization and its context .................................................................................... 8 4.2 Understanding the needs and expectations of interested parties ......................................................... 9 4.3 Determining the scope of the business continuity management system ........................................... 9 4.4 Business continuity management system ................................................................................................. 10 5 Leadership ........................................................................................................................................................... 10 5.1 Leadership and commitment ......................................................................................................................... 10 5.2 Management commitment ............................................................................................................................... 10 5.3 Policy .................................................................................................................................................................... 11 5.4 Organizational roles, responsibilities and authorities ............................................................................ 11 6 Planning ...................................................................................................................................