ODO24 Logo
ODO24 Logo
ODO24 Logo

Implementation of ISO 22301 continuity management of the BCM

Every company is exposed to unexpected crises. How can you effectively manage business continuity? How do you ensure stability in the face of unexpected events, such as failures, fires or other crises?

Ask about the offer.

ISO 22301 is the international standard for business continuity management (BCM) systems.

A burning office, a drawing.

Effects of the implementation of ISO 22301

Policy and continuity plan

Methodology for conducting the Business Impact Analysis

Methodology for carrying out risk analysis

Schedule with test plan template

Emergency plans and recovery procedures

Templates of communications, internal audit procedure

What is the ISO 22301 Business Continuity Management (BCM) system

BCMS (Business Continuity Management System) is a solution that helps companies identify potential risks. Moreover, it introduces effective strategies and solutions that influence the reduction of the probability and impact of disruptions and downtime on the continuation of business operations.

This appropriation is intended to cover expenditure on technical assistance for the implementation of the Joint Undertaking.

The main objectives of BCM in your company are:

  • Ensure continuity of operation: Key business functions and processes can continue even in crisis situations.
  • Reputation protection: The faster and more effectively you respond to incidents that could negatively impact the company's reputation, the better you protect your brand image.
  • Protection of values: You can protect key organisational assets, such as information, technology, human and financial resources.
  • Minimising financial losses: Preparing and effectively implementing crisis response plans guarantees fewer disruptions to operations.
  • Ensuring compliance with regulations: You will fulfil legal, regulatory, contractual and other obligations regarding business continuity and crisis response.

Who should implement the ISO 22301 certification?

Large corporations:For many companies that have a complex operational structure and are exposed to a variety of risks, the implementation of ISO 22301 may be key to ensuring continuity of operations and reputational protection.

Public organisations:Public authorities providing key services to society, such as water supply, energy or health services, should consider implementing this standard to ensure continuity of these services in crisis situations.

Small and medium enterprises:Even if your organisation is smaller, disruptions to operations can have serious consequences. Implementing ISO 22301 can help identify potential threats and develop appropriate response strategies.

Organisations operating in high risk sectors:Companies operating in sectors such as finance, telecommunications, transport or energy, where problems can have serious consequences for society, should consider implementing this standard.

Organisations operating globally:Companies with operations spread across the globe may be exposed to a range of threats, such as natural disasters, political conflicts or supply chain disruptions. Implementing ISO 22301 can help manage these risks.

Suppliers of key services or products:If your company provides products or services that are critical to the operations of other organisations (e.g. IT suppliers or component manufacturers), implementation of ISO 22301 may be required or recommended by your clients.

Expect the best, but prepare for the worst!

Only by assessing foreseeable threats can you develop an effective protective mechanism. With BCM, when unforeseen threats occur, you will prepare the structure of your organisation to respond quickly and effectively. Don't wait - minimise the negative impact and quickly resume normal operations.

Tomasz Ochocki - head of the content team
A burning office, a drawing.

ISO 22301 standard helps with:

  • Understanding the needs and obligations of the organisation towards customers and other stakeholders
  • Identification of key risk factors affecting the effectiveness and duration of the organisation's activities
  • Planning, establishing, implementing and maintaining a business continuity management system
  • Measuring an organisation's overall incident management capacity
  • Ensure compliance with good practice in business continuity policies, which can be confirmed by a certification body.

What our customers say about our services

Marcin Wieczorek

Wojas

foto-lizard-media.jpg

I am very impressed with the high level of substantive expertise of the training staff"

From 13 to 17 March I attended the "Course for Information Security Administrators" organized by ODO 24 sp. z o.o. I am very impressed with the high substantive level of the training staff and the comprehensive program. Working as an ABI requires knowledge not only of legal provisions but also of IT matters, which ODO 24 took into account. Noteworthy is the curriculum, which gradually introduces increasingly advanced nuances of personal data protection, starting from the legal basics and ending with practical aspects of auditing and working with documents within a company. The complete set of materials, editable documents and publications I received will facilitate my daily work as an ABI. I can certainly recommend ODO 24 as a reliable partner offering training services of a high standard.

Magdalena Węglewska

Mazda

foto-mazda.jpg

We can wholeheartedly recommend ODO 24 as a professional and reliable partner"

For many years we have consistently placed great importance on the protection of the personal data of our customers as well as our employees. We took an active part in creating the "Code of Good Practice for the Protection of Personal Data of Customers and Potential Customers,” developed jointly by GIODO and the Polish Automotive Industry Association. Due to the complexity and variability of the rules on personal data protection, as well as Mazda’s dynamic development in Poland and the increasing volume of data we process, we decided to entrust the ABI function to a company specialized in this field. The decision to use the services of ODO 24 was primarily influenced by the experience and competence of the team of experts, the comprehensiveness of the offering and its flexibility in adapting to our organization. After a year of cooperation we can recommend ODO 24 as a professional and reliable partner.

Agnieszka Karłowicz

Spiżarnia

foto-spizarnia.jpg

A practical approach, continuous advisory availability, and positive working relationships"

We have been working with ODO24 for over a year. For us it has been a year of peaceful breathing and a sense of security: at least regarding personal data protection :-) The people at ODO are professionals who explain matters that are incomprehensible to the average person in an understandable way. They understand not only their profession but, which is very important to us, business and its requirements. A practical approach, constant advisory availability, and great relationships — all of this means I can recommend this Company to anyone who wants to work and sleep peacefully.

Tomasz Siwicki

Gefco

foto-gefco.jpg

I recommend the company ODO 24 as a professional partner"

For several years we have been cooperating with ODO 24 in the field of personal data protection. A professional team that efficiently helped us to comply with the requirements of the GDPR. We make use not only of the experts’ knowledge but also of professionally prepared e‑training, thanks to which we were able to train several hundred employees in a very short time. I highly recommend ODO 24 as a professional partner delivering services at the highest level.

See all references
ISO 22301 Icon

Implementation of ISO 22301 questions and answers

What is included in the implementation of ISO 22301 (BCM)?
Implementation of the Business Continuity Management System (BCMS) based on the ISO 22301 standard encompasses a number of stages and activities aimed at ensuring the organisation's ability to respond and adapt in the event of disruptions. The main components of BCM implementation are:
  • Understanding of the organisational context: Identify stakeholders, understand the requirements and define the scope of BCM.
  • Management commitment: Management must be engaged in the process, providing appropriate resources and support.
  • Risk assessment: Identify and assess potential threats and their impact on the organisation's operations.
  • Business Impact Analysis (BIA): An analysis that helps to understand which processes are critical to the organisation's operations and what the consequences of their disruption might be.
  • Business continuity strategy: Develop strategies that enable the organisation to continue operations or quickly restore them after a disruption.
  • Development of business continuity plans: Creating concrete plans that describe what needs to be done in the event of a disruption.
  • Training and awareness: Ensure that employees are aware of the business continuity plans and know what steps to take in the event of a disruption.
  • Communication: Determine how to communicate with stakeholders in the event of a disruption.
  • Testing and review: Regularly test and review business continuity plans to ensure that they are effective.
  • Documentation: Maintain appropriate documentation covering all aspects of BCM, including policies, procedures, plans and records.
  • Resources: Ensure appropriate resources (human, technical, financial) necessary to maintain and test BCM.
  • Conducting an internal audit: Regular internal audits help identify areas for improvement.
  • Management review: Management should regularly review the effectiveness of BCM and make decisions regarding its improvement.
  • Certification: If an organisation wishes to obtain ISO 22301 certification, it will be necessary to carry out an audit by an independent third party.
Who is ISO 22301 (BCM) intended for?
  • Enterprises in critical sectors: Banks, healthcare facilities, energy and telecommunications — sectors where an interruption to operations can have serious consequences for society.
  • Organisations with a global reach: Companies that operate in multiple markets and depend on a complex network of suppliers.
  • Businesses in high-risk environments: Companies exposed to natural disasters such as fires, floods or earthquakes.
  • Businesses operating online: E-commerce, platforms providing online services or data centres – where continuity of operations is the key to maintaining customers' trust.
  • Public institutions: National and local government administration bodies that must ensure the uninterrupted provision of services to citizens.
  • Companies with long production cycles: Companies for which production downtime results in multi‑million losses.
  • Service providers: Companies offering critical services such as IT, logistics or security.
  • Companies with high brand value: For whom any incident can result in reputational damage in the eyes of customers and business partners.

If your organisation falls under any of the above points, or you simply want to be sure that in the event of unforeseen circumstances you are well prepared - a business continuity management system in accordance with ISO 22301 is for you!

How to recognise that ISO 22301 (BCM) is well implemented?
  • Documentation: All required procedures, policies and instructions are appropriately documented and kept up to date.
  • Employee training: Personnel are regularly trained in business continuity, and their knowledge is regularly tested.
  • Risk analysis: Risk analyses are carried out systematically, identifying potential threats and their impact on the organisation's operations.
  • Strategies and mitigation measures: Strategies and mitigation measures are defined that correspond to the identified risks.
  • Regular tests and exercises: Regular tests and outage simulations are carried out to verify the effectiveness of plans and the preparedness of personnel.
  • Communication: There is a clear internal and external communication plan in the event of an outage.
  • Continuous improvement: The system is regularly reviewed and updated based on findings from tests and exercises, and on changes in the business environment.
  • Management commitment: Management is involved in the business continuity management process and actively supports its implementation.
  • Compliance with the standard: Regular internal and external audits are carried out that confirm the system's compliance with the requirements of the ISO 22301 standard.
  • Appropriate resources: The organisation provides appropriate resources (human, technical, financial) for the effective management of business continuity.
Who conducts the implementation of ISO 22301 (BCM)?

The implementation of a business continuity management system in accordance with ISO 22301 is a complex process that involves many units within an organisation. At the head of this process are typically business continuity specialists. They possess the specialist knowledge and experience that allow them to direct the implementation of appropriate strategies and procedures. Organisations also frequently make use of external consultants. These are advisory firms and independent experts who specialise in the implementation of ISO standards. Their experience and objective perspective are often invaluable in identifying best practices and avoiding pitfalls.

Internally, the implementation process is often coordinated by project teams. They are composed of representatives from different departments who collaborate to adapt the system to the organisation's individual needs. IT departments play a key role, especially regarding the technological aspects of the implementation. Thanks to them, digital systems are configured in a way that enables business continuity in crisis situations. The security department is another key player in this process. They identify potential threats and implement appropriate protective measures, covering both physical and information security.

Organisational management also plays an invaluable role. Their active engagement and support are necessary at every stage of the implementation. Strategy, resources and the direction of actions depend on them. However, employees must not be forgotten. They, working day-to-day within the organisation, will have to follow the new procedures. Therefore their training, understanding and engagement are key to the success of the entire endeavour. Finally, it is worth mentioning auditors, both internal and external. They carry out regular audits aimed at ensuring compliance with the standard and identifying areas requiring improvement. In some cases, implementing the system may also require cooperation with partners and suppliers. If the organisation's operations are closely linked with those of other entities, their active involvement in the process may be necessary to achieve full business continuity.

What is the cost of implementing ISO 22301?
Prices can vary greatly. They depend on the type of activity, the size of the organisation, the territorial scope of operations and also on the scope of specific activities. We can answer this question definitively once we establish the basic information, therefore we encourage you to send a request for proposal.
What should I do if I have not found an answer to my question?
Use the contact form and send us your question. We usually reply within 1-2 hours on working days.

Our greatest value is the trust of our customers.

Maciej Kaczmarski

How can we assist you today?

Please contact us and we will find a solution.
Cezary Łutyński
Marcin Kuźniak
Form decoration

Use the form

The data controller will be ODO 24 sp. z o.o. with its registered office in Warsaw at ul. Kamionkowska 45. Your data will be processed for the purpose of preparing, sending and archiving the cooperation offer. More information can be found in the Privacy Policy

ISO 22301 What is a continuity management system? | ODO 24