ISO 22301:2019 Mandatory Documents
What should your business continuity documentation contain? This is probably what you’re asking yourself if you are implementing ISO 22301 in your Business Continuity Management System (BCMS) , preparing for an upcoming internal audit, or preparing for a certification audit by external auditors.
Action to be Taken for Each of the Mandatory Documents
To help you out, here’s the list of mandatory documentation for the Business Continuity Management System (BCMS).
Clause | Description of Clause | Action to be Taken |
4.2.1 | List of legal, regulatory and other requirements | Lists everything you need to comply with |
4.3 | The scope of the BCMS and explanation of exclusions | Defines where your BCMS will be implemented. |
5.2 | Business continuity policy | Defines main responsibilities, and the intent of the management. |
6.2 | Business continuity objectives | Defines measurable objectives that are to be achieved with business continuity. |
7.2 | Competencies of personnel | Define knowledge and skills needed by staff with Business Continuity responsibilities |
8.4 | Business continuity plans and procedures | Includes plans and procedures for response, communication, recovery (including disaster recovery plans), restore and return activities. |
8.4.3.1 | Documented communication with interested parties | These could be emails, but also social communication from sources such as government agencies and others. |
8.4.3.1 | Records of important information about the disruption, actions taken and decisions made | Normally these records are done through minutes or by lling out checklists of performed activities. |
9.1.1 | Data and results of monitoring and measurement | Evaluation on whether BCMS meets the objectives |
9.2 | Internal audit program/Results of internal audit | The Internal Audit Report |
10.1 | Nature of non-conformities and actions taken | A description of non-conformities and their causes |
10.1 | Results of corrective actions | A description of what has been done to eliminate non-conformities via corrective actions |