Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
ISO 22301:2019 Business Continuity Management Systems
Role Play
Rating: 3.9 out of 5(6 ratings)
119 students

ISO 22301:2019 Business Continuity Management Systems

Master the BCMS standard end to end — BIA, risk, strategies, plans, exercises, audits, and certification
Created byISO Horizon
Last updated 6/2026
English

What you'll learn

  • Navigate every clause of ISO 22301:2019 with fluency and precision
  • Design and document a defensible BCMS scope and policy
  • Run a Business Impact Analysis that identifies prioritized activities, RTOs, RPOs, and MBCOs
  • Conduct a continuity-focused risk assessment aligned to ISO 31000
  • Select business continuity strategies and solutions that close real capability gaps
  • Write business continuity plans that work under stress, not just on paper
  • Design and run an exercise programme that validates the BCMS over time
  • Plan and execute internal audits and management reviews that drive improvement
  • Prepare for and pass Stage 1, Stage 2, surveillance, and recertification audits
  • Integrate ISO 22301 with ISO 9001, ISO 27001, and other Annex SL standards

Course content

26 sections27 lectures
  • What Is ISO 22301:20199:15
    Welcome to the world of business continuity management. In this lecture you will learn that ISO 22301:2019 is the international standard that specifies requirements for a Business Continuity Management System, often abbreviated BCMS, enabling an organization to prepare for, respond to, and recover from disruptive incidents. You will discover that ISO 22301 was first published in 2012 and revised in October 2019, replacing the earlier British Standard BS 25999. We will explore the standard's purpose, its certifiable nature, and why thousands of organizations across financial services, healthcare, manufacturing, and the public sector pursue certification. You will understand that the standard is generic and applicable to any organization regardless of size, industry, or geography, and that it focuses on managing the likelihood and consequences of disruption rather than predicting every specific threat. By the end you will be able to articulate what a BCMS is, what ISO 22301 requires at a high level, and how a properly implemented system protects revenue, reputation, stakeholders, and lives.
  • The History and Evolution of Business Continuity Standards12:46
    Travel through the lineage of business continuity standards so you can appreciate where ISO 22301 came from and why it looks the way it does. You will learn how disaster recovery emerged in the 1970s as an IT-centric discipline, how the 1990s ushered in broader business continuity thinking, and how the British Standards Institution published BS 25999-1 in 2006 followed by BS 25999-2 in 2007 as the first widely adopted certifiable specification. You will see how those documents seeded ISO 22301:2012, the first truly international BCMS standard, and how ISO/TC 292 revised it in 2019 to align with Annex SL, the common high-level structure shared across modern ISO management system standards. We will also touch on the supporting ISO 22300 family, including ISO 22313 guidance, ISO 22317 for Business Impact Analysis, and ISO 22318 for supply chain continuity. By understanding this history you will grasp why the standard balances flexibility with rigor and why aligning your BCMS with related standards multiplies its value.
  • BCM, Disaster Recovery, Crisis Management, and Incident Response7:49
    Untangle four disciplines that practitioners often confuse and learn how ISO 22301 binds them together. You will learn that incident response handles the immediate tactical reaction to an event, that crisis management addresses strategic decisions and stakeholder communication when reputation and survival are at stake, that disaster recovery focuses on restoring technology infrastructure and data, and that business continuity is the overarching capability that keeps prioritized activities running at acceptable levels during disruption. We will map each discipline onto the BCMS lifecycle, show where Recovery Time Objectives and Recovery Point Objectives fit, and explain how ISO 22301 acts as the umbrella framework that orchestrates all four. You will also see how organizational resilience extends beyond continuity to include adaptive capacity, risk culture, and strategic foresight as described in ISO 22316. By the end you will speak the language with precision and avoid the common trap of treating these terms as interchangeable.
  • The Annex SL High-Level Structure of ISO 223019:18
    Decode the architecture of ISO 22301:2019 by examining Annex SL, the harmonized high-level structure adopted across modern ISO management system standards including ISO 9001, ISO 14001, ISO 27001, and ISO 45001. You will learn that ISO 22301 follows a ten-clause format where Clauses 1 through 3 cover scope, normative references, and terms, while Clauses 4 through 10 contain the actual requirements grouped as Context, Leadership, Planning, Support, Operation, Performance Evaluation, and Improvement. You will see how this structure mirrors the Plan-Do-Check-Act cycle that underpins continual improvement, with Plan corresponding to Clauses 4 through 7, Do to Clause 8, Check to Clause 9, and Act to Clause 10. Understanding this anatomy will help you read the standard fluently, integrate ISO 22301 with other management systems your organization already runs, and recognize the patterns auditors expect to see when evaluating conformity.
  • Section 1 Quiz: Foundations of ISO 22301 and Business Continuity
  • Roleplay: Foundations of ISO 22301 and Business Continuity

Requirements

  • Basic familiarity with corporate governance, risk, or compliance concepts
  • Working knowledge of how your organization delivers products or services
  • No prior ISO certification experience required
  • Comfort reading structured technical documents in English
  • Access to your organization's processes if you plan to apply the content immediately

Description

This course contains the use of artificial intelligence.

When a cyber attack, supplier collapse, pandemic, or natural disaster hits your organization, the difference between a controlled response and operational chaos is whether someone built a real Business Continuity Management System before the lights went out. ISO 22301:2019 is the international standard that defines what good looks like, and certification to it is now expected by regulators, customers, insurers, and boards across financial services, healthcare, manufacturing, technology, and government. This course gives you a complete, accurate, and practical walkthrough of every clause so you can build, operate, or audit a conforming BCMS with confidence.

You will work through the standard clause by clause, starting with the foundations of business continuity and how ISO 22301 relates to disaster recovery, incident response, crisis management, and organizational resilience. You will master Clause 4 on organizational context and scope, Clause 5 on leadership and policy, and Clause 6 on planning and continuity objectives. You will then dive deep into Clause 7 on resources, competence, awareness, communication, and documented information, before tackling Clause 8 — the operational heart of the standard — covering Business Impact Analysis, risk assessment, strategy selection, plan development, the exercise programme, and capability evaluation. You will finish with Clause 9 on monitoring, internal audit, and management review, Clause 10 on nonconformity and continual improvement, and a full walkthrough of the Stage 1 and Stage 2 certification audit process, surveillance audits, recertification, and integration with ISO 9001, ISO 27001, and other Annex SL standards.

This course is built for business continuity managers, risk and compliance professionals, internal auditors, IT disaster recovery leads, consultants preparing clients for certification, and operations leaders responsible for resilience. No prior ISO certification experience is required, though basic familiarity with corporate governance and risk concepts will help. By the end you will be able to scope a BCMS, run a BIA, conduct a continuity risk assessment, select strategies, write usable plans, design exercises, audit conformity, and lead an organization through certification.

Enroll today and gain the structured, standard-aligned knowledge that turns business continuity from a binder on a shelf into a genuine capability your organization can rely on when the worst day arrives.

Who this course is for:

  • Business continuity and resilience managers building or maturing a BCMS
  • Risk, compliance, and internal audit professionals supporting certification
  • IT disaster recovery leads who need to align with the umbrella BCMS framework
  • Consultants and auditors preparing clients for ISO 22301 certification
  • Operations, security, and governance leaders accountable for organizational resilience