ISO 22301:2019 pdf download.Security and resilience一Business continuity management systems一Requirements
1 Scope
This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise.
The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.
This document is applicable to all types and sizes of organizations that:
a) implement, maintain and improve a BCMS;
b) seek to ensure conformity with stated business continuity policy;
c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption;
d) seek to enhance their resilience through the effective application of the BCMS.
This document can be used to assess an organization's ability to meet its own business continuity needs and obligations.
3.2 audit
systematic, independent and documented process (3.26) for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled
Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party),and it can be a combined audit Ccombining two or more disciplines).
Note 2 to entry: An internal audit is conducted by the organization (3.21) itself, or by an external party on its behalf.
Note 3 to entry: "Audit evidence" and“audit criteria”are defined in ISO 19011.
Note 4 to entry: The fundamental elements of an audit include the determination of the conformity (3.7) of an object according to a procedure carried out by personnel not being responsible for the object audited.
Note 5 to entry: An internal audit can be for management review and other internal purposes and can form the basis for an organization's declaration of conformity. Independence can be demonstrated by the freedom from responsibility for the activity (3.1) being audited. External audits include second- and third-party audits. Second-party audits are conducted by parties having an interest in the organization, such as customers, or by other persons on their behalf. Third-party audits are conducted by external, independent auditing organizations, such as those providing certification/registration of conformity or government agencies.
Note 6 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO management system standards. The original definition has been modified by adding Notes 4 and 5 to entry.ISO 22301 pdf download.