FREE GUIDE
How to Implement ISO 22301 in 12 Steps
Get the free, step-by-step guide to building your BCMS and achieving ISO 22301:2019 certification—from defining scope through your certification audit.
WHAT'S INSIDE
The 12 steps inside the free ISO 22301 guide
01
Scope of the BCMS
Define what is included, where boundaries sit, and which teams, assets, and systems the AIMS covers.
02
Gap Analysis
Compare your current business continuity practices against ISO 22301:2019 requirements before you build.
03
Management Support
Secure leadership commitment, ownership, resources, and a clear reason for the certification project.
04
BC Policy
Create the policy foundation that communicates intent, responsibilities, and expectations across the organization.
05
AI Inventory
Build an inventory of AI systems and the data and model assets they depend on, with clear ownership for each.
06
Risk Management Methodology
Set the scoring approach, risk criteria, and repeatable method your team will use for decisions.
07
Risk Assessment
Identify, analyze, and prioritize information security risks before deciding how to treat them.
08
Risk Treatment
Choose controls, document decisions, and create a treatment plan that connects risks to action.
09
Competence & Awareness
Make sure people understand their responsibilities and can prove awareness when the auditor asks.
10
Performance Evaluation
Track whether the BCMS is working through monitoring, internal audits, and management review.
11
Improvement
Handle nonconformities, corrective actions, and continuous improvement without losing momentum.
12
Certification Audit
Prepare for Stage 1 and Stage 2 audits with the right evidence, mindset, and process readiness.
Aron Lange · GRC Lab