cybersecurity and encryption

ISO 22301 Standard

Cyber-attacks, pandemics, heavy snowfalls, computer failures, supplier shortages, etc. Sound familiar? Every organization, regardless of its size, sector or complexity, needs to be prepared to manage and respond appropriately to disasters and business interruptions.

Business continuity is the ability of an organization to guarantee the provision of its products or services, at an acceptable and predefined level, after a disruptive incident.

What is ISO 22301

ISO 22301 is the internationally recognized standard that determines the requirements for implementing, operating, monitoring, reviewing, maintaining and improving a Business Continuity Management System (BCMS), which guarantees the continuity of activities and the recovery of business processes in the event of a disruptive event, improving resilience and minimizing the consequences of such events.

Importance of ISO 22301

ISO 22301 serves as a framework on which to build a Business Continuity Management System (known as BCMS), enabling organizations to be prepared to continue operating during business disruptions. The requirements of the standard are intended to be applied and adapted to all types of organizations, regardless of the type, size, sector and nature of the organization.

Structure of the ISO 22301 Standard

01 - Purpose and field of application

02 - Standards for consultation

03 - Terms and definitions

04 - Context of the organization

05 - Leadership

06 - Planning

07 - Support

08 - Operation

09 - Evaluation

10 - Improvement

How it relates to BS 25999-2

ISO 22301 has its origins in the British standard BS 25999-2, published in 2007 and was the first certifiable and auditable standard related to business continuity management. It soon became the reference standard for the implementation of Business Continuity Management Systems until it was finally replaced by ISO 22301 in 2012.

ISO 22301 requirements on Business Continuity

Among all the requirements of the standard, we can highlight the following key aspects, which are fundamental to achieve adequate continuity management in the organization:

Study of the starting situation and degree of maturity of the organization in terms of business continuity. Including the analysis of aspects such as; size and type of services offered, legal requirements, roles and responsibilities, needs and expectations of management and third parties, etc.

Document that enshrines the purposes and commitments of the Organization with business continuity, establishing the objectives and principles pursued. The Policy serves as the overall framework and guide for the BCMS, and therefore must be approved, communicated and reviewed periodically.

The process of evaluating the Organization’s activities and the effects that a disruption in these activities could have on the Organization. This process is a basic pillar since it allows the identification of critical activities, their dependencies and resources required to operate at a minimum acceptable level.

Identification, analysis and evaluation of the main vulnerabilities and threats that could affect the continuity of the Organization’s activities, as well as the current safeguards, with the objective of designing corrective plans to reduce the most critical current continuity risks.

Identification of disaster scenarios and selection of continuity strategies for the organization’s critical activities, including the action times and resources required to meet the time and capacity objectives determined.

Documented procedures that guide the Organization, its personnel and response teams, in the detection, escalation and declaration of a crisis, as well as in the response and resumption of operations, in a coordinated and planned manner, at a predefined level after the disruption.

Procedures that contemplate the guidelines for testing and measuring the effectiveness of the plans, allowing to verify that the most critical activities can be recovered as planned, safely and effectively by previously trained personnel.

Definition of maintenance, review and continuous improvement procedures where monitoring activities are established that allow the BCMS to be updated with respect to business changes, new threats, compliance deviations, improvements or corrections, etc.

Which companies should be certified to ISO 22301

All companies and organizations, public or private, regardless of their type, size and sector, that need to be able to continue to deliver products and/or services quickly and with acceptable capacity during a disruption that could paralyze their operations.

Benefits for companies of complying with ISO 22031

Among the many benefits of complying with the standard, we can highlight that, in the event of an event that paralyzes an organization’s operations, having an ISO 22301-compliant BCMS will provide the organization with the following advantages:

Avoid improvisations, act according to pre-established plans and strategy.

Minimize downtime of processes, services and systems.

Control financial, legal, operational and image impacts.

Plan resources and set realistic priorities and objectives.

Building organizational resilience for effective response.

Prepare personnel and ensure maintenance of the plans.

Which companies should apply it

Once the Business Continuity Management System has been implemented, it is possible to certify it in order to have a seal of conformity, guaranteeing its optimal implementation, operation and maintenance.

To do so, it is necessary to pass an external compliance audit with an authorized entity.
Having the ISO 22301 certification allows to control and promote the continuous improvement of the Management System, giving credibility not only to the expected results, but also to the needs and objectives of the organizational strategy. Consequently, the organization will have a reputational and image benefit in the eyes of customers, suppliers and other interested parties.

Do you need more information about

ISO 22301?

Contact our cybersecurity specialists and they will advise you on what is best for your company.


+34 91 309 86 00


Family of SATCOM On The Move (SOTM) terminals for vehicular installation and stable mobile connection

SGoSat is a family of high-tech SOTM (Satellite Comms On The Move) terminals that are installed in a vehicle, providing the ability to target and maintain a stable connection to the satellite when the vehicle is in motion in any type of conditions.

The SGoSat family is composed of versatile terminals, which can be installed on any type of platform: trains and buses, military and/or government vehicles, aircraft, ships, etc. Originally designed for the military sector, SGoSat terminals are extremely reliable and robust, integrating high-performance components that comply with the most stringent environmental and EMI/EMC regulations. The product uses low-profile, high-efficiency antennas and a high-performance positioning and tracking unit, allowing the terminal to be operated anywhere in the world.

In order to meet the diverse needs of its customers, INSTER has developed single band and dual band terminals in X, Ka and Ku frequencies.

The SGoSat family of terminals can also be configured with a wide range of radomes (including ballistic options) to suit customer requirements.