ISO 22301 Certification

The adoption of a Business Continuity Management System (BCMS) for an organization ensures the adoption of a culture, meticulousness and a continuous improvement approach to ensure that a single and unique Management System secures the company’s resilience. This system must integrate the controls on the people, installations, technology, processes as well as on third parties.

The adoption of a BCMS may be implemented to obtain an ISO 22301: 2012 Certification, which guarantees, just like the other ISO certifications, compliance with the BCMS established in accordance with the standard’s requirements.

The certification has an undeniable Sales and Marketing effect on your customers and investors, besides the fact that it authenticates your success in establishing the culture of Continuity.



Our approach

Based on our experience implementing continuity plans, coupled with our knowledge of the standards (ISO 27001, PCI DSS…) we adopt a pragmatic and agile approach for the establishment of the BCMS, which follows the Deming wheel (Plan – Do – Check – Act) as shown below:


Our assets

Assisting our customers in the implementation of the ISO 22301 standard was designed as an added-value offering through:

- The carrying out of the mission by expert consultants:
  • Trained consultants that are certified in: L.A ISO 22301, L.I ISO 22301, CISA, PCI QSA, PA QSA, CISSP, L.A ISO 27001, L.I ISO 27001
  • Qualified consultants: demonstrated experience on similar projects
- The benefit of in-depth preliminary work on the ISO 22301 approaches:
  • Support in the reading and the application of the standard (synoptic, entry, exit, etc.)
  • Expertise and specific tools for risk analysis
  • Specification work of the SoA indicators and of the ISO 22301 dashboards
- Critical reading of the standard:
  • The standard is largely redundant and requires a specific reading
  • The 22301 approach is not a guarantee of suitable quality but rather of continuous improvement
  • The 22301 approach contributes to regulatory requirements (e.g. PCI-DSS) subject to adjustments of the approach
- A globally recognized accreditation as a PCI QSA and PA QSA
- An implementation methodology which guarantees the completion of the mission within the deadlines, in line with the important milestones of the management cycle and of the implementation of the IS

Our references

DATAPROTECT has carried out continuity plan audit missions as well as implemented continuity plans and ISO 22301 certifications for several organizations. We can namely cite: