Business Continuity & Resilience Certification • ISO 22301, 28000

What Resilience Covers

Organizational resilience encompasses the ability to anticipate, prepare for, respond to, and adapt to incremental change and sudden disruptions. This includes business continuity planning, supply chain security, risk management, and private security operations.

⏱️

Reduced Recovery Time
Meet MTD/RTO targets and minimize business impact

🔗

Supplier Continuity
Secure supply chains and alternative sourcing strategies

📋

Incident Response
Systematic crisis management and communication protocols

✅

Regulatory Compliance
Meet customer and regulatory resilience requirements

Who Needs Resilience Standards?

Risk & continuity managers

Security & operations leaders

Supply chain professionals

Regulated industries

Critical infrastructure operators

Which Standard Do I Need?

Choose the right standard based on your primary resilience focus and operational requirements.

Continuity of Operations

→ ISO 22301

Business continuity management systems for operational resilience, incident response, and recovery planning across all business functions.

Supply-Chain Security Exposures

→ ISO 28000

Supply chain security management for cargo protection, customs compliance, and supply chain risk mitigation.

Private Security Operations

→ ISO 18788

Management systems for organizations providing private security services and protective operations.

Enterprise Risk Framework

→ ISO 31000

Risk management principles and guidelines for establishing enterprise-wide risk management frameworks.

Industry & Contract Requirements

Shipping/Ports: ISO 22301 + ISO 28000 typically required

Power/Utilities: ISO 22301 + cybersecurity standards

Oil & Gas: ISO 22301 + ISO 28000 for supply chain exposure

ISO 22301: Business Continuity Management

The anchor standard for organizational resilience. ISO 22301 provides the framework to identify potential threats, assess their impact, and develop capabilities to minimize disruption to operations.

Faster Recovery

Reduce recovery time objectives (RTO) and meet maximum tolerable downtime (MTD) targets

Stakeholder Confidence

Demonstrate resilience to customers, regulators, and business partners

Competitive Advantage

Win contracts that require business continuity certifications

Regulatory Compliance

Meet sector-specific resilience and continuity requirements

Learn ISO 22301 Get Quote

⏱️

8-16 weeks

to certification readiness

All Resilience & Supply Chain Standards

Comprehensive portfolio of standards covering business continuity, supply chain security, risk management, and private security operations.

CERTIFIABLE

ISO 22301

Business Continuity Management Systems

Requirements to plan, establish, implement, operate and improve a business continuity management system (BCMS).

8-16 weeks implementation 3-year cycle Annual surveillance

Learn more →

CERTIFIABLE

ISO 28000

Supply Chain Security Management Systems

Requirements for a security management system for the supply chain including transport, warehousing, and customs.

10-20 weeks implementation 3-year cycle Surveillance audits

Learn more →

CERTIFIABLE

ISO 18788

Management System for Private Security Operations

Framework for establishing and improving management of private security operations in complex environments.

12-20 weeks implementation 3-year cycle Surveillance required

Learn more →

GUIDANCE

ISO 31000

Risk Management – Guidelines

Principles and guidelines for effective risk management across organizations of all types and sizes.

3-8 weeks framework Guidance only No certification

Learn more →

Industry-Specific Solutions

Tailored combinations of standards addressing specific sector challenges and regulatory requirements.

Shipping & Ports

Key Challenges

Port disruptions, customs holds, cargo theft, vessel delays, terminal shutdowns, supply chain visibility gaps

Expected Outcomes

Rapid incident response, alternative logistics routes, cargo security protocols, customs compliance

ISO 22301 ISO 28000

Get Sector Quote

Power & Utilities

Key Challenges

Grid blackouts, cyber-physical attacks, equipment failures, regulatory compliance, critical infrastructure protection

Expected Outcomes

Service restoration protocols, cyber resilience, backup systems, stakeholder communication

ISO 22301 ISO 27001

Cross-links with cybersecurity standards

Get Sector Quote

Oil & Gas

Key Challenges

Pipeline outages, HSE incidents, security zone breaches, supply chain disruptions, remote operations

Expected Outcomes

Operational continuity, security protocols, emergency response, supply chain alternatives

ISO 22301 ISO 28000 ISO 18788

Where private security applies

Get Sector Quote

Standards Comparison

Compare scope, certification requirements, use cases, and implementation timelines across all resilience standards.

Standard	Scope	Certifiable?	Primary Use Case	Works With	Timeline	Audit Cycle
ISO 22301	Business continuity management across all operations	✓ Yes	Operational resilience & incident response	ISO 27001, ISO 45001	8-16 weeks	3-year + annual surveillance
ISO 28000	Supply chain security from origin to destination	✓ Yes	Cargo security & supply chain protection	ISO 22301, AEO programs	10-20 weeks	3-year + surveillance
ISO 18788	Private security operations management	✓ Yes	Security service delivery & governance	ISO 22301, ISO 45001	12-20 weeks	3-year + surveillance
ISO 31000	Enterprise-wide risk management principles	Guidance only	Risk framework & governance	All management systems	3-8 weeks	No certification

Our Implementation Services

End-to-end support from gap assessment to certification, designed specifically for resilience and continuity management systems.

Gap Assessment

Current state analysis against standard requirements

BIA/RTO Analysis

Business impact analysis and recovery time objectives

BCM Program

Business continuity management system development

Supplier Risk

Supply chain risk assessment and mitigation

Exercises

Crisis simulation and business continuity testing

Mock Audit

Pre-certification audit and readiness assessment

Certification

Support through certification audit process

Discuss Implementation Start with Gap Assessment

Resilience Training Programs

Build internal competency across business continuity, supply chain security, and risk management disciplines.

ISO 22301 Training

Foundation Internal Auditor Implementer Lead Auditor

Complete pathway from awareness to lead auditor certification for business continuity management.

ISO 28000 Training

Foundation Internal Auditor Implementer

Supply chain security management training for logistics and security professionals.

ISO 18788 Training

Foundation Internal Auditor Implementer

Private security operations management for security service providers and operators.

BUNDLE

ISO 31000 Workshops

Foundation Practitioner

Risk management principles and enterprise risk framework development workshops.

BUNDLE

Resilience Bundle

Multi-standard

ISO 22301 Internal Auditor + ISO 28000 Practitioner – Combined training for comprehensive resilience competency.

View Training Schedule Resilience Bundle Details

Frequently Asked Questions

How does ISO 22301 integrate with ISO 27001 and ISO 45001?

ISO 22301 complements information security and occupational health & safety management by providing the continuity framework. Many organizations implement integrated management systems (IMS) combining all three standards with shared processes, documentation, and audit schedules.

Can multi-site organizations have a single resilience certification?

Yes, multi-site certification is possible under ISO 22301, 28000, and 18788. The certification scope must clearly define included locations and operations. Remote sites may be covered through risk-based sampling during audits, provided central management and consistent implementation.

How should we assess suppliers for business continuity?

Supplier assessment should include business continuity questionnaires, site visits for critical suppliers, review of their BCPs, and testing of alternative supply sources. ISO 22301 requires supplier risk assessment and contingency planning for key dependencies.

What's the recommended frequency for business continuity exercises?

ISO 22301 requires regular testing but doesn't specify frequency. Best practice suggests annual full exercises with quarterly tabletop exercises. High-risk processes may need more frequent testing. Document all exercises and track improvement actions.

What KPIs should we track for incident response performance?

Key metrics include: incident detection time, initial response time, recovery time actual vs. objectives (RTO), communication effectiveness, exercise participation rates, and corrective action closure rates. Track trends over time and benchmark against objectives.

How do we handle crisis communications during incidents?

Establish pre-approved communication templates, stakeholder contact lists, and escalation procedures. Designate trained spokespersons, establish communication channels, and integrate with emergency services. Test communication systems during exercises and maintain 24/7 accessibility.

Resilience & Supply Chain: Business Continuity, Supply-Chain Security, and Risk

What Resilience Covers

Who Needs Resilience Standards?

Which Standard Do I Need?

Continuity of Operations

Supply-Chain Security Exposures

Private Security Operations

Enterprise Risk Framework

Industry & Contract Requirements

ISO 22301: Business Continuity Management

Faster Recovery

Stakeholder Confidence

Competitive Advantage

Regulatory Compliance

All Resilience & Supply Chain Standards

ISO 22301

ISO 28000

ISO 18788

ISO 31000

Industry-Specific Solutions

Shipping & Ports

Key Challenges

Expected Outcomes

Power & Utilities

Key Challenges

Expected Outcomes

Oil & Gas

Key Challenges

Expected Outcomes

Standards Comparison

Our Implementation Services

Gap Assessment

BIA/RTO Analysis

BCM Program

Supplier Risk

Exercises

Mock Audit

Certification

Resilience Training Programs

ISO 22301 Training

ISO 28000 Training

ISO 18788 Training

ISO 31000 Workshops

Resilience Bundle

Frequently Asked Questions

Ready to Build Organizational Resilience?