Resilience & Supply Chain

Keep operations running and suppliers secure. Reduce downtime, secure your supply chain, and satisfy customer due-diligence with ISO 22301 continuity + ISO 28000 supply-chain security, with 18788 and 31000 where needed.

Get a Quote Compare Standards View Training

Filter by:

All Standards

Continuity

Supply Chain Security

Private Security

Enterprise Risk

Ports & Terminals

Logistics & 3PL

Power/Utilities

Oil & Gas

What Resilience & Supply Chain Covers

This family addresses operational continuity and supply chain security — the foundations of business resilience in an interconnected world.

Key challenges we solve:

Operational outages — Unplanned downtime from systems failures, natural disasters, or cyber incidents
Supplier failures — Dependencies on vendors that may fail or be compromised
Port/logistics disruptions — Supply chain bottlenecks at critical transportation nodes
Security incidents — Theft, sabotage, or unauthorized access in supply chains
Due-diligence gaps — Inability to demonstrate preparedness to customers, regulators, or insurers

Which standard do I need?

Continuity of operations Business continuity management, disaster recovery, operational resilience → ISO 22301

Supplier/port/logistics security Supply chain security, cargo protection, vendor screening → ISO 28000

Private security operations Security contractor management, armed security, protective services → ISO 18788

Enterprise risk governance Risk management framework, governance structure, risk appetite → ISO 31000 (Guidance)

Standards in This Family

Four complementary standards that work together to build comprehensive organizational resilience.

ISO 22301

Business Continuity Management Systems

Plan and prove continuity. Set RTO/RPO, run exercises, pass audits. The foundation standard for operational resilience and disaster recovery.

CERTIFIABLE ANCHOR POPULAR #5

Finance IT Services Power/Utilities Shipping/Ports

Learn More Get Quote

ISO 28000

Supply Chain Security Management Systems

Harden supply-chain security. Screen suppliers, control cargo flows, reduce theft. Essential for logistics and transportation.

CERTIFIABLE

Shipping/Ports Transport/Logistics Manufacturing

Learn More Get Quote

ISO 18788

Management System for Private Security Operations

Govern private security operations against recognized principles. Framework for security contractors and protective services.

CERTIFIABLE SPECIALIZED

Defense Government Oil & Gas

Learn More Get Quote

ISO 31000

Risk Management — Guidelines

Embed enterprise risk management. Guidance, not certifiable. Provides principles and framework for systematic risk management.

GUIDANCE

All Industries

Learn More Consulting

No standards match the selected filters. Reset filters

Sector-Specific Bundles

Common combinations of standards tailored to specific industry requirements and risk profiles.

⛴

Ports & Terminals

Operational continuity plus supply chain security for port operations and cargo handling.

ISO 22301 ISO 28000

Learn More

🚛

Logistics & 3PL

Business continuity and supply chain security for logistics providers and freight forwarders.

ISO 22301 ISO 28000

Learn More

⚡

Power/Utilities

Business continuity for critical infrastructure. Often combined with ISO 27001 for cyber security.

ISO 22301 + ISO 27001

Learn More

🛢

Oil & Gas

Comprehensive resilience including business continuity, supply chain security, and private security where applicable.

ISO 22301 ISO 28000 ISO 18788

Learn More

Standards Comparison

Detailed comparison to help you choose the right standard or combination for your organization.

Standard	Scope	Certifiable?	Primary Use Case	Works With	Typical Timeline	Audit Cycle
ISO 22301	Business Continuity Management Systems	Yes	BCMS, disaster recovery, operational resilience	ISO 27001, ISO 45001	8–16 weeks	3-year cycle with annual surveillance
ISO 28000	Supply Chain Security Management	Yes	Supply-chain security, cargo protection	ISO 22301, ISO 27001	10–20 weeks	3-year cycle with surveillance
ISO 18788	Private Security Operations Management	Yes	Private security operations governance	ISO 22301, ISO 28000	12–20 weeks	3-year cycle with surveillance
ISO 31000	Risk Management Principles & Guidelines	Guidance Only	Enterprise risk management framework	All management systems	3–8 weeks	Guidance only — no audit

Implementation & Support Services

Complete support from initial assessment to certification and beyond.

Business Impact Analysis (BIA)

Comprehensive BIA to identify critical processes and establish RTO/RPO targets for ISO 22301 compliance.

Supplier Risk Mapping

Supply chain vulnerability assessment and supplier security screening for ISO 28000 implementation.

Crisis Playbooks

Incident response procedures, crisis communication plans, and emergency decision-making frameworks.

Business Continuity Exercises

Tabletop exercises, crisis simulations, and DR testing to validate your continuity capabilities.

Internal Audit Programs

Internal audit schedules, checklists, and competency development for ongoing compliance monitoring.

Mock Certification Audits

Pre-certification assessment and gap analysis to ensure audit readiness and first-time success.

Discuss Your Project Get Implementation Quote

Training Programs

Build internal competency with our structured training pathway.

ISO 22301 Training Pathway

1

Foundation (8 hours)

Introduction to business continuity concepts and ISO 22301 requirements

2

Internal Auditor (16 hours)

Internal audit skills based on ISO 19011 principles for BCMS auditing

3

Implementer (24 hours)

Practitioner skills for BCMS development and implementation management

4

Lead Auditor (40 hours) CQI/IRCA

CQI/IRCA certified lead auditor course for certification body auditing

Other Standards Training

ISO 28000 & ISO 18788: Foundation → Internal Auditor → Implementer
ISO 31000: Foundation/Practitioner workshop (guidance-based)

Training Bundles

Resilience Bundle

ISO 22301 Internal Auditor + ISO 28000 Practitioner

Save 20% vs individual courses

Supply Chain Security Track

ISO 28000 complete pathway: Foundation to Implementer

Perfect for logistics professionals

Risk Management Foundations

ISO 31000 + ISO 22301 Foundation combination

Enterprise risk management focus

View Training Schedule Corporate Training

Frequently Asked Questions

How does ISO 22301 integrate with ISO 27001?

ISO 22301 focuses on business continuity while ISO 27001 addresses information security. They complement each other perfectly — many organizations implement both to address operational resilience and cyber security together. Common management system elements can be integrated.

Do I need to audit all suppliers for ISO 28000?

ISO 28000 requires risk-based supplier evaluation, not necessarily auditing all suppliers. Focus on critical suppliers, high-risk locations, and suppliers handling sensitive cargo. Document your risk assessment criteria and audit frequency based on risk levels.

How often should we run business continuity exercises?

ISO 22301 requires regular testing but doesn’t specify frequency. Best practice is quarterly tabletop exercises and annual full-scale tests. Document all exercises, lessons learned, and improvement actions.

Can we get certified for multiple sites under one certificate?

Yes, multi-site sampling is common for ISO 22301 and ISO 28000. The certification body will audit a representative sample of sites based on your risk assessment. All sites must be included in the management system scope and documentation.

What’s the difference between crisis communications and business continuity?

Crisis communications is about stakeholder messaging during incidents, while business continuity focuses on maintaining or recovering critical operations. ISO 22301 covers both aspects — internal coordination for recovery and external communications.

Which KPIs should we track for incident response?

Key metrics include: Mean Time to Recovery (MTTR), RTO achievement, RPO compliance, exercise completion rates, supplier performance during incidents, and stakeholder communication timeliness.

Ready to Build Organizational Resilience?

Our experts will help you assess your risks, design appropriate systems, and achieve certification. Start with a free consultation.

Get Implementation Quote Schedule Consultation View Training Options