• We assist clients in implementing their Business Continuity Management System (BCMS) leading to successful ISO 22301 certification.
  • The journey involves Coral ISO 22301 certification consultants taking a client through a 6-phase plan that includes understanding the client's business, their products and services, continuity objectives, business impact analysis, risk assessments, documentation of individual plans for restoration and recovery, testing, measurement and audit.
  • With 20 years of ISO 22301 business continuity practice, our methodology has been successfully implemented in businesses of all sizes and sectors, across the globe. Whether your business is 24-7, and cannot tolerate even a single minute of an outage, or a startup in AI-ML-Data Science, SAAS, PAAS, IAAS provider, product developer or customer, or brick-and-mortar local or global business, we have implemented BCMS in fairly all industry sectors.
  • We consider that your business continuity maturity is as good as it has been tested, so we focus a lot of emphasis on ensuring that our clients have tested their documented plans in multiple ways.
  • Contact us today to get started

Start your Business Continuity Implementation Journey Now!

BCMS – ISO 22301 Consulting Engagement Phases
Here is a brief overview of al the phases involved in implementing Business Continuity Management System (BCMS) – ISO 22301 certification.

Phase I - Understanding Business, and Products and Services

  • Every client is unique with its business model, products and services, customers and business and continuity objectives.
  • Identifying mission-critical services that are revenue-generating is the primary goal of this phase.
  • The BCMS-ISO 22301 implementation journey starts with this phase as it provides them to define prioritization of what is truly critical.
  • This is where values like maximum tolerable period of disruption (MTPD), and recovery time objective (RTO) at the enterprise level are defined.

Phase II - Business Impact Analysis and Risk Assessment

  • Based upon the outcome of phase 1, a more detailed functional level Business impact analysis (BIA), and Risk Assessment (RA) is performed.
  • Business Impact Analysis results in determining how fast (or slow) a team needs to be recovered
  • Risk Assessment is the art and science of assessing current capacity, capability and readiness to achieve the objective within the agreed MTPOD/RTO.
  • How comprehensive is the BIA and risk assessment? We perform a 4-phase outage scenario that applies to determine the degree of recovery capability that results in providing a client with an unparalleled perspective of their continuity readiness.
  • This is where business continuity risks are identified, which need to be treated.

Phase III - Continuity Planning and Documentation

  • Based on the outputs of the previous two phases and the mandatory requirements of ISO 22301, detailed documentation is designed, discussed and deliberated with management and functional representatives.
  • Depending upon the organization, the planning could cover both ‘known events’ and unknown ‘black swan’ events.
  • Every team in the scope undergoes documentation on business impact analysis, Maximum tolerable period of disruption (MTPD), RTO and RPO determination, business continuity risk assessment, individual plans related to four strategic outage scenarios, and testing methodology.

Phase IV - BCP Testing

  • The business continuity plan is as good as it has been tested. With this approach in mind, our iso 22301 consultants will hand-hold clients to perform testing of their documented plans to the optimum level.
  • This involves management, functional, operational and recovery and response teams.
  • Plans are evaluated against RTO to determine the success or failure of the test, and loopholes identified are addressed as part of the overall BCMS risk and governance program.

Phase V - Internal Audit and Management Review

  • In this phase, Coral ISO 22301 Certification consultants will audit the effectiveness of the implemented processes
  • This includes team-wise and system-wise BIA, RA, documented plans, and testing of plans.
  • A formal report is published for review by the management.
  • We facilitate reviews with the management to ensure that the initial business continuity/ISO 22301 requirement objectives and goals are achieved.


At this stage:

  • As a result of undergoing these phases, Coral has implemented for a client an operational ISO 22301 Business continuity management system (BCMS) that includes people, processes, technology and ongoing measurements.
  • Every team in scope has visibility of their documented plans, that has been tested.
  • At this stage, the organization is ready to invite external iso 22301 certification body to certify them for ISO 27001 certification

Phase VI - External Certification Support

Chosen external certification body audit performs ISO 22301 certification in two phases:

  • Stage 1 – Documentation Review, and
  • Stage 2 - Implementation Verification

With the two phases completed, the certification body issues an ISO 22301 certificate.
Finally, upon receiving their ISO 22301 certificates, the clients are officially ISO 22301 certified.


Seek a one to one session with our Principal Consultant, who will answer your questions to get started.

We support you in all phases to help you achieve ISO 22301 certification. Upon successful completion an ISO 22301 certificate is issued which has a validity of 3 years subject to annual surveillance.

Business Continuity Management System (BCMS) - ISO 22301 - Frequently Asked Questions

Call or write to us at :
for proposal / roadmap / information
Would You Like To Speak To Our Business Continuity ISO 22301 Consultant?
Contact Us Now !