Cart (0)
- No items in cart.
Total
$0
There is a technical issue about last added item. You can click "Report to us" button to let us know and we resolve the issue and return back to you or you can continue without last item via click to continue button.
Not a subscriber? Register for a trial account.
Already a subscriber? 
MADCAD.com Free Trial
Sign up for a 3 day free trial to explore the MADCAD.com interface, PLUS access the
2009 International Building Code to see how it all works.
If you like to setup a quick demo, let us know at support@madcad.com
or +1 800.798.9296 and we will be happy to schedule a webinar for you.
| Email * | |
| Password * | |
| Confirm * | |
| First Name * | |
| Last Name * | |
| Title | |
| Company Name * | |
| Company Size * | |
| Industry * | |
| Address * | |
| Address 2 | |
| City * | |
| State * |
Zip *
|
| Country * | |
| Phone * | |
| How did you hear about MADCAD.com? * |
|
Reset password
Enter your personal account email address to request
a password reset:
a password reset:
Reset password
Enter your account email address to request
a password reset:
a password reset:
Security check
Please login to your authorized staff account to use this feature.
Are you sure you want to empty the cart?
Report To Us
Contact us for a custom quote
⨯To continue with accurate pricing,
please select your company type below:
⨯We need your input!
Are you a code official in a jurisdiction with less than 300,000 population?
⨯ We need your input!
⨯We need your input!
Are you an existing Madcad user?
If so, please login to continue with the free items in your cart.
⨯We need your input!
This bundle includes subscribed items.
Download File
eLibrary >
BS EN ISO 22313:2020 - TC Tracked Changes. Security and resilience. Business continuity management systems. Guidance on the use of ISO 22301 >
Expand All
TOC Search:
BS EN ISO 22313:2020 - TC Tracked Changes. Security and resilience. Business continuity management systems. Guidance on the use of ISO 22301, 2020
- National foreword [Go to Page]
- Compliance with a British Standard cannot confer immunity from legal obligations.
- Amendments/corrigenda issued since publication
- Foreword
- Introduction [Go to Page]
- 0.1 General
- 0.2 Benefits of a business continuity management system
- 0.3 The Plan-Do-Check-Act (PDCA) cycle
- Table 1 — Explanation of PDCA cycle
- Table 2 — Relationship between the PDCA modelcycle and Clauses 4 to 10 [Go to Page]
- Figure 2 — Illustration of business continuity being effective for sudden disruption
- Figure 3 — Illustration of business continuity being effective for gradual disruption
- 0.5 Contents of this document
- 0.6 Business continuity
- Figure 2 — Illustration of business continuity being effective for sudden disruption
- Figure 3 — Illustration of business continuity being effective for gradual disruption
- 1 Scope
- 2 Normative references
- 3 Terms and definitions [Go to Page]
- 3.1
- business continuity management
- process of implementing and maintaining business continuity
- 4 Context of the organization [Go to Page]
- 4.1 Understanding of the organization and its context
- 4.2 Understanding the needs and expectations of interested parties [Go to Page]
- 4.2.1 General
- Figure 4 — Examples of interested parties to be considered in public and private sectors
- 4.2.2 Legal and regulatory requirements
- 4.3 Determining the scope of the business continuity management system [Go to Page]
- 4.3.1 General
- 4.3.2 Scope of the BCMSbusiness continuity management system
- 4.3.3 Exclusions to scope
- 4.4 Business continuity management system
- 5 Leadership [Go to Page]
- 5.1 Leadership and commitment [Go to Page]
- 5.1.1 General
- 5.25.1.2 Management commitmentTop management
- 5.1.3 Other managerial roles
- 5.35.2 Policy [Go to Page]
- 5.2.1 Establishing the business continuity policy
- 5.2.2 Communicating the business continuity policy
- 5.45.3 Organizational rolesRoles, responsibilities and authorities [Go to Page]
- Table 3 — Examples of BCMS roles and responsibilities
- 6 Planning [Go to Page]
- 6.1 Actions to address risks and opportunities [Go to Page]
- 6.1.1 Determining risks and opportunities
- Determining and addressing risks and opportunities enables the organization to:
- 6.1.2 Addressing risks and opportunities
- The organization should plan the actions needed address these risks and opportunities in a manner that:
- 6.2 Business continuity objectives and plansplanning to achieve them [Go to Page]
- 6.2.1 Establishing business continuity objectives
- 6.2.2 Determining business continuity objectives
- 6.3 Planning changes to the business continuity management system [Go to Page]
- Changes to the BCMS, including those identified in 10.1, should be carefully planned to ensure that the intended purpose is fully investigated and understood. This should include contemplation of the consequences of the changes proposed, ensuring that...
- The organization should also make sure that appropriate and sufficient resources are available, and that responsibilities and authorities are allocated or reallocated as necessary.
- 7 Support [Go to Page]
- 7.1 Resources [Go to Page]
- 7.1.1 General
- 7.1.2 BCMS resources [Go to Page]
- 7.1.3 Incident response personnel
- 7.2 Competence
- 7.3 Awareness
- 7.4 Communication
- e) ensuring availability of the means of communication during a disruptive incident;
- The organization should provide effective external communication as part of its awareness programme (see 7.3) and following when responding to an incident (8.4see 8.4.4).
- 7.5 Documented information [Go to Page]
- 7.5.1 General
- 7.5.2 Create and updateCreating and updating
- 7.5.3 Control of documented information
- 7.5.3.2 Types of control
- 8 Operation [Go to Page]
- 8.1 Operational planning and control [Go to Page]
- 8.1.1 General [Go to Page]
- 8.1.1 Elements of BCM
- Figure 5 — Elements of business continuity management (BCM)
- a) Operational planning and control (8.1)
- b) Business impact analysis and risk assessment (8.2)
- c) Business continuity strategy (8.3)
- NOTE The chosen strategies need to take into account any risk treatment that is already in place within the organization (8.3.3). [Go to Page]
- d) Establish and implement business continuity procedures (8.4)
- e) Exercising and testing (8.5)
- 8.1.2 Business continuity management
- f) Evaluation of business continuity documentation and capabilities (see 8.6): The organization should evaluate its business continuity management to ensure that it is effective and enables the organization to achieve its business continuity objectives.
- Figure 5 — Elements of business continuity management [Go to Page]
- 8.1.2 Managing the BCM environment
- 8.1.3 Maintaining business continuity [Go to Page]
- 8.1.3 Maintaining business continuity
- 8.1.4 Measuring effectiveness
- 8.1.5 Outcomes
- 8.2 Business impact analysis and risk assessment [Go to Page]
- 8.2.1 General [Go to Page]
- Figure 6 — Understanding the organization
- 8.2.2 Business impact analysis
- Figure 6 — Understanding the organization
- Table 4 — Examples of type of impact
- 8.2.3 Risk assessment
- 8.3 Business continuity strategy [Go to Page]
- 8.3.1 Determination and selection
- 8.3 Business continuity strategies and solutions [Go to Page]
- 8.3.1 General
- 8.3.2 Identification of strategies and solutions
- 8.3.2.1 General
- 8.3.1.28.3.2.2 Protecting prioritized activities
- 8.3.1.38.3.2.3 Stabilizing, continuing, resuming and recovering prioritized activities [Go to Page]
- 8.3.1.4 Mitigating, responding to and managing impacts
- a) Insurance: Purchase of insurance may provide some financial recompense for some losses, but will not meet all costs (e.g. uninsured events, brand, reputation, interested parties value, market share and human consequences). A financial settlement al... [Go to Page]
- 8.3.1.5 Business continuity of suppliers
- — the complexity and scale of recovery requirements or the need for specialist equipment with a long lead time.
- — providing remote working capabilities for key staff.
- 8.3.2.4 Mitigating, responding to and managing impacts
- — analyse the notification protocols to determine if they align with the needs of the organization.
- 8.3.3 Selection of strategies and solutions
- 8.3.28.3.4 Establishing resourceResource requirements
- 8.3.2.28.3.4.2 People
- 8.3.4.2.2 Incident response
- 8.3.4.2.3 Resumption of activities
- 8.3.2.38.3.4.3 Information and data
- 8.3.2.48.3.4.4 Buildings, work environmentworkplaces and associated utilities
- 8.3.2.58.3.4.5 Facilities, equipmentEquipment and consumables
- 8.3.2.68.3.4.6 Information communications technology ICT systems
- 8.3.2.78.3.4.7 Transportation and logistics
- 8.3.2.88.3.4.8 Finance [Go to Page]
- 8.3.3 Protection and mitigation
- 8.4 Establish and implement business continuity procedures [Go to Page]
- 8.4.1 General
- 8.3.4.9 Partners and the supply chain
- 8.3.5 Implementation of solutions
- 8.4 Business continuity plans and procedures [Go to Page]
- 8.4.1 General
- 8.4.2 Response structure
- 8.4.2.2 Design
- 8.4.2.3 Team capabilities
- 8.4.2.4 Team composition and guidance
- 8.4.3 Warning and communication [Go to Page]
- 8.4.3.2 Incident communication procedures
- 8.4.3.3 Incident communication facilities
- 8.4.3.2 Alerting interested parties
- 8.4.4 Business continuity plans
- Table 5 — Examples of teams and possible roles and responsibilities
- 8.4.4.2.2 Responding to incidents
- 8.4.4.2 Content of business continuity plans [Go to Page]
- 8.4.4.3 Specific types of procedures
- 8.4.4.3.1 Incident management / strategic management procedures
- 8.4.4.3 Content and usability
- 8.4.4.3.2 Guidance and supporting information
- 8.4.4.3.3 Usability
- 8.4.4.4 Incident/strategic management
- 8.4.4.3.28.4.4.5 Communications procedures
- 8.4.4.3.38.4.4.6 Safety and welfare procedures
- 8.4.4.3.48.4.4.7 Salvage and security procedures [Go to Page]
- 8.4.4.3.5 Procedures for resuming activities
- 8.4.4.8 Resumption of prioritized activities
- 8.4.4.3.68.4.4.9 Recovery of information communications technology ICT systems
- 8.4.5 Recovery
- 8.5 Exercising and testingExercise programme [Go to Page]
- 8.5.1 General [Go to Page]
- 8.5.2 Exercise programmeDesign of the exercise programme
- No matter how well designed and thought-out a procedure appears to be, a series of robust and realistic exercises will identify areas for improvement.
- 8.5.3 Exercising business continuity plans
- Table 6 — Sample descriptions of exercise methods
- 9.1.28.6 Evaluation of business continuity proceduresdocumentation and capabilities [Go to Page]
- 8.6.1 General
- In the event of an incident that disrupts the organization’s prioritized activities or requires an incident response, a post-incident review should be undertaken. This may include:
- 8.6.2 Measuring effectiveness
- 8.6.3 Outcomes
- 9 Performance evaluation [Go to Page]
- 9.1 Monitoring, measurement, analysis and evaluation [Go to Page]
- 9.1.1 General
- 9.1.2 Retention of evidence
- 9.1.3 Performance evaluation
- 9.2 Internal audit [Go to Page]
- 9.2.1 General
- 9.2.2 Audit programme(s)
- 9.3 Management review [Go to Page]
- 9.3.1 General
- 9.3.2 Management review input
- 9.3.3 Management review outputs
- 9.3.3.1 Improvement of the BCMS
- 9.3.3.2 Retention of documented information
- 10 Improvement [Go to Page]
- 10.1 Nonconformity and corrective action [Go to Page]
- 10.1.1 General
- 10.1.2 Occurrence of nonconformity
- 10.1.3 Retention of documented information
- 10.2 Continual improvement
- Bibliography
- Tracked_Changes_Cover_Markup_new.pdf [Go to Page]
- compares BS EN ISO 22313:2020 [Go to Page]
- TRACKED CHANGES
- Text example 1 — indicates added text (in green)
- 30379713_NEW.pdf [Go to Page]
- undefined [Go to Page]
- European foreword
- Endorsement notice
- Foreword
- Introduction
- 1 Scope
- 2 Normative references
- 3 Terms and definitions
- 4 Context of the organization
- 4.1 Understanding the organization and its context
- 4.2 Understanding the needs and expectations of interested parties
- 4.2.1 General
- 4.2.2 Legal and regulatory requirements
- 4.3 Determining the scope of the business continuity management system
- 4.3.1 General
- 4.3.2 Scope of the business continuity management system
- 4.3.3 Exclusions to scope
- 4.4 Business continuity management system
- 5 Leadership
- 5.1 Leadership and commitment
- 5.1.1 General
- 5.1.2 Top management
- 5.1.3 Other managerial roles
- 5.2 Policy
- 5.2.1 Establishing the business continuity policy
- 5.2.2 Communicating the business continuity policy
- 5.3 Roles, responsibilities and authorities
- 6 Planning
- 6.1 Actions to address risks and opportunities
- 6.1.1 Determining risks and opportunities
- 6.1.2 Addressing risks and opportunities
- 6.2 Business continuity objectives and planning to achieve them
- 6.2.1 Establishing business continuity objectives
- 6.2.2 Determining business continuity objectives
- 6.3 Planning changes to the business continuity management system
- 7 Support
- 7.1 Resources
- 7.1.1 General
- 7.1.2 BCMS resources
- 7.2 Competence
- 7.3 Awareness
- 7.4 Communication
- 7.5 Documented information
- 7.5.1 General
- 7.5.2 Creating and updating
- 7.5.3 Control of documented information
- 8 Operation
- 8.1 Operational planning and control
- 8.1.1 General
- 8.1.2 Business continuity management
- 8.1.3 Maintaining business continuity
- 8.2 Business impact analysis and risk assessment
- 8.2.1 General
- 8.2.2 Business impact analysis
- 8.2.3 Risk assessment
- 8.3 Business continuity strategies and solutions
- 8.3.1 General
- 8.3.2 Identification of strategies and solutions
- 8.3.3 Selection of strategies and solutions
- 8.3.4 Resource requirements
- 8.3.5 Implementation of solutions
- 8.4 Business continuity plans and procedures
- 8.4.1 General
- 8.4.2 Response structure
- 8.4.3 Warning and communication
- 8.4.4 Business continuity plans
- 8.4.5 Recovery
- 8.5 Exercise programme
- 8.5.1 General
- 8.5.2 Design of the exercise programme
- 8.5.3 Exercising business continuity plans
- 8.6 Evaluation of business continuity documentation and capabilities
- 8.6.1 General
- 8.6.2 Measuring effectiveness
- 8.6.3 Outcomes
- 9 Performance evaluation
- 9.1 Monitoring, measurement, analysis and evaluation
- 9.1.1 General
- 9.1.2 Retention of evidence
- 9.1.3 Performance evaluation
- 9.2 Internal audit
- 9.2.1 General
- 9.2.2 Audit programme(s)
- 9.3 Management review
- 9.3.1 General
- 9.3.2 Management review input
- 9.3.3 Management review outputs
- 10 Improvement
- 10.1 Nonconformity and corrective action
- 10.1.1 General
- 10.1.2 Occurrence of nonconformity
- 10.1.3 Retention of documented information
- 10.2 Continual improvement
- Bibliography [Go to Page]
Copyright 2026 Compu-tecture, Inc.
All Rights Reserved.
About Us /
Careers /
support@madcad.com /
1.800.798.9296