ISO 22301

ISO 22301 Social Security and Business Continuity Management System

ISO 22301 Social Security and Business Continuity Management System

Social Security What Does It Mean?

When it comes to social security, what is meant is the defense of a community or an enterprise against developments or threats to its own existence. The issue of social security is directly related to attacks on the identities of communities or businesses.

Threats that disrupt the processes of a community or business can come from a variety of sources. It is important that these threats are identified, identified and prevented in advance.

The condition for the dynamic management of such communities and businesses is to ensure the continuity of activities. Ensuring business continuity and social trust means the ability to ensure the continuity of business processes at a predetermined and acceptable level after events that disrupt production activities or services rendered. In other words, the activities that will ensure the continuity of a small or large enterprise and respond to disruptions means ensuring business continuity and social trust.

Factors that interrupt business continuity may be natural disasters (such as earthquakes, floods, lightning strikes, storms), or an economic crisis, or a computer system crash. There may even be a key employee leaving the job. What is important is that activities in such cases should be carried out at a predetermined level.

What Does Business Continuity Mean?

The term business continuity was first heard in the business world with the years of 2000. On the other hand, the concept of sustainability was expressed much earlier than business continuity. Although these two concepts associate each other, they are in fact semantically different concepts. Sustainability has been defined as the ability to remain permanently in 1980 years. It means meeting the needs of today's people without jeopardizing that the needs of future generations are always affordable. Although the meaning is different from each other, in the end they are processes that depend on each other in practice.

The first standard work on business continuity was conducted by the British Standards Institution (BSI), and in 2006, the BS 25999 Business Continuity Standard was published. Later, in 2012, the International Standards Organization (ISO) published the ISO 22301 Social Security and Business Continuity Management System standard. This standard is a further development of the BS 25999 standard and is implemented by many corporate businesses in more than 160 countries around the world. This standard has been published by Turkish Standards Institute with the title of TS EN ISO 22301 Social Security - Business Continuity Management Systems - Requirements.

With the business continuity management, it is ensured that the enterprise is prepared for the events that affect the critical functions and processes of the enterprise and that it gains the ability to respond to these events as planned and tested beforehand.

The ISO 22301 Social Security and Business Continuity Management System standard specifies the requirements for an enterprise to be prepared and to be able to return from the situation created in the event of an event that disrupts its operations. As such, the concept of social security has the same role as sustainability in terms of efficient use of resources and service continuity after disaster.

ISO 22301 Social Security and Business Continuity Management System What Does Business Gain?

One of the most important processes in terms of effective management of businesses is business continuity. Business continuity, as explained above, is the ability of enterprises to maintain production or service activities at the level defined before and determined as acceptable after the event causing the interruption. If businesses do not want to experience difficulties due to unexpected cuts, the most accurate step is to establish and implement the ISO 22301 standard in the enterprise.

Below is a list of the benefits that businesses can achieve by applying this standard:

  • Risks that may hinder the operations of the enterprise today or in the future shall be determined from today and necessary measures shall be taken.
  • The impact of events that may interfere with the activities will be reduced in the enterprise.
  • It will be ensured that business-critical activities continue at all times during crisis periods.
  • The business will have improved the business continuity ability and thus will gain a competitive advantage.
  • The needs of customers, suppliers, stakeholders and employees will be met through the risk assessment method.
  • The eventuality of the activities will be shortened in case of incidents that may hinder the activities and the enterprises will gain the ability to return faster.
  • Businesses will be provided with an emergency service that is prepared, written and easily implemented for them on the one hand and for the other businesses and official organizations with which they have relations.
  • The brand value of the enterprises and their reputation in the market will be preserved.
  • The supply chain of the enterprises will be made more secure.

What is the structure of ISO 22301 Standard?

The structure of the ISO 22301 standard is as follows:

  1. Login
  2. Scope
  3. Cited standards and / or documents
  4. Definitions and terms
  5. Structure of the organization
    • Understanding the organization and structure
    • Understanding the needs and expectations of interested parties
    • Determination of the scope of Information Security Management System
    • Information Security Management System
  6. Leadership
    • Leadership and commitment
    • Politika
    • Duty, responsibility and authority
  7. Planning
    • Actions for risks and opportunities
    • Information security objectives and planning
  8. Help
    • Resources
    • perfection
    • Awareness
    • Contact Us
    • Documented information
  9. Operation
    • Operational planning and control
    • Information security risk assessment
    • Information security risk processing
  10. Performance evaluation
    • Monitoring, measurement, analysis and evaluation
    • Inner control
    • Management review
  11. rehabilitation
    • Nonconformity and corrective action
    • Continuous improvement

In general, the scope of the ISO 22301 standard is as follows:

  • Preparation of system policy
  • Implementation of the system program
  • Identifying critical business activities, resources, responsibilities, threats and risks
  • Determination of system strategy
  • Determination and implementation of system requirements
  • Implementation, continuity and internal audit of the system
  • Adapting the system to business culture


The firm, which provides auditing, supervision and certification services to internationally recognized standards, also provides periodic inspection, testing and control services.

Contact Us


Merkez Mh, Dr Sadık Ahmet Cd, No 38/44 A
Bagcilar - Istanbul, TURKEY

Telephone :

+90 (212) 702 40 00


+90 (532) 281 01 42