Measuring Resilience Capabilities & Behaviors

Assess your organization’s alignment to the requirements of ISO 22301:2019.

  • Easy to use and simple to present results to top management.
  • Compare alignment across business units, divisions, and locations.
  • Measure for continual improvement.
  • Proven tool for use by internal auditors
  • Determine readiness for a 3rd party certification audit

Verifying Your Self-declaration of Conformity

ICOR verifies your self-declaration of conformity by reviewing your online application where you provide the following:

1

Submission of Self-Assessment with a minimum score of 2.5

Completion and submission of ISO 22301 Maturity Model with a minimum overall score of 2.5 with no single competency area scoring less than 2.0. 3.0 is a perfect score.

2

Organization Biographical Data

Biographical Data (The name and address of the organization and name of the person making the self-declaration will not be shared with assessors.)

  • Identification of the declaration of conformity
  • Name and address of the issuer of the declaration of conformity
  • Qualifications of the issuer of the declaration of conformity
  • Identification of the object of the declaration of conformity (e.g. organization name, address(es) url, phone, etc.)
  • The statement of conformity
  • The date and place of issue of the declaration of conformity
  • The signature (or equivalent), the name and function of the authorized person acting on behalf of the issuer
  • Any limitation on the validity of the declaration of conformity

3

BCMS Information

BCMS Information (The name of the organization will not be shared with the assessor)

  • Description of the purpose of the organization, its products and/or services, number of employees, etc.
  • Description of scope of the declaration of conformity if not the entire organization. Explanation of exclusions to scope.
  • Description of why the organization decided to self-declare to ISO 22301.
  • Description of financial status and budget for the BCMS (profit and loss, balance sheet, or BCMS budget) for the past year
  • Identification of the relevant interested parties for the BCMS and their needs.
  • Identification of any legal or regulatory requirements for a BCMS.
  • Identification of who is responsible for the day-to-day operations of the BCMS.
  • Identification of who in top management supports the BCMS.
  • Identification of organization’s BC objectives.

4

Submission of Required Documents or “Proofs” and review by ISO 22301 Auditor

Required Documents (It is recommended that the applicant redact the name and location of the organization on these documents.)

  • Business Continuity Management (BCM) Policy (at least one)
  • Risk Assessment Report (most recent)
  • Business Impact Analysis Report (most recent)
  • At least one plan document (supporting at least one critical activity with the scope of the Business Continuity Management System)
  • Exercise Report (for an exercise that validates at least one of the plan documents submitted)
ISO 22301 Auditor Review

A review of the application and submitted documentation by at least one ISO 22301 Lead Auditor. Applications will be processed within 30 days.

All the documents and evidence that are shared for the self-declaration purpose will be considered highly confidential and will not be shared with anyone.

Use ICOR’s Self-Declaration of Conformity Process to meet third-party needs to demonstrate that your organization is prepared to deliver its goods and services.

Use the ISO 22301:2019 Maturity Model to demonstrate to top management current BCMS status focusing on strengths and weaknesses.

Self-assessment process is applicable to organizations of all sizes and in all sectors.

Don’t have an internal audit program?

Take advantage of ICOR-credentialed ISO 22301 Lead Auditors to conduct an internal audit for your organization.

There are 4 different ways to pay: