To get ISO 22301 certification, an organization needs to follow these steps:
Prepare for certification: Before seeking certification, an organization needs to ensure that it has implemented a business continuity management system (BCMS) that meets the requirements of the ISO 22301 standard. This involves developing policies, procedures, and processes that are aligned with the standard and establishing a culture of continuous improvement.
Choose A Certification Body: The organization needs to select an accredited certification body that will conduct the certification audit. The certification body should be impartial, competent, and accredited by a recognized accreditation body.
Conduct A Gap Analysis: The organization can conduct an internal gap analysis to identify areas where its BCMS may not comply with the ISO 22301 standard. The gap analysis will help the organization to develop an action plan to address any deficiencies before the certification audit.
Stage 1 Audit: The certification process typically begins with a Stage 1 audit, which is a documentation review. The certification body will review the organization's documentation to ensure that it complies with the ISO 22301 standard.
Stage 2 Audit: The Stage 2 audit is a site visit that verifies the implementation of the BCMS. The certification body will interview personnel, review records, and observe procedures to determine whether the BCMS is effective and compliant with the ISO 22301 standard.
Receive Certification: If the organization successfully completes the Stage 2 audit, the certification body will issue a certificate of compliance with the ISO 22301 standard. The certificate is valid for three years, subject to surveillance audits to ensure that the organization continues to comply with the standard.
It's important to note that obtaining certification is a significant achievement, but it's not a one-time event. An organization needs to maintain and continuously improve its BCMS to ensure that it remains compliant with the ISO 22301 standard.