HomeCompliance › ISO 22301

ISO 22301 compliance software for business continuity.

Business impact analysis register, business continuity plan links, exercise and test cadence tracker, incident response runbooks, supplier dependency mapping. From €29 a month.

Open the portal See pricing

What is ISO 22301?

ISO 22301:2019 (Business Continuity Management Systems). Any organisation whose customers, regulators or board demand provable business continuity: financial services, healthcare, utilities, manufacturing, B2B SaaS, ICT third parties.

Who needs to comply

  • Financial services and fintech (often combined with DORA)
  • Healthcare providers (often combined with NEN 7510 or HIPAA-equivalent)
  • Critical infrastructure: energy, water, transport
  • B2B SaaS with strict customer SLAs
  • ICT third parties supporting regulated entities

Key ISO 22301 controls covered by Dazr

Clause 4Context of the organisation: scope, interested parties, dependencies.
Clause 6Planning: BIA, risk assessment, business continuity strategy and solutions.
Clause 8Operation: BCP documentation, incident response procedures, communication, exercise programme.
Clause 9Performance evaluation: monitoring, internal audit, management review.
Clause 10Improvement: nonconformity, corrective action, continual improvement.

What auditors look for

ISO 22301 auditors sample three things: a current BIA with RTO and RPO per process, a BCP that has actually been tested in the past 12 months with documented findings, and management-review evidence. Dazr holds the cadence.

How Dazr helps with ISO 22301

  • Hold the BIA register with RTO and RPO per business process
  • Track BCP and DR test exercises as recurring tasks with documented findings
  • Map supplier dependencies in the vendor register with criticality and recovery alternatives
  • Run incident response with the BCM activation workflow alongside security incidents
  • Hand the auditor or supervisor a read-only view of the entire continuity programme

Back to the full Dazr Compliance overview › | Sign up free ›

ISO 22301 questions, answered.

How does ISO 22301 differ from ISO 27001?

ISO 27001 is information security; ISO 22301 is business continuity. They share clauses 4-10 management-system requirements, so a lot of governance evidence is shared. Dazr lets you enable both; the same management review covers both.

Do we need to test the BCP every year?

ISO 22301 requires that the BCP is exercised at intervals appropriate to the organisation; in practice most certifying bodies expect an annual full-scope exercise plus targeted tabletops. Dazr tracks the cadence and the evidence.

Does Dazr generate the BCP for us?

No. The BCP is your document. Dazr links to it and tracks the review cadence, exercise programme and incident activation history.

Where is data hosted?

European Union only. AES-256-GCM at rest. Italian entity, EU jurisdiction.

Ready to start your ISO 22301 program?

Free for one user. Pro €29/mo and Enterprise €299/mo are self-serve via Mollie. Custom (from €800/mo) is the only tier on a contract.

Open the portal All frameworks