ISO 22301:2019

ISO 22301:2019 overview

ISO 22301:2019 is the premium international standard for business continuity management that provides for a formal certification. ISO 22301 specifies the requirements for a Business Continuity Management System (BCMS) to help organizations protect against, prepare for, and recover from disruptive incidents. It is a comprehensive standard that organizations can use to demonstrate the highest level of commitment to business continuity and disaster preparedness.

Azure and ISO 22301

Azure has established a BCMS in accordance with the ISO 22301 standard and has received the corresponding certificate. Azure was the first hyper-scale cloud services platform to receive the ISO 22301 certification for business continuity management.

Applicability

  • Azure
  • Azure Government

Services in scope

For a list of Microsoft cloud services in audit scope, see the Azure ISO 22301 certificate or Cloud services in audit scope:

  • Azure
  • Dynamics 365
  • Microsoft 365
  • Power Platform

Office 365 and ISO 22301

For more information about Office 365 compliance, see Office 365 ISO 22301 documentation.

Audit reports and certificates

The Azure ISO 22301 certificate covers Azure, Dynamics 365, Power Platform, and select Microsoft 365 cloud services. You can access Azure ISO 22301 audit documents from the Service Trust Portal (STP) ISO reports section. For instructions on how to access audit reports and certificates, see Audit documentation.

Frequently asked questions

Why is ISO 22301 certification important?
The purpose of a BCMS is to provide and maintain controls for managing organization's ability to continue operations during disruptions. ISO 22301 is a comprehensive standard that demonstrates the highest level of commitment to business continuity and disaster preparedness.

How can I get the Azure ISO 22301 audit documentation?
For links to audit documentation, see Audit reports and certificates.

Can I use the Azure ISO 22301 compliance assurances in my organization’s certification process?
Yes. If your business is seeking certification for an implementation deployed using in-scope services, you can use the relevant Azure certifications in your compliance assessment. However, you're responsible for engaging an assessor to evaluate your implementation for compliance and for the controls and processes within your own organization.

Resources