It establishes the requirements for the implementation, maintenance, and improvement of a management system aimed at addressing disruptions to the smooth operation of an organization and the restoration of functions within a specified timeframe accepted by stakeholders. The requirements of the standard are general and can be applied by any organization regardless of its size and activity.

They are based on risk analysis and include:

  • Identifying potential risks that could result in the interruption of the organization’s normal operation and its inability to meet the requirements of its customers and/or stakeholders.
  • Analyzing the impact of these risks on the organization’s activities.
  • Determining the acceptable downtime for each disrupted operation due to a time-critical restoration.
  • Developing action plans to address crises.
  • Developing a plan to return to normal operation.
  • Implementing a plan for monitoring, testing, and controlling the management system designed and implemented by the organization.
Audit Information & ExpectationsApplication Form
F-2108F-2503, Annex J