ISO 22301:2019 - Security and Resilience

corporate resilience advisory

ISO 22301:2019 is the ultimate standard for business continuity, proving your commitment to resilience. Fixinc helps you achieve and maintain certification with tailored frameworks, training, and expert guidance.

case studies & testimonials

Trusted by inspiring organisations,
just like yours.

Disciplines that define your resilience A modular approach to building your ISO 22301:2019 - Security and Resilience program.

ISO 22301:2019 Accreditation helps organisations align with global business continuity standards. Achieving certification demonstrates a commitment to resilience, risk management, and operational excellence in the face of disruptions.

To support organisations in achieving true resilience, we provide 10 ISO 22301:2019 - Security and Resilience Disciplines that would - if validated annually - ensure true resilience. Each discipline can be adopted individually, but in most cases will form the majority of your ISO 22301:2019 - Security and Resilience program with Fixinc.

When you first engage us, we review the progress of each of these Disciplines within your organisation to determine your current capability.

ISO22301-Aligned BIA Review

DISCIPLINE MODULE

A Business Impact Analysis is the foundation of your continuity program, but only if it meets ISO standards. This module reviews your existing BIA and aligns it to the structure, expectations, and audit criteria of ISO 22301.

ISO22301-2019 Internal Audit Support

DISCIPLINE MODULE

Internal audits aren’t just a compliance step, they’re your best opportunity to improve. This module supports your ISO 22301 internal audit process with structure, independence, and a clear path to action.

BCMS Policy and Framework Review

DISCIPLINE MODULE

Strong continuity programs don’t start with plans, they start with purpose. This module reviews and sharpens your BCMS policy and framework, aligning it to ISO 22301 and the real-world risks your organisation actually faces.

ISO22301-2019 Risk and Opportunity Assessment

DISCIPLINE MODULE

Resilience isn’t just about managing risk, it’s about identifying opportunity. This module aligns your continuity planning with ISO 22301 by helping you assess risks, capitalise on strengths, and prioritise actions that matter under pressure.

ISO22301-2019 Documented Information Review

DISCIPLINE MODULE

In ISO 22301, it’s not enough to do the work, you have to prove it. This module reviews every piece of documented information to ensure it meets the structure, control, and clarity expected in a formal audit.

ISO 22301 Gap Assessment

DISCIPLINE MODULE

You can’t meet the standard if you don’t know where you stand. This module gives your team a clear, detailed view of how close you are to ISO 22301 compliance, mapped against every clause, obligation, and best-practice requirement. Whether you’re aiming for accreditation or just maturity, this is the starting line.

ISO22301-2019 Evidence Gathering Workshop

DISCIPLINE MODULE

This module walks your team through exactly what evidence ISO auditors expect and how to collect, document, and structure it so nothing gets missed during review.

ISO23301-2019 Audit Readiness Walkthrough

DISCIPLINE MODULE

Audits aren’t just about compliance, they’re about confidence. This module walks your team through the ISO 22301 audit process, helping you prepare your evidence, structure your responses, and build trust with your assessor.

ISO22301-2019 Corrective Action Implementation Support

DISCIPLINE MODULE

Finding the gaps is only half the job, closing them is where the real work begins. This module helps your team implement ISO 22301 corrective actions quickly, clearly, and in a way that actually sticks.

ISO22301-2019 Post-Audit Resilience Improvement Plan

DISCIPLINE MODULE

An audit is a milestone, not the finish line. This module turns ISO 22301 audit results into a clear, actionable improvement plan that strengthens your resilience year after year.

First principles resilience.
Clear programs, collaborativ delivery, and a fresh take on resilience.

01.

Phase

ISO 22301:2019 - Security and Resilience is the Planning Phase to our Tungsten Diamond lifecycle.

02.

Maturity

ISO 22301:2019 - Security and Resilience involves 10 Disciplines to reach full maturity.

03.

Maintenance

ISO 22301:2019 - Security and Resilience makes up a third of the Maintenance Program offering.

04.

act

Start a ISO 22301:2019 - Security and Resilience program within 48 hours with our Consultation package.

Fixinc specialies in preparing organisations to successfully achieve ISO 22301:2019 certification. This international standard for business continuity management ensures organisations can effectively respond to and recover from disruptions. Fixinc guides businesses through every step of the process by designing tailored frameworks, providing comprehensive training, and implementing the critical elements required to meet the standard. From risk assessment to business continuity plan development and validation, our expertise equips organisations with the knowledge and systems needed to demonstrate compliance and achieve ISO 22301 certification with confidence.

We do ISO 22301:2019 - Security and Resilience the same way we run our own business; by simplifying processes, going back to first principles, and standardising programs so anyone at any time can adopt how you plan and respond to a disruption. When you engage in a ISO 22301:2019 - Security and Resilience program with our Advisors at Fixinc, you are embarking on a partnership that is a collaborative effort, held together by strong and reliable communication. We're not your usual consultancy, we're something different, fresh, modern with a focus on the people that make up Australian, New Zealand, and Malaysian business.

book a call to discuss

The Tungsten Diamond

Understanding the Diamond

When we assess the maturity of your ISO 22301:2019 - Security and Resilience, we measure this against our Tungsten Diamond model. This simple diagram maps the full corporate resilience spectrum; from compliance and planning, through to real-time response and technology. Our Advisory Board supports the end response, while our Directory and Resilience Services give you ongoing access to the tools, insights, and partnerships needed to strengthen planning. As a result, if you work with Fixinc, you are covered entirely.

learn more about the diamond

Digital Business Impact Analysis

emergency notications

F24 is our go-to platform for emergency notification and crisis management. It enables rapid, multi-channel communication during critical events, ensuring your teams receive timely alerts and can coordinate effectively. Integrated with our advisory services, F24 supports your organisation in managing crises confidently and efficiently.​

Client Portal and Advisory Board

emergency notications

F24 is our go-to platform for emergency notification and crisis management. It enables rapid, multi-channel communication during critical events, ensuring your teams receive timely alerts and can coordinate effectively. Integrated with our advisory services, F24 supports your organisation in managing crises confidently and efficiently.​

Digital Business Continuity Plans

emergency notications

F24 is our go-to platform for emergency notification and crisis management. It enables rapid, multi-channel communication during critical events, ensuring your teams receive timely alerts and can coordinate effectively. Integrated with our advisory services, F24 supports your organisation in managing crises confidently and efficiently.​

Meet your advisor

32 years of incident management and business continuity experience including serving in the British Army.

Brad Law is Fixinc’s Global Head of Consulting and one of the region’s most experienced resilience professionals. With over 30 years in business continuity, IT, and crisis leadership across the UK, Europe, Asia, and Oceania, Brad brings sharp, practical insight to every session. He’s the architect behind the Tungsten Diamond framework and has supported governments, banks, universities, and utilities through real-world crises. If you’re facing pressure, complexity, or just need clarity—Brad’s the expert you want in the room.

From frontline crises to boardroom strategy, Brad has led resilience programs across four continents and every major sector.

You’ll get straight, actionable advice grounded in real events, not recycled frameworks or generic best practices.

This isn’t a sales pitch. Brad treats every session as an opportunity to help—and prove why Fixinc is deeply connected to the co-creation of resilience.

Frequently asked ISO 22301:2019 - Security and Resilience questions

What are the key components of ISO 22301?

The standard focuses on risk assessment, business continuity planning, training, validation, and continuous improvement to ensure a comprehensive approach to resilience.

How do we begin working with your organisation?

We start with an initial consultation to understand your needs and objectives through a 45-minute discovery call. This is followed by a digital proposal outlining recommended services, approach, timeframes, and investment required. We can then develop a detailed project plan based on agreed priorities. Once signed, an hours' engagement meeting is conducted within a 4 week window, and then the program begins.

How do you ensure program adoption across the organisation?

We use a combination of engagement strategies, including stakeholder workshops, training sessions, communication campaigns, and practical exercises to build awareness and capability across all levels of the organisation. At a more general level, we build relationships with key members of your team through email campaigns, one on one meetings, and even connecting over LinkedIn. This builds trust and typically uncovers issues or ideas from more introverted colleagues.

What makes Fixinc different from other resilience solutions?

First and foremost, it is the simplicity of our programs. Many organisations and professionals are led to believe that the "threat landscape is evolving at an unprecedented rate", and whilst there is no legitimate data to support this claim, it only creates fear through marketing. We believe that resilience can be a simple, modern skill developed through building a culture of resilience, and removing the noise of bulky plans and poor technology.

What is ISO 22301:2019, and why is it important?

ISO 22301:2019 is an international standard for business continuity management, ensuring organisations can effectively respond to and recover from disruptions, safeguarding operations and reputation. Obtaining any ISO standard is evidence of your commitment to running a sustainable business. The ISO 22301:2019 standard is a competitive and practical step in ensuring true resilience.

What information do you need from us to get started?

Initially, we need to understand your current resilience capabilities, regulatory obligations, key risks, and strategic objectives. We'll provide a detailed information request once we agree on the scope of engagement via our client portal.

How long does it take to achieve ISO 22301 certification?

The timeline varies based on the organisation’s size and readiness, typically taking 6-12 months for most businesses to prepare and complete the process. You should expect at least 2 years to ensure a consistent, momentum driven approach to the standards set out in 22301:2019.

How do you determine the cost of your services?

Our pricing is based on the scope of services required, organisation size, and complexity of requirements. All activities start from a base investment that we can share with you. We provide detailed proposals with clear deliverables and can structure engagements to align with your budget constraints. Typically, our client base has an annual business continuity budget of $45,000 or an entire resilience program of between 55 and $100,000.

Who should pursue ISO 22301 certification?

Any organisation that values resilience, continuity, and stakeholder trust can benefit, especially those in critical industries like finance, healthcare, and technology. Typically, the financial commitment and resource required means this standard is isolated to larger, multi-national businesses. However, Fixinc is able to provide programs that replicate the standard for smaller operations and whilst this won't establish the certification ISO provide, it will provide you the maturity to deal with any disruption.

What types of organizations do you typically work with?

We specialise in serving medium to large-sized organisations across New Zealand, Australia, and Malaysia (the Oceania and ASEAN regions), in both public and private sectors. Our clients include financial institutions, government agencies, healthcare providers, and major corporations. You can see a list of all our industries serviced here.

Still have questions?

Over a no-obligation call, we will walk you through how are tools work for you to determine if they're right for you.

Next Service:
Emergency Management

Discover

Build strong Emergency Management response plans and programs, create confident teams, design professional evacuation plans, and couple it all together with Europe's leading response technology.

Emergency Management advisory services in New Zealand, Australia, Malaysia. By Fixinc