ISO 22301

Business Continuity Management System (BCMS) is not just about IT or ICT readiness — it’s about ensuring your entire organization can withstand and recover from any disruption. From people and processes to supply chains and customer service, BCMS builds resilience across every aspect of your business.

In a world where uncertainties are inevitable, BCMS equips you with the structure, strategy, and confidence to face challenges head-on. It protects your reputation, safeguards your stakeholders’ trust, and keeps your operations running when it matters most.

Because true business continuity means more than surviving a crisis — it means emerging stronger.

Acts of nature beyond control and unforeseen events – also in distant production and procurement countries – can cause serious damage to companies and other organizations. Against the background of globalization and internationalization, uncontrollable influences such as natural catastrophes, political disturbances or the failure of IT systems, challenging vendors; often have far-reaching consequences.

This is where a Business Continuity Management System (BCMS) can help by ensuring proactive measures are in place. With the aid of test business continuity procedures and plans, companies can overcome crisis scenarios and ensure the continuity of their business.

In Indonesia, the importance of a Business Continuity Management System (BCMS) extends beyond operational resilience — it is also a matter of regulatory compliance. Various sector-specific regulations and government frameworks emphasize the need for organizations to establish, maintain, and continuously improve their continuity strategies. From financial institutions and critical infrastructure providers to public services and large-scale enterprises, compliance with BCMS requirements is not just a legal obligation, but a strategic necessity to protect business operations and national interests.

Use Case: Electronic System Providers (PSE), Stated Owned Enterprises (SEOs), Banking, Financial Institutions and Payment System Providers.

The Ministry of Communication and Informatics’ Circular Letter No. 6 of 2023 mandates that private Electronic System Providers (PSE) implement a robust Business Continuity Management System (BCMS) to ensure uninterrupted service delivery amid disruptions. Implementing ISO 22301 — the international standard for Business Continuity Management — offers a proven framework to meet these regulatory requirements effectively. ISO 22301 helps organizations to:

• Identify and assess risks that could impact business operations.
• Develop and maintain continuity plans tailored to specific organizational needs.
• Establish clear roles, responsibilities, and communication protocols for crisis situations.
• Test and improve business continuity plans regularly through drills and audits.
• Ensure rapid recovery and minimize downtime during incidents.

For State-Owned Enterprises (SOEs) or BUMN’s, this requirement aligns closely with the Ministry of State-Owned Enterprises Regulation No. PER-2/MBU/03/2023 concerning Guidelines on Governance and Significant Corporate Activities of BUMN’s. This regulation reinforces the importance of risk management and business continuity as part of sound corporate governance and sustainable operational performance.

Implementing ISO 22301 provides a globally recognized framework to fulfill these regulatory obligations effectively by enabling organizations to:

• Systematically identify, assess, and mitigate risks to business operations.
• Develop and maintain robust business continuity plans customized to organizational and regulatory requirements.
• Establish clear governance structures with defined roles and responsibilities for business continuity and crisis management.
• Conduct regular testing, review, and continual improvement of business continuity capabilities.
• Ensure swift recovery to minimize operational downtime and safeguard stakeholder interests.

In the financial and banking sectors, uninterrupted service is not just a competitive advantage — it’s a fundamental necessity. Customers, regulators, and stakeholders demand continuous access to financial services, especially in an era where digital transactions and real-time payments dominate.

A robust Business Continuity Management System (BCMS) ensures that financial institutions and payment system operators can anticipate, prepare for, and respond effectively to disruptions — whether caused by cyberattacks, natural disasters, technical failures, or other unforeseen events.

BCMS plays a vital role in:

• Protecting critical financial infrastructures and payment gateways to maintain operational stability.
• Minimizing downtime and financial losses by enabling rapid recovery and service restoration.
• Maintaining regulatory compliance, meeting strict requirements set by authorities such as OJK and Bank Indonesia.
• Safeguarding customer trust and confidence by ensuring continuous access to banking and payment services.
• Supporting the overall stability of the national financial system, preventing systemic risks from escalating during crises.

In a highly interconnected financial ecosystem, any disruption can have cascading effects across markets, businesses, and consumers. Implementing and maintaining an effective BCMS is therefore essential — it is the backbone that keeps financial operations resilient, secure, and reliable, no matter what challenges arise.

Regulation related to Business Continuity Management System in Banking, Finansial Institution, Payment System Provider are:

• Peraturan Bank Indonesia Nomor 2 Tahun 2024 tentang Keamanan Sistem Informasi dan Ketahanan Siber bagi Penyelenggara Sistem Pembayaran, Pelaku Pasar Uang dan Pasar Valuta Asing, serta Pihak Lain yang Diatur dan Diawasi Bank Indonesia
• POJK NOMOR 11 /POJK.03/2022 Tentang Penyelenggaraan Teknologi Informasi Oleh Bank Umum
• Peraturan Bank Indonesia Nomor 23/6/PBI/2021 tentang Penyedia Jasa Pembayaran
• Peraturan Bank Indonesia Nomor 22/23/PBI/2020 tentang Sistem Pembayaran

By adopting ISO 22301, SOEs, Banking and Finansial Institution and private PSEs can demonstrate compliance with national regulations, strengthen their resilience against disruptions, and enhance stakeholder confidence — thereby supporting sustainable growth and national economic stability.

In today’s fast-changing environment, compliance with regulatory frameworks through ISO 22301 implementation is more than a legal obligation — it is a strategic advantage for sustainable business success.

Within all sectors, business processes are becoming more vulnerable to disturbances, both in SMEs and in large enterprises. The major reason is the increasing use of computer-based operating procedures; on the other hand, outsourcing, outtasking and integration into international partnership networks means that even crises in far-distant countries can have a considerable effect on the situation at home.

A BCMS can establish an emergency plan for such cases and offers the chance to maintain business operations even in challenging circumstances, or to be able to restore them as rapidly as possible following an interruption. This means that financial and intangible damage can be limited, and disruptions which could threaten the organization can be avoided or minimised.
 

On 22 February 2022, the International Accreditation Forum (IAF) and the International Organization for Standardization (ISO) IAF published a joint communiqué to highlight the addition of climate change considerations to a number of existing ISO management system standards (MSS).

Clauses 4.1 and 4.2 of the MSS are affected. This is to ensure that climate change issues are considered by the organization in the context of the effectiveness of the management system in addition to all other aspects.