The “best” industry standard for BCP is:
NFPA 1600, “Standard on Continuity, Emergency, and Crisis Management” (2019 Edition)
https://www.nfpa.org/codes-and-standards/all-codes-and-standards/list-of-codes-and-standards/detail?code=1600
While NFPA 1600 has been influenced by ISO for many years, it still remains superior to ISO 22301 in many ways (see below).
While ISO has produced ISO 22301, “Societal security — Business continuity management systems — Requirements”, once you dig through all of the required Annex L nonsense.. and the obvious incompetence of the authors, there are only a few gems buried in it. Similarly, ANSI/ASIS ORM.1-2017, “Security And Resilience In Organizations And Their Supply Chains - Requirements With Guidance” addresses this topic as well (although the ASIS_SPC.1-2009 version was better in some regards). However, it is too similar to ISO 22301 to be of any real value.
Ultimately, any company would be FAR better off simply purchasing a copy of “Business Continuity For Dummies” (which is actually quite good) than either of these two standards.
You may note that NFPA 1600, “Standard on Continuity, Emergency, and Crisis Management” (2019 Edition), Annex E, integrates the requirements of NFPA 1600 with ISO Annex SL. This was done to promote integration with existing ISO Management System Standards… and is “intended to be adopted by the entity at its discretion”. Ultimately, this simply aligns common topics such as document control, corrective action, etc.
Although developed for Federal Government use, another very good standard is:
NIST Special Publication 800-34 Rev. 1, “Contingency Planning Guide for Federal Information Systems”
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf
info box