ISO 22301 certification is not a one-time achievement, but rather a process that needs to be maintained on an ongoing basis. This can be achieved through a documented Management Review that evaluates a number of factors including organizational resilience and business continuity performance, the effectiveness of security controls implementations, risks identification, and risk treatment plans.