Business Continuity Management
Blog_Jan_Ban.jpg

ISO22301 Update: What are the Non-Mandatory Documents?

Since 2012, The ISO22301 has evolved into the leading international standard for all Business Continuity Management System  (BCMS) to follow. Now in 2019, the ISO committee responsible for its development has revised the standard, updating it into a more modern form. One of the major changes of the ISO 22301: 2019 version are the new mandatory and non-mandatory documents

Goh Hua Wei
Business Continuity Management Certified Planner-Specialist-Expert
ICMore_ISO22301_Mandatory

Non-Mandatory Documentation

 
While Non-Mandatory implies that these documents are not strictly needed, they still serve as supporting pillars to a complete Business Continuity Management System (BCMS).
 
All the documents listed below, unless one belongs to a small organization, are commonly used, though not strictly required by the ISO22301 Standard.
Sample of Mandatory Documentation

ISO 22301 BCMS Standard Update: 2012 to 2019

 
Clause Document Name Description of Document
4.2.2 Procedure for identification of applicable Legal regulatory requirements Procedure for Legal Regulatory requirements
4.2.2 Procedure for identification of applicable legal and regulatory requirements Procedure for how to identify legal requirements
6.2 Implementation plan for achieving the business continuity objectives Plan detailing how to implement Business Continuity objectives
7.2/ 7.3 Training and awareness plan  Plan detailing training procedures for staff
7.5 Procedure for control of documented information Procedure for version of the document
8.1 Contracts and service level agreements (SLAs) with suppliers and outsourcing partners Documents detailing agreements with suppliers, vendors, and partners
8.2.1 Process for business impact analysis and risk assessment Document detailing how the BIA and RAR phase is conducted
8.2.2 Results of business impact analysis Conclusions drawn from the BIA phase
8.2.3 Results of risk assessment Conclusions drawn from the RAR phase
8.3.3 Strategies and solutions for business continuity  A list of Business Continuity Strategies to be employed in the event of a disruption
8.5 Incident scenarios A list of the various scenarios covered by the Business Continuity Plan
8.5 Exercise and testing plans A list of exercise and testing plans used for the Business Continuity Plan
8.5 Post-exercise reports Exercise Reports detailing what occurred during the planning, organization, and conduct of a Business Continuity plan exercise
8.6 Results of post-incident review Review detailing an incident
9.1.1 Methods for monitoring, measurement, analysis and evaluation Detailed procedures on how to evaluate a BCMS to see whether it is on par with ISO 22301 standards
9.2 Procedure for internal audit Document detailing the procedures on how to conduct an internal BCM audit
10.1 Procedure for corrective action Document detailing the procedure on how to go about implementing corrective actions for non-conformities in an internal audit

 

 

 ISO 22301 BCMS Standard Update: 2012 to 2019
ISO22301: What is this ISO Business Continuity Management Systems (BCMS) Standard? ISO22301 Update: Overview of Changes from 2012 to 2019 ISO22301 Update: What are the Mandatory Document? ISO22301 Update: What are the Non-Mandatory Documents? ISO22301 Update: Major Changes from 2012 to 2019 ISO22301 Update: Minor and Moderate Changes from 2012 to 2019

Attend Our Latest Blended Learning [BL] BCM Courses

New call-to-action New call-to-action New call-to-action
New call-to-action Register [BL-B-3]* New call-to-action

FAQ BL-B-5 BCM-5000		 Please feel free to send us a note if you have any of these questionsEmail to Sales Team [BCM Institute]
FAQ [BL-B-3]

 

Comments

 

More Posts

New Call-to-action
BCMIWhiteLogoSmall.png
All rights reserved. Copyright 2025