ISO22301 Update: Minor and Moderate Changes from 2012 to 2019

Written by Moh Heng Goh | Feb 13, 2020 3:36:20 AM

What are the Changes to the New ISO 22301?

Since its inception in 2012, The ISO 22301 has established itself as the leading international standard for Business Continuity Management Systems, providing a world-class framework for Business Continuity practitioners all over the world. As of October 2019, the technical committee in charge of developing the original ISO 22 301 has reviewed and updated the standard. The new standard, dubbed the ISO 22301: 2019, has been operational since the end of last year.

This article will touch on the changes, big and small, between the 2012 and 2019 versions of the ISO 22301.

Transition

Based on ISO protocols when upgrading a standard, organisations already certified with the original ISO 22301:2012 version will have a transition period of three years to “upgrade” their Business Continuity

Management System (BCMS) to the new 2019 revision.

As the ISO 22301: 2019 was published on October 2019, that leaves all certified organizations up to October 2022 to update their ISO 22301 credentials to the published 2019 standard.

If the existing ISO 22301 certificate expires after October 2022, then certification bodies will check compliance with the new revision during surveillance visits

Certifications that expire before October 2022 will have to update before the expiry

Differences Between 2012 and 2019

Let us start by saying that the structure between both versions remain relatively unchanged. As the old ISO 22301: 2012 was one of the first ISO management standards that was developed with the Management System Standards in mind, it matches structure with sister standards like ISO 9001, ISO 14001, and ISO 27001 and other similar ISO Standards released after 2012.

Lessened Documentation

Moving on to the differences, many documents that were present in the 2012 version are no longer required anymore, like the Procedure for identification of applicable legal and regulatory requirements, and supporting documents for business impact analysis and risk assessment. Organizations now have far more freedom and flexibility to adopt personalized approaches to Business Continuity that better suited their organization and industry.

Solution-based identification

A new clause was added, which requires planning the changes to the BCMS (clause 6.3). Required resources are now identified based on continuity solutions instead of continuity strategies. As the new standard shifts away from defining resources and more towards defining solutions, it is far more precise and allows greater accuracy in budget planning.

Planned Changes

A new requirement of the 2019 standard requires organizations to make changes to their BCMS in a structured and planned manner. The following guidelines need to be taken into consideration:

The purpose of the change
The resources to perform the change
How the Business Continuity Program is affected by the change
Any changes to responsibilities caused by the change

ISO 22301 BCMS Standard Update: 2012 to 2019

Attend Our Latest Blended Learning [BL] BCM Courses



	Please feel free to send us a note if you have any of these questions

View full post