The much-awaited update to the ISO 22301 standard has been published on 31 October, 2019. As we all know that ISO 22301 is the International Standard for Business Continuity, which describes the requirements for implementing a Business Continuity Management System in an organization.
ISO 22301:2012 was the first standard in this series of standards on business continuity. 2019 is the second release, before this release several modifications were merged and synchronised with the glossary of the standard.
ISO 22301:2019 Important Changes
Here are the important changes done in the standard from 2012 to 2019 version, which are in the line of the new Standards Structure adopted by ISO:
- PDC model diagram was removed.
- Clauses 4 to 10 cover the components of PDCA, as before.
- Normative references removed from the document.
- Clause 3 – Terms and Definitions – several terms were modified, redefined, removed and added.
Changes in detail:
- Clause 4 – Context of the organization –minor changes are there. Sub-clauses have been introduced at the start of each clause.
- Clause 5 Leadership is streamlined in sync with other standards.
- Clause 6 on planning was updated with focus on business continuity objectives and planning to achieve them (6.2). New sub-clause 6.3 was introduced.
- Clause 7 Support was streamlined.
- Clause 8 Operation – While sub-clauses were not modified a lot but were updated to better suit the requirements of the international standard. For example,
- Sub-clause 8.2.2 “Business impact analysis” is updated and a reference to ISO 22318 (supply-chain continuity) is added.
- Sub-clause 8.3, was renamed to “Business continuity strategies and solutions”, with focus on (in 8.3.2) the need for the identification and selection of strategies and solutions.
- Clause 8.4 is renamed to “Business continuity plans and procedures”, focusing on 4.2 – Response structure, 8.4.3 – Warning and communication, 8.4.4 – Business continuity plans and 8.4.5 – Recovery.
- A sub-clause 8.5 “Exercise program” has replaced the sub-clause formerly known as “Exercising and testing”.
- Clause 9 “Performance evaluation” is streamlined with new ISO Standards Structure.
- Clause 10 “Improvement” is streamlined with new ISO Standards Structure.
You have questions about ISO 22301?
Please contact us for questions about the new standard and your next assessment.
ISO 22301:2012 – Business Continuity Management Systems
Continuity of business is as vital as continuity of life. And as we invest in continuity of life, we have to invest in the continuity of business. Investment in terms of thought. Investment in terms of action. Investment in terms of resources. All for business continuity. ISO 22301, the Business Continuity Management system standard, is the framework, wherein we can channelize thoughts, actions and resources for business continuity. We need to protect the organization and business. It is vital these days. Customers want products and services at all times. At the time they wish to have it. Customers like to do business with the organization which has a business continuity management system in place as this ensures the capability of organization to deliver service or product any time including in times of disaster or a crisis.
Purpose of ISO 22301:2012
ISO 22301 Societal Security –Business Continuity Management Systems –Requirements is an International Standard that specifies the requirements for setting up and managing an effective Business Continuity Management System (BCMS). ISO 22301:2012 specifies requirements to establish a management system to protect and respond to disruptive incidents when they arise.
Benefits of ISO 22301
The Key benefits are as under:
- improve organizational focus
- reduces the impact of disasters
- readiness towards handling business interruptions
- improves the reputation and credibility of organization
- attracts investors and customers.
- facilitates risk management – both internal and external
Features of ISO 22301
ISO 22301 BCMS is based on the structure of ISO Annex SL and emphasis the importance of PDCA (Plan-Do-Check-Act):
- Plan (Establish): Establish business continuity policy, objectives, targets, controls and processes relevant to improving business continuity in order to deliver results that align with the organization’s overall policies and objectives (Refer Clause 4, 5, 6 & 7 of Standard)
- Do (Implement and Operate): Implement and operate the business continuity policy, controls, processes and Procedures (Refer Clause 8 of Standard)
- Check (Monitor and Review): Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine the actions for remediation and improvement (Refer Clause 9 of Standard)
- Act (Maintain and Improve): Maintain and improve the BCMS by taking corrective actions based on the results of management review and reappraising the scope of the BCMS and business continuity policy and objectives. (Refer Clause 10 of Standard)
DQS Certification India appoints a competent & suitable auditor or team of auditors to audit the organization against the standard & scope requested by the clients. Gap analysis may be performed first to check readiness for the auditee organization. Certification Audit is carried out when the client is ready for assessment. Routine surveillance audits are carried out to evaluate continual improvement in the validity period. A re-certification audit is performed after every three years to maintain continuity of certification.