Email Address
Info@themis.com
Phone Number
Fax: 001 (407) 901-6400
Security and resilience — Business continuity management systems — Requirements
ISO 22301 was revised to reflect ongoing changes in the business continuity world and respond to the continuing development of Management System Standard (MSS) requirements. Here, I look at the changes made and the impact to users, offering ideas on how to go about adjusting your business continuity management system (BCMS), to reflect ISO 22301:2019 requirements.
The ISO22301 standard is useful for organizations to assess their competence to continue to meet their business capabilities and obligations, even in the face of the occurrence of a disruptive event affecting them.
To do this, the standard indicates the requirements for continuously planning, implementing, operating, maintaining and improving a Business Continuity Management System (SGCN). This system provides the preparation to deal with a wide spectrum of incidents, helps reduce the likelihood of occurrence of incidents, and allows to respond and recover if they occur.
It is noteworthy that if your organization/company obtained ISO 22301:2012 certification you should have no problem transitioning to this new version. There have been no major structural changes in the standard.
As ISO version 22301:2012 already had a high-level structure, it has not been necessary to rewrite the entire standard, especially the changes have focused on drafting and clarity. For this reason, the text has become more consistent and logical.
The main changes have been the following:
ISO 22301:2019 What’s changed?
Headline changes, some of which are listed in the Foreword of the Standard, are as follows;
• ISO 22301 now conforms to ISO’s requirements for management system standards, which have evolved since 2012 (Annex SL). (Remember ISO 22301:2012 was the first ISO MSS to follow the new Annex SL guidelines. Since then numerous MSS have been revised or developed using this approach and the interpretation applied in ISO 22301:2012 has since evolved). This has been a significant focus for the 2019 update;
• Requirements have been clarified, with no new requirements added (but see amendments below);
• Discipline-specific business continuity requirements are now almost entirely within section 8;
• A number of discipline-specific business continuity terms have been modified to improve clarity and reflect current thinking; and
• Content in clause 8 has been reordered, duplication removed and terminology simplified and more consistent.
• Maintenance of an exercise and testing program.
• Adaptation of the Management System to the standards of other ISO standards, such as the 27001 or the 9001.