ISO 22301:2019 vs. previous versions: What's changed?

Table of contents

Examining the two tables of contents in ISO 22301 shows very few changes, other than some restructuring and renaming of section titles.

According to the standard, the principal changes ISO made in 2019 as compared to the 2012 edition are as follows:

1. Requirements for management system standards, which have evolved since 2012, have been applied
2. Requirements have been clarified, with no new requirements added
3. Discipline-specific business continuity requirements are now almost entirely within Clause 8 (Section 8)
4. A restructuring of Clause 8 to provide a clearer understanding of the key requirements
5. Numerous discipline-specific business continuity terms have been modified to improve clarity and to reflect current thinking

The introduction added a section, "Benefits of a Business Continuity Management System," which has language that can help justify the need for a BCMS. The ISO modified the Plan-Do-Check-Act management system description to reflect updated ISO management system requirements.

Scope, normative references, terms and definitions

ISO has updated many of the terms in the standard to reflect current views on the profession. The new version provides convenient reference pointers for each term and where they are in the standard's text. In ISO 22301:2019, the committee responsible for the BC standard removed the term maximum tolerable period of disruption, which was used in the 2012 edition. They replaced it with the more general term disruption, which the committee felt had greater flexibility with regard to issues such as length, severity and cause of the disruption.

The following sections have been largely unchanged or simply restructured by ISO:

• Section 4 -- Context of the Organization
• Section 5 -- Business Continuity Management System
• Section 6 -- Planning

Section 7 -- Support has been restructured, and its content has been slightly revised by ISO for the 2019 version. ISO restructured and revised much of Section 8 -- Operation. They've added a new subsection, "Evaluation of business continuity documentation and capabilities," to underscore the importance of periodic examinations of and updates to BCMS documentation and also to ensure that the documentation is compliant with the standard. This subsection was taken from the 2012 version of Section 9 -- Performance Evaluation, which ISO also restructured and revised.

The organization slightly revised content in Section 10 -- Improvement for ISO 22301:2019.

New standards

Numerous items in the original standard, such as guidelines for business impact analyses (BIAs) and supply chain business continuity management, have been recast into totally new standards. Specifically, the new BIA standard is ISO/TS 22317:2015 Societal security -- Business continuity management systems -- Guidelines for business impact analysis (BIA) and the new supply chain BC standard is ISO/TS 22318:2015 Societal security -- Business continuity management systems -- Guidelines for supply chain continuity.

This is an important trend for BC professionals who wish to ensure compliance with the global standards. The ISO will, over time, issue new standards in its ISO 223XX series that provide additional guidance on key activities defined in ISO 22301:2019.