ISO 22301:2012 is now in the final stages of release which is expected next month – October 2019. The good news is that there are no earth shaking changes in this version.

Some of the important changes are the following:

1. The Technical Committee 223 (Societal Security) is now merged into TC 292 (Security & Resilience). Mention of societal security has been removed from the objectives as well and resilience has been inserted. Hence, it does take us one step closer to resilience.
2. The 2012 version was one of the first few standards in the High-Level Structure, which is a unified structure and core text for all ISO standards. Over the years all standards are becoming leaner with crisp text and less prescriptive and we can see the same here.
3. The introductory guidance document has been removed and goes to ISO 22313 – the guidance document
4. Many new definitions have been added like a consequence, impact, etc. and definitions of Risk Appetite, RPO, RTO, MAO and MTPD, MBCO have been removed. These changes will make BCMS universally applicable.
5. The addition to BIA is that the standard requires to define impact categories and criteria which are relevant to the context which in any case was being done.
6. Many of the documentation requirements in Clause 4 relating to documentation of internal and external issues and needs and expectations of interested parties have been done away with but they still need to be considered in the establishment of context and scope of BCMS. Legal & Regulatory requirements and Scope still need to be documented. Much of the detailing on how the context is to be set for BCMS has been removed giving more flexibility in implementation. Something similar is seen in section 7.4 on communication: the new version is less prescriptive. So is the case with the prescriptiveness in Top Management commitment where active participation of top management in an exercise program has been removed. Overall these changes make the standard more practical and pragmatic.
7. One of the very few new requirements is clause 6.3, which requires organizations to make changes to the BCMS “in a planned manner”. Although technically this requirement is new, the content of the clause should not be a surprise to anyone.
8. Section 8.3 has been renamed from “Business Continuity Strategy” to “Business continuity strategies and solutions”. This reflects the increased pragmatism of the standard: the focus is not so much on developing a grand strategy to ensure business continuity, but rather on finding solutions for specific risks and impacts.

Want to learn more on the new ISO 22301 coming up this October.

Join us for a one day class room training ( INR 12,000/-) starting October or wait for our new online training (INR 5000/-) starting December 2019.

Contact us at info@pricoris.com

Website: https://pricoris.com