If you're new to business continuity management, ISO 22301 Business Continuity Management follows the very latest best practice for business continuity. You may wish to align and certify to this International Standard.
For more information, please click here to see our FAQ for certification and assessment customers around making the transition from BS 25999-2 to ISO 22301.
All core BS 25999-2 business continuity requirements are present in ISO 22301. These include:
Objectives, monitoring performance and metrics
ISO 22301 puts greater emphasis on the setting of objectives, monitoring performance and metrics – bringing business continuity much closer to top management. These may be new requirements, but many organizations already produce metrics to quantify their business performance and can extend these to cover BCMS performance.
Top management commitment
ISO 22301 gives top management clearer BCM leaderships responsibilities and outlines specific ways in which management must demonstrate its commitment to the system.
ISO 22301 requires specific resource planning and preparation. It aims to integrate the BCMS with the organization’s objectives and risk appetite. Requirements are extended and more clearly structured.
Requirements around Supply Chain
ISO 22301 specifies more requirements relating to suppliers. These make it a useful tool for validating supply chains and client and contractual requirements.
The new international standard requires organizations to consider their interested parties more widely than BS 25999-2, bringing about closer alignment with organisational objectives for corporate social responsibility.
International adoption and acceptance
ISO 22301 is likely to lead to wider use of international BCMS best practice. It aims to standardize the approach to and language of BCM, creating a level playing field for international business.
While BS 25999-2 should be withdrawn, it remains relevant and you can still use it. The standard has simply been superseded by ISO 22301 based on the way BCM best practice has evolved over the past five years.
BS 25999-2 should be withdrawn on 1 November 2012 (a six month period after ISO 22301 publication).
ISO 22301 isn't going to be considered a new scheme, but rather it will be considered a transition. Clients with BS 25999 certification with BSI can undertake a transfer assessment aligned to their current planned surveillance visits. These will be of the same duration, and the process will start soon after publication of the standard.
Yes, certificates issued to BS 25999-2 will remain valid during the transitional period. No further certification or renewals will be issued to BS 25999-2 after May 2014 (to be confirmed)
Yes, this is ISO 22313 Societal security - Business continuity management systems - Guidance. It is due in late 2012/2013. In the interim BS 25999-1 will still act as useful guidance.
This will be determined in the future based on the developments of ISO 22313 Societal security - Business continuity management systems – Guidance.
For more detailed FAQ's please click here...