ISO 22301:2019 vs. previous versions: What’s changed?

The International Organization for Standardization’s ISO 22301, Security and Resilience — Business Continuity Management Systems — Requirements, is the global standard for business continuity. Updated most recently in 2019, ISO 22301:2019 has gone through some structural changes from the previous version in 2012.

At a high-level basis, if you already have the 2012 version of ISO 22301, don’t discard it. Most of its content is still valid, but much of the content has been streamlined for ease of understanding and action. Below are some key changes in the 2019 edition, as well as tips to ensure that you can get the most value from ISO 22301:2019 and its companion standards.

Be sure to also use the ISO 22301 companion standard, ISO 22313:2012, Societal Security — Business Continuity Management Systems — Guidance. It supports ISO 22301 Examining the two tables of contents in ISO 22301 shows very few changes, other than some restructuring and renaming of section titles.

According to the standard, the principal changes ISO made in 2019 as compared to the 2012 edition are as follows:

1. Requirements for management system standards, which have evolved since 2012, have been applied
2. Requirements have been clarified, with no new requirements added
3. Discipline-specific business continuity requirements are now almost entirely within Clause 8 (Section 8)
4. A restructuring of Clause 8 to provide a clearer understanding of the key requirements
5. Numerous discipline-specific business continuity terms have been modified to improve clarity and to reflect current thinking

The introduction added a section, “Benefits of a Business Continuity Management System,” which has language that can help justify the need for a BCMS. The ISO modified the Plan-Do-Check-Act management system description to reflect updated ISO management system requirements.