Skip to main content

Procedure for ISO 22301:2019 Transition

Introduction of ISO 22301:2019
The first edition of ISO 22301 was launched in May 2012. it had been the primary truly internationally accepted standard on business continuity, and it consists of requirements to implement a Business Continuity Management System consistent with ISO Annex SL. As such, it stood in line with its prominent predecessors like ISO 9001 and ISO/IEC 27001.
What is good in ISO 22301-2019?
Here may be a summary of current modifications and similarities as compared to the first version: The PDC model diagram was deleted, as diagrams are hard to standardize and typically cause endless discussions and interpretations.
Clauses 4 to 10 cover the components of PDCA, as before.
There are not any normative references during this document.
The terms and definitions were updated to incorporate the ISO Online Browsing Platform and therefore the IEC Electropedia ; both are web-based information platforms.
In clause 3 “Terms and Definitions” several terms were modified, redefined, removed and added. Major changes include:
One of the most reasons that revisions of ISO management system standards are challenging within the last few years has been the adoption of the High-Level Structure, which may be a unified structure and core text for all ISO management system standards. However, the 2012 version of ISO 22301 already had the High-Level Structure – it had been one among the very first ISO standards to feature this new structure.
Therefore, instead of rewriting the entire standard, the working party could specialize in the wording and therefore the clarity. Many redundant sections are curtailed, the definitions became more consistent and therefore the text has become more logical.
ESSENCE OF BCMS ISO 22301-2019
What is particularly interesting is what percentage requirements are stripped back to their essence. Section 4.1 may be a good example: whereas the 2012 version prescribes what a corporation must do (and document!) so as to know the organization and its context, the remake merely states the necessity to “determine external and internal issues” without specifying what this entails. It doesn't say which aspects got to be taken under consideration, nor does it include a requirement to document this process. Something similar is occurring in section 7.4 on communication: the remake is markedly less prescriptive.

Another requirement that has been trimmed is that the involvement of top management (5.2). Both the old and therefore the remake require top management to plan to the BCM policy. However, whereas the old version went as far on require top management to “actively engage in exercising and testing”, the remake is more pragmatic in its approach and focuses on what's really needed to take care of an efficient BCMS.
OTHER CHANGES PROPOSED IN ISO 22301-2019
Beside an outsizes number of minor adjustments with little or no impact for certified sites, there are a couple of changes worth highlighting:
One of the only a few new requirements is clause 6.3, which needs organizations to form changes to the BCMS “in a planned manner”. Although technically this requirement is new, the content of the clause shouldn't be a surprise to anyone.
Section 8.2.2 on Business Impact Analysis (BIA) now stipulates that the BIA should take impact categories as a start line. While many organizations are already defining impact categories in their BIA, the remake of the quality makes this mandatory.
Section 8.3 has been renamed from “Business Continuity Strategy” to “Business continuity strategies and solutions”. This reflects the increased pragmatism of the standard: the main target isn't such a lot on developing a grand strategy to make sure business continuity, but rather on finding solutions for specific risks and impacts:
What is removed in ISO 22301-2019?
The term “risk appetite” has been far away from the quality. Within the 2012 version, “risk appetite” was defined because the “amount and sort of risk that a corporation is willing to pursue or retain”. The new standard, however, is true to abolish the term. Not only is “risk appetite” a rather subjective issue, it's also ultimately irrelevant: what matters isn't the danger a corporation is willing to require, but the extent at which the impact of not resuming activities would become unacceptable to a corporation .
REVISION OF THE ISO 22313 GUIDANCE
By trimming down the quality to its essence, ISO has achieved a more clear separation between the wants (what) and therefore the guidance (how). The guidance document ISO 22313, which dates back to 2012, also will be updated to reflect the changes within the ISO 22301 standard. It’s expected to be published shortly after the remake of ISO 22301 is released.
TIMELINE AND TRANSITION
The remake of ISO 22301 is currently at the draft stage. Counting on the feedback to the draft, the technical committee liable for the revision expects the quality to be published within the fall of 2019, as ISO 22301:2019.
After the publication, there'll be a transition period of three years. This is able to mean that each one certificates to the 2012 version would ultimately lose their validity within the autumn of 2022.
Source of blog

Labels:

Comments

Post a Comment

Popular posts from this blog

Business Continuity Management System Training Program

Course Description BCMS (Business Continuity Management System) 22301:2012 Lead Auditor Training is a 5-day instructor-lead course. The course is constructed around a case study and each activity is applied to the case study as we move through the course. There are more than 25 auditing activities as well as multi-media that provide practice applying and gain in an understanding of the requirements of ISO 22301 and BCMS auditing practices. Also included are small “quizzes” taken during the course after each section. The purpose of the quizzes is to help attendees measure what they know and what requires further study. What is Training Objectives? ISO 22301 refresh/review the structure & requirements of ISO 22301:2012.To enable delegates understand Key concepts in Business Continuity Management System auditing. To impart/enhance practical auditing skills to become internationally recognized certified Auditor/Lead Auditor. To enable the delegates to plan, conduct & m...
Post a Comment
Read more
ISO 9001:2008 Certification     Introduction of ISO 9001 Certification ISO 9001 Certified is a common word we hear as Customer, what is the meaning of ISO 9001? ISO 9001 Certified means an organization has met the requirements in ISO 9001 and has received third party certification for such demonstration. It defines an ISO 9000 Quality Management System (QMS). ISO 9001:2008 is focused on meeting customer expectations and delivering customer satisfaction so you must pay attention to the customer “Quality Management System is appropriate and effective, while forcing you to identify and implement improvements Continuous improvement assures your customers benefit by receiving products/services that meet their requirement, and that you deliver consistent performance. Internally, the organization will profit from increased job satisfaction, improved morale, and improved operational results. Meeting legal and regulatory requirements benefit the community.” ISO 9001-2008 ...
2 comments
Read more

ANTI-BRIBERY MANAGEMENT SYSTEM

ANTI-BRIBERY MANAGEMENT SYSTEM LEAD AUDITOR TRAINING A well-managed organization is expected to have an agreement plan supported by right management systems to assist it in complying with its legal obligations and commitment to integrity. An anti-bribery policy is a component of an overall compliance policy. The anti-bribery policy and supporting management system helps an organization to let alone or moderate the costs, risks and damage of involvement in bribery, to promote trust and self-confidence in business dealings and to improve its reputation. This document reflects worldwide good practice and can be used in all jurisdictions. It is applicable to small, medium and large organizations in all sectors, including public, private and not-for-profit sectors. The bribery risks facing an organization vary according to factors such as the size of the organization, the locations and sectors in which the organization operates, and the nature, scale and complexity of the organization...
Post a Comment
Read more