International Standard Certification Service Provider.

+971 58 524 3462

WHAT IS ISO 22301?

ISO 22301:2019

WHAT IS ISO 22301?

WHAT IS ISO 22301?

ISO 22301:2019 – Security and resilience — Business continuity management systems — Requirements

In October 2019 a revised version of the business continuity management standard, ISO 22301, was published. In this article Hilary Estall, MBCI and IRCA Lead BCMS Auditor, explores the new version. Lifting the lid on what appears to be an uncontroversial update identifies areas which, whether aligned or certified to the Standard, will require time and thought to digest and apply.


ISO 22301 was revised to reflect ongoing changes in the business continuity world and respond to the continuing development of Management System Standard (MSS) requirements. Here, I look at the changes made and the impact to users, offering ideas on how to go about adjusting your business continuity management system (BCMS), to reflect ISO 22301:2019 requirements.

The ISO22301 standard is useful for organizations to assess their competence to continue to meet their business capabilities and obligations, even in the face of the occurrence of a disruptive event affecting them.

To do this, the standard indicates the requirements for continuously planning, implementing, operating, maintaining and improving a Business Continuity Management System (SGCN). This system provides the preparation to deal with a wide spectrum of incidents, helps reduce the likelihood of occurrence of incidents, and allows to respond and recover if they occur.

Main changes ISO 22301:2012 vs ISO 22301:2019

It is noteworthy that if your organization/company obtained ISO 22301:2012 certification you should have no problem transitioning to this new version. There have been no major structural changes in the standard.

As ISO version 22301:2012 already had a high-level structure, it has not been necessary to rewrite the entire standard, especially the changes have focused on drafting and clarity. For this reason, the text has become more consistent and logical.

The main changes have been the following:

ISO 22301:2019 What’s changed?

Headline changes, some of which are listed in the Foreword of the Standard, are as follows;

  • ISO 22301 now conforms to ISO’s requirements for management system standards, which have evolved since 2012 (Annex SL). (Remember ISO 22301:2012 was the first ISO MSS to follow the new Annex SL guidelines. Since then numerous MSS have been revised or developed using this approach and the interpretation applied in ISO 22301:2012 has since evolved). This has been a significant focus for the 2019 update;
  • Requirements have been clarified, with no new requirements added (but see amendments below);
  • Discipline-specific business continuity requirements are now almost entirely within section 8;
  • A number of discipline-specific business continuity terms have been modified to improve clarity and reflect current thinking; and
  • Content in clause 8 has been reordered, duplication removed and terminology simplified and more consistent.
  • Maintenance of an exercise and testing program.
  • Adaptation of the Management System to the standards of other ISO standards, such as the 27001 or the 9001.


Certification Process

  1. Application
    2. Contract Review
    3. Initial Certification (Stage 1 & 2 Audit)
    4. Surveillance Audit
    5. Recertification


For more information and enquiry, please drop us an email to or call us at +971 58 524 3462