Transition to ISO 22301:2019

ISO 22301 was first released in 2012. It was one of the first ISO standards to apply the High Level Structure (HLS). It sets requirements and best practices to build more robust and resilient businesses, enabling them to tackle disruptive incidents. Compliant organizations have more effective responses, quicker recovery and are thereby able to reduce impact on people, products and the organization’s bottom line. 

A revised version of ISO 22301

ISO 22301:2019 was released 31 October 2019. It was prepared by the Technical Committee ISO/TC 292 Security and Resilience. It has over 60 National Standards Bodies are members. The revision’s aim has been to reflect ongoing changes and developments in the business continuity world, bringing more value to those implementing the standard.  

Overall, changes may be considered small. No fundamental new requirements have been added. The 3 main areas of changes include: 

• The structure of the standard has been reviewed to make it easier to read and implement, providing greater clarification of what is required. 
• The language and terminology related to business continuity have been simplified and modified to improve clarity and consistency and to better reflect today’s thinking in the business continuity world. 
• Use of the High Level Structure (HLS) has been further streamlined  to remain in line and compatible with all other ISO management system standards.  
• For organizations that have already implemented standards based on HLS, the transition should be relatively straightforward compared with other recent transitions such as for ISO 9001.  

Transition timeline 

• The transition period is 3 years from 31 October 2019 (the starting date for the transition)  
• All ISO 22301:2012 accredited certificates will cease to be valid after 31 October 2022 (the end of the transition period)  
• Certification Bodies shall cease to conduct initial and recertification audits to ISO 22301:2012 18 months from the starting date, which is 30 April 2021.  

How to prepare for implementation of the new version?  

We recommend you start preparing for the transition as early as possible and plan properly to incorporate needed changes into your management system.  

Recommended steps for the transition: 

• Get to know the contents and requirements of the new standard. If you are a current user of the 2012 standard, you should focus on the changes implied by the revised standard.  
• Ensure that relevant personnel in your organization are trained and understand the requirements and key changes. 
• Identify gaps which need to be addressed to meet the new requirements and establish an implementation plan. 
• Implement actions and update your management system to meet the new requirements.  

How can we support you?  

Whether you are a current user of ISO 22301 or you are new to business continuity DNV can support you on business continuity matters and the transition through: 

• Seminars, webinars, e-learning etc. where you learn about the revision and get a basic overview of contents and key changes in the standard, transition process etc. 
• Tutored training courses, in-house or public, were the objective is to provide detailed insight to content, changes and required steps for the transition. These are modular courses where the level of detail can be tailored to your company’s needs. 
• Gap assessment (workshops) where we assess your management system against the requirements of the new standard and identify the gaps that need to be addressed. This will provide useful input to your process to comply with the standard. The level of detail of such assessment can be tailored to your company’s needs.  

Start preparing for your transition and contact us. We can support you every step of the way.