BS 25999 standard is to be replaced by new standard ISO 22301

BS 25999 is to be replaced by ISO 22301

 

The Business Continuity Management standard BS 25999 is going to be replaced by the newly published ISO standard ISO 22301.

ISO 22301’s full title is: ‘Societal security – Business continuity management systems – Requirements’ and the International Organization for Standardization (ISO) defines the standard as:

“…standardization in the area of societal security, aimed at increasing crisis management and business continuity capabilities, i.e. through improved technical, human, organizational, and functional interoperability as well as shared situational awareness, amongst all interested parties.”

The structure of the new ISO standard is very different to BS 25999 (technically BS 25999-2) however the basic elements of BS 25999-2 still exists in ISO 22301. The following briefly describes the similarities and differences between both standards.

Similarities

  • All of the core business continuity elements in BS 25999-2 are present in ISO 22301 too namely: business continuity policy, business impact analysis, risk assessment, business continuity strategy (in ISO 22301 it will be called “business continuity options”), business continuity plans, exercising and testing etc.
  • The business impact analysis requirement is now broken down into several clauses, demanding more precision in its application. The requirements for business continuity plans, including response procedures and recovery plans, are more detailed in the new standard – e.g. the communications section.
  • The management section of BS 25999-2 is also transferred to the new standard ISO 22301; document control, internal audit, management review, corrective and preventive actions, human resources management etc. (These also exist in all of the other management standards – ISO 9001, ISO 14001, ISO 27001…).
  • However the documentation will be called “documented information” and preventive actions will be called “actions to address issues and concerns”.

Differences

  • The Plan-Do-Check-Act (PDCA) model is not as clearly defined in ISO 22301 as within the old standard BS 25999-2.
  • ISO 22301 places an increased emphasis on setting the objectives, and monitoring performance and metrics, therefore bringing business continuity much closer to top management way of thinking. Following that line, ISO 22301 puts clearer expectations on management and summarizes them in a single section.
  • ISO 22301 will resolve one of the shortcomings of BS 25999-2, and will require increased careful planning for and preparing the resources needed for ensuring business continuity – those requirements are now extended and more clearly structured.

To conclude all of the basic elements of BS 25999-2 are present in the new standard ISO 22301 but ISO 22301 will be more precise and demanding. Organizations that have already implemented BS 25999-2, and want to “upgrade” to ISO 22301, will need to pay additional attention to detail and will need to invest more time into preparing and maintaining their system. On the other hand, ISO 22301 will certainly help them raise their level of resilience and their level of credibility – the same thing that ISO 27001 did 6 years ago when it replaced BS 7799-2.
Certification Europe’s transition policy (from BS 25999 to ISO 22301) will follow shortly and we have been informed that it will late 2012 before UKAS can support this process with us.

Robert Lyons
Robert Lyons

Social
Share

Related ISO Certifications

Certification Europe small Rosette logo symbol

ISO 9001

Quality Management System

Quality Management System ISO 9001 is an internationally recognised global standard that confirms an …
Certification Europe small Rosette logo symbol

ISO 14001

Environmental Management System

ISO 14001 Environmental Management System ISO 14001 is the global standard for organisations wanting …
Certification Europe small Rosette logo symbol

ISO 45001

Occupational Health and Safety

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for …
Certification Europe small Rosette logo symbol

ISO 50001

Energy Management System

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve …
Certification Europe small Rosette logo symbol

ISO 27001

Information Security Management Systems

Information Security Management Systems ISO 27001 is the international standard for managing risks related …
Certification Europe small Rosette logo symbol

ISO 22301

Business Continuity Management Systems

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. …
Certification Europe small Rosette logo symbol

ISO 20000-1

IT Service Management Systems

IT Service Management Systems ISO 20000-1 Service Management is the international standard for quality …
Certification Europe small Rosette logo symbol

ISO 13485

Medical Devices

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements …
Certification Europe small Rosette logo symbol

ISO 27701

Privacy Information Management Systems

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management …
Certification Europe small Rosette logo symbol

BS 10012

Personal Information Management System

Personal Information Management System BS 10012 provides a framework for a Personal Information Management …
Certification Europe small Rosette logo symbol

ISO 27018

Protection of Personally Identifiable Information (PII)

Protection of Personally Identifiable Information (PII) ISO 27018 is the global standard organisations use …
Certification Europe small Rosette logo symbol

ISO 27017

Cloud Data Protection

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen …
Previous
Next

Related Insights

How to make small business sustainability a priority

Small business sustainability is becoming a priority in the drive towards Ireland becoming net zero – here’s…

What is circular economy and what does it mean for organisations?

The circular economy is not a new phenomenon. Read our breakdown of what the circular economy is…
Previous
Next