{"id":24709,"date":"2019-11-05T15:01:45","date_gmt":"2019-11-05T15:01:45","guid":{"rendered":"https:\/\/multiacademstg.wpengine.com\/27001academy\/?p=24709"},"modified":"2024-12-21T12:27:43","modified_gmt":"2024-12-21T12:27:43","slug":"iso-22301-transition-from-2012-to-2019-revision-is-it-needed","status":"publish","type":"post","link":"https:\/\/advisera.com\/27001academy\/blog\/2019\/11\/05\/iso-22301-transition-from-2012-to-2019-revision-is-it-needed\/","title":{"rendered":"Do we need to make the transition from ISO 22301:2012 to the 2019 revision?"},"content":{"rendered":"<p>The new revision of <a title=\"ISO 22301\" href=\"https:\/\/advisera.com\/27001academy\/what-is-iso-22301\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 22301<\/a> was finally published on October 31, 2019, and you are probably asking yourself whether you need to implement the whole standard all over again. Well, a new implementation is not quite necessary \u2013 although the 2019 revision did bring some changes, they are not so drastic. For differences between the 2019 and 2012 versions, see this <a title=\"Infographic ISO 22301:2012 vs. ISO 22301:2019 revision \u2013 What has changed?\" href=\"https:\/\/advisera.com\/27001academy\/blog\/2019\/12\/02\/iso-22301-2019-vs-iso-22301-2012-key-changes-infographic\/\" target=\"_blank\" rel=\"noopener noreferrer\">Infographic ISO 22301:2012 vs. ISO 22301:2019 revision \u2013 What has changed? <\/a><\/p>\n<h2>Timing of compliance with the new revision<\/h2>\n<p>First of all, let\u2019s see how much time you have. According to <a title=\"UKAS\" href=\"https:\/\/www.ukas.com\/download\/technical-bulletins\/2019.11.12-Technical-Bulletin-ISO-22301-2019.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">UKAS<\/a>, companies already certified against the ISO 22301 2012 revision will have a transition period of three years to \u201cupgrade\u201d their Business Continuity Management System (BCMS) to the new 2019 revision.<\/p>\n<p>Since the 2019 revision was published on October 30, 2019, this means that according to UKAS, companies will be able to transition until October 31, 2022. If your existing ISO 22301 certificate expires after October 31, 2022, then the certification bodies will check if you are compliant with the new revision during the regular surveillance visits; if your certificate expires before October 31, 2022, then you must transition by your next re-certification.<br \/>\n<div id=\"middle-banner\" class=\"banner-shortcode\"><\/div><script>loadMiddleBanner();<\/script><br \/>\n<div id=\"side-banner-trigger\" class=\"banner-shortcode\"><\/div><\/p>\n<h2>Main differences<\/h2>\n<p>\u201cMore streamlined and practical.\u201d These words define well what this new 2019 revision of ISO 22301 brings for business continuity management.<\/p>\n<ul>\n<li>Many documents are not mandatory anymore, like the <a href=\"https:\/\/advisera.com\/27001academy\/iso22301-documentation-toolkit\/?rel=management-system&#038;doc=procedure-for-identification-of-requirements\" target=\"_blank\" rel=\"noopener\">Procedure for identification of applicable legal and regulatory requirements<\/a>, and documents for business impact analysis and risk assessment (although it would be a good practice to use them).<\/li>\n<li>Some requirements are less prescriptive (e.g., 4.1 &#8211; Understanding the organization and its context, and 7.4 \u2013 Communication), which means that organizations now have more freedom to adopt approaches that best fit their contexts.<\/li>\n<li>A new clause was added, which requires planning the changes to the BCMS (clause 6.3).<\/li>\n<li>Required resources are now identified based on continuity solutions instead of continuity strategies.<\/li>\n<\/ul>\n<p style=\"padding-top: 15px; padding-bottom: 15px;\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-24723\" src=\"\/wp-content\/uploads\/\/sites\/5\/2019\/11\/22301-transition-article.jpg\" alt=\"Do we need to make the transition from ISO 22301:2012 to the 2019 revision?\" width=\"1000\" height=\"526\" srcset=\"\/wp-content\/uploads\/sites\/5\/2019\/11\/22301-transition-article.jpg 1000w, \/wp-content\/uploads\/sites\/5\/2019\/11\/22301-transition-article-300x158.jpg 300w, \/wp-content\/uploads\/sites\/5\/2019\/11\/22301-transition-article-768x404.jpg 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/p>\n<p>For more information about mandatory documents and records for the 2019 revision of ISO 22301, please read: <a title=\"Mandatory documents required by ISO 22301 revision 2019\" href=\"https:\/\/advisera.com\/27001academy\/knowledgebase\/mandatory-documents-required-by-iso-22301\/\" target=\"_blank\" rel=\"noopener noreferrer\">Mandatory documents required by ISO 22301 revision 2019<\/a>.<\/p>\n<h2>Transition or adaptation?<\/h2>\n<p>Most changes in the 2019 revision aimed to make the standard less complex, and only one new small clause was included (6.3), so you may be wondering what is needed for a successful transition to the 2019 revision of the standard.<\/p>\n<p>In fact, this could be hardly called a \u201ctransition\u201d at all. All the changes to be made to fill gaps are not enough to justify a project-based approach like you might use for transitions of other management standards, like was the case with the ISO 27001 2005 revision to the 2013 revision.<\/p>\n<p>This situation is closer to the regular effort of maintaining your compliance with the standard, where you can plan less-complex activities to make the few smaller adaptations to achieve compliance with the new revision of the standard.<\/p>\n<h2>Changes put a system in place to show the usefulness of your BCMS<\/h2>\n<p>And, this is it. It might seem like there\u2019s little to do (clauses like document control, performance evaluation, and continual improvement basically did not change), but that\u2019s because:<\/p>\n<ul>\n<li>Updates to the new revision were made to make the standard leaner (eliminating redundancies in the text and placing requirements in more appropriate sections).<\/li>\n<li>Mandatory documents are reduced, although related clauses are still mandatory.<\/li>\n<li>The ISO 22301 2012 revision was one of the first to follow the high-level structure for ISO management systems standards as defined by Annex SL, so it was already aligned with the structure of other management system standards that were published in the meantime, like <a title=\"ISO 9001\" href=\"https:\/\/advisera.com\/9001academy\/what-is-iso-9001\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 9001<\/a>, <a title=\"ISO 14001\" href=\"https:\/\/advisera.com\/14001academy\/what-is-iso-14001\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 14001<\/a>, and <a title=\"ISO 27001\" href=\"https:\/\/advisera.com\/27001academy\/what-is-iso-27001\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 27001<\/a>.<\/li>\n<\/ul>\n<p>These changes in the standard really do make sense \u2013 they will not only bring your Business Continuity Management System (BCMS) closer to the needs of your business, but you will also have a system in place to show the usefulness of your business continuity management.<\/p>\n<p style=\"padding-bottom: 10px;\"><em>To implement ISO 22301 easily and efficiently, use our<\/em>\u00a0<a href=\"https:\/\/advisera.com\/27001academy\/iso22301-documentation-toolkit\/\" target=\"_blank\" rel=\"noopener\">ISO 22301 Documentation Toolkit<\/a>\u00a0<em>that provides step-by-step guidance and all documents for full ISO 22301 compliance.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The new revision of ISO 22301 was finally published on October 31, 2019, and you are probably asking yourself whether you need to implement the whole standard all over again. Well, a new implementation is not quite necessary \u2013 although the 2019 revision did bring some changes, they are not so drastic. For differences between &#8230;<\/p>\n","protected":false},"author":41,"featured_media":24710,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[1769,1770],"class_list":["post-24709","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-iso-22301-implementation","tag-iso-223012019"],"acf":[],"_links":{"self":[{"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/24709","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/comments?post=24709"}],"version-history":[{"count":1,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/24709\/revisions"}],"predecessor-version":[{"id":103207,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/24709\/revisions\/103207"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/media\/24710"}],"wp:attachment":[{"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/media?parent=24709"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/categories?post=24709"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/tags?post=24709"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}