Menu Close

ISO 22301:2019 for BCM | 5 Key Changes from 2012 Version

ISO 22301:2019 vs ISO 22301:2012

Introduction to ISO 22301

Back in 2012, ISO 22301 standard was introduced by the International Standard for Organization to assist organizations in continuing their operations for longer periods. Businesses that wanted to sustain even during the crisis had to apply and conform to various clauses of the standard. Additionally, organizations had to establish a Business Continuity Management System (BCMS) to assure its customers and stakeholders. As per the standard requirements, organizations that instilled BCMS demonstrated that they continue their operations even during a data breach, disasters, and disruptions.

What does the ISO 22301 Standard specify?

As per ISO, this international standard consists of requirements that have to be documented by the organization in order to protect itself from disruptive events. The document should contain the processes involved in planning, establishing, implementing, operating, monitoring, reviewing, and maintaining the BCM system. Other specifications include the approach of proactively assessing risks and opportunities. Moreover, it is important to note that this ISO standard is applicable to all organizations, irrespective of their industry and size.

ISO 22301:2019 vs ISO 22301:2012

The latest version of the standard was published in 2019, requiring organizations certified with ISO 22301 to adapt to the new changes while meeting the requirements. Compared to the previous version that was published in 2012, the newer version is in accordance with the ISO 9001 and ISO 27001 standards. Let us have a look at the changes that businesses are required to incorporate to maintain the certification.

Mandatory documents

The earlier version of the standard necessitated businesses to fulfill the requirement of maintaining several mandatory documents for earning ISO 22301 Certification. This requirement has changed in the newer version, wherein businesses are required to draw comparatively lesser documents related to the standard specifications. Along with the documents that are to be maintained, the new version entitles businesses to meet lesser prescriptive requirements than the earlier version. the 2012 publication of the standard had several prescriptive requisites that organizations had to follow in order to meet be aligned with the standard.


The latest version of the ISO 22301 Standard retains the same structure as the earlier version of the standard. the framework has been retained just like the other ISO standards which were released after the year 2012. Although not considered as a major change, there exists a few changes within the standard and its clauses. Moreover, these changes do not affect the organization significantly as it mainly prescribes how the BCMS system has to be written.


Businesses continuity was considered merely a strategy for the organizations in the earlier version. Most businesses did not consider the concept of business continuity until recent years. However, organizations that followed the earlier version of the standard utilized and exploited the strategy of business continuity to gain a competitive advantage. The current version of the standard considers business continuity as a solution for handling risks and threats. To be in conformance with the standard, businesses have to now define their resources based on the solution. This greatly affects the budget set aside for business continuity.


The earlier version of the standard specifies a wide range of requirements which had earlier created confusion for various organizations regarding its application. The newer version of the standard specifies lesser requirements with clarity. This has enabled businesses to simplify their approach to business continuity and meet all the necessary requirements. Clause 8 of the publication which is known to specify the requirements has been restructured offering a clear understanding.


The newer publication of the standard further mentions the terms, scope, definitions, and references that reflect the current trends. Several business continuity terms have been changed or altered as per the current thinking of businesses. This further provides clarity for organizations applying the standard to comprehend and reap the benefits of business continuity. Earlier version of the standard incorporated terms and scop which were quite complex, necessitating businesses to rethink the application of the standard.


Business continuity plays a major role in every organization, especially in the pandemic years. Several businesses failed to exist due to lack of competencies in handling such disruption. Additionally, businesses that could not comprehend the need for the BCM system suffered huge financial losses. Therefore it is evident that every organization willing to survive in the industry for longer periods needs to apply ISO 22301 standard and meet its requirements.

Additionally, such organizations can hire professionals who have adequate knowledge of the standard and its applications. Individuals certified with ISO 22301 Foundation, gain the skills of implementing the standard in accordance with business needs during the training program. Therefore, recruiting individuals who have gone through ISO 22301 Foundation Training get to reap the benefits of applying the international standard of ISO 22301.

Posted in ISMS

Related Articles