ISO22301: What’s Different?

Not got ISO22301 yet?  Want to know how it’s different from BS25999?  Here’s your short guide and a link to the (free) transition document.

So what’s new?

Measuring.  ISO requires objectives, monitoring and performance metrics.  The intention is to create reporting ability that the board understand so they have better visibility and understanding of the work (and can better champion it).

The BSI apparently believes most organisations already produce good metrics.  Here at Continuity In Business Towers, we disagree with this notion: our experience suggests many have lists of plans with the dates the plans were last updated and rehearsed and had their BIAs updated.  Some organisations also have records of near misses and incidents.  But we’ve not yet seen a universally accepted system of metric evaluation (even though we’ve covered quite a few options offered by others on these pages).


BS25999 also demanded leadership from top level management.  ISO22301 claims to take things further by outlining their responsibilities, which include continual demonstration of commitment to continuity planning.

Risk Integration

ISO22301 has more detailed requirements for risk management and requires risk assessments to be integrated with the overall risk management process.  This is good news in the sense that many business continuity plans have risk assessments attached to them that have been done in isolation; it’s possibly not the most fun news that those who prefer to avoid the Risk Management function have heard this year and, in our opinion, work will need to be done to ensure that Business Continuity Planners don’t gradually drift into the same territory many Risk Managers find themselves in where they consider their work to be vastly undervalued and underused by their organisations (see Strategic Risk magazine, 2008).

Supply Chain

There’s a lot more on Supply Chain in ISO22301 than in BS25999, with particular focus on suppliers (as opposed to being a supplier).  It’s much more useful for evaluating supply chains and contractual requirements.

free transition guide BS25999 to ISO22301

If you want more free information about the differences, check out the BSI’s free Transition Guide.

Click this link to purchase and download ISO22301.


Was this useful?
Share it!
Subscribe - weekly news and a free course!

Related Articles


About Author


3 comments on “ISO22301: What’s Different?

  1. paul on said:

    It would appear that the Transistion guide link does not work.


  2. Pingback: Watch ISO22301 video

Leave a Reply

Your email address will not be published. Required fields are marked *


50,947 Spam Comments Blocked so far by Spam Free Wordpress

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Get free weekly newsletter:
No spam guarantee.