Not got ISO22301 yet? Want to know how it’s different from BS25999? Here’s your short guide and a link to the (free) transition document.
So what’s new?
Measuring. ISO requires objectives, monitoring and performance metrics. The intention is to create reporting ability that the board understand so they have better visibility and understanding of the work (and can better champion it).
The BSI apparently believes most organisations already produce good metrics. Here at Continuity In Business Towers, we disagree with this notion: our experience suggests many have lists of plans with the dates the plans were last updated and rehearsed and had their BIAs updated. Some organisations also have records of near misses and incidents. But we’ve not yet seen a universally accepted system of metric evaluation (even though we’ve covered quite a few options offered by others on these pages).
BS25999 also demanded leadership from top level management. ISO22301 claims to take things further by outlining their responsibilities, which include continual demonstration of commitment to continuity planning.
ISO22301 has more detailed requirements for risk management and requires risk assessments to be integrated with the overall risk management process. This is good news in the sense that many business continuity plans have risk assessments attached to them that have been done in isolation; it’s possibly not the most fun news that those who prefer to avoid the Risk Management function have heard this year and, in our opinion, work will need to be done to ensure that Business Continuity Planners don’t gradually drift into the same territory many Risk Managers find themselves in where they consider their work to be vastly undervalued and underused by their organisations (see Strategic Risk magazine, 2008).
There’s a lot more on Supply Chain in ISO22301 than in BS25999, with particular focus on suppliers (as opposed to being a supplier). It’s much more useful for evaluating supply chains and contractual requirements.
If you want more free information about the differences, check out the BSI’s free Transition Guide.
Click this link to purchase and download ISO22301.
Subscribe - weekly news and a free course!
3 comments on “ISO22301: What’s Different?”
Pingback: Watch ISO22301 video