Tuesday, April 30 2024

News on the ISO 22301 standard version 2019 - Business continuity management systems

 01/31/2024

 
The ISO 22301 version 2019 standard is the second version (edition) of this standard for business continuity management systems. It replaces the first edition of 2012.
 
Choosing to apply an anti-corruption management system allows you to:
  • reduce financial losses in the event of unforeseen events
  • create a competitive advantage
  • protect personnel and the environment
The requirements of the ISO 22301 standard version 2019
 
ISO 22301 quiz requirements version 2019
 
PQB T 26v19 Readiness ISO 22301 version 2019 training and its free demo without registration (soon)
 
PQB T 56v19 Internal Audit ISO 22301 version 2019 training and its free demo without registration (soon)
 
The PQB T 76v19 training package version 2019 (soon)

1. NEWS COMPARED TO THE 2012 EDITION

  • evolution of management system requirements
  • clarification of certain requirements
  • no new requirements
  • addition of business continuity requirements linked to specific disciplines in clause 8
  • restructuring of clause 8
  • modification of certain specific terms

2. ARTICLES ARE 10 ACCORDING TO TOP LEVEL STRUCTURE:

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context of the organization
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement

3. REQUIRED PROCEDURES (*MANDATORY)

  • procedures (documented):  procédure
    • legal requirements (§ 4.2.2)
    • document management (§ 7.5)
    • backup (§ 8.1)
    • business continuity (§ 8.4.1) *
    • response to disturbances (§ 8.4.2)
    • warning and communication (§ 8.4.3) *
    • business continuity plan (§ 8.4.4) *
    • internal audit (§ 9.2.2)
    • corrective actions (§ 10.1.3)

4. RECORDS REQUIRED (*MANDATORY)

  • recordings: enregistrement
    • business context (§ 4.1)
    • list of legal requirements (§ 4.2.2) *
    • field of application (§ 4.3) *
    • responsibilities and authorities (§ 5.3)
    • business continuity objectives (§ 6.2) *
    • plan to achieve the objectives (§ 6.2)
    • skills (§ 7.2) *
    • training program (§ 7.3)
    • communications plan (§ 7.4)
    • list of documents of external origin (§ 7.5.3.2)
    • operational control (§ 8.1)
    • changes (§ 8.1)
    • outsourced processes (§ 8.1)
    • impact assessment, analysis, results (§ 8.2.2)
    • risk treatment (§ 8.2.3)
    • strategies and solutions (§ 8.3.3)
    • risk communication (§ 8.4.3) *
    • disturbances, actions and decisions (8.4.3.1) *
    • business continuity plans (§ 8.4.4) *
    • exercise program (§ 8.5)
    • incident scenarios (§ 8.5)
    • exercise results (§ 8.5)
    • review of business continuity capabilities (§ 8.6)
    • performance evaluation (§ 9.1) *
    • methods and results of inspection, analysis and evaluation (§ 9.1)
    • SMCA maintenance plan (§ 9.1)
    • internal audit, program (§ 9.2.2) *
    • internal audit, report (§ 9.2.2) *
    • management review, results (§ 9.3.3.2) *
    • non-conformities and corrective actions (§ 10.1)
    • improvement report (§ 10.2)

5. REQUIRED PROCESSES (*MANDATORY)

  • process: processus
    • identify legal requirements (§ 4.2.2) *
    • analyze the impact assessment (§ 8.2.1) *
    • assess the risk (§ 8.2.3) *
    • restore activities (§ 8.4.5) *
    • audit internally (§ 9.2.2) *

6. REQUIRED POLICY (*MANDATORY)

  • policy: politique
    • continuity of activity (§ 5.2.1) *

7. THE VERB SHALL IS USED 242 TIMES

8. DETAILS OF ARTICLES AND PARAGRAPHS

1 Scope
 
2 Normative references
 
3 Terms and definitions
 
4 Context of the organization
 
4.1 Understanding of the organization of its context
 
4.2 Understanding the needs and expectations of interested parties
 
4.3 Determining the scope of the business continuity management system
 
4.4 Business continuity management system
 
5 Leadership
 
5.1 Leadership and commitment
 
5.2 Policy
 
5.3 Roles, responsibilities and authorities
 
6 Planning
 
6.1 Actions to address risks and opportunities
 
6.2 Business continuity objectives and planning to achieve them
 
6.3 Planning changes to the business continuity management system
 
7 Support
 
7.1 Resources
 
7.2 Competence
 
7.3 Awareness
 
7.4 Communication
 
7.5 Documented information
 
8 Operation
 
8.1 Operational planning and control
 
8.2 Business impact analysis and risk assessment
 
8.3 Business continuity strategies and solutions
 
8.4 Business continuity plans and procedures
 
8.5 Exercise programme
 
8.6 Evaluation of business continuity documentation and capabilities
 
9 Performance evaluation
 
9.1 Monitoring, measurement, analysis and evaluation
 
9.2 Internal audit
 
9.3 Management review
 
10 Improvement
 
10.1 Nonconformity and corrective action
 
10.2 Continual improvement