Learning Center
Plans & pricing Sign in
Sign Out

Standard iso 9001


Standard iso 9001

More Info
									Standard iso 9001

According to various sources, the leading business continuity standard BS 25999-2 will
be replaced by an international standard ISO 22301 by the end of 2011. This kind of
transition is normal - the same thing happens with most management standards, for
instance with ISO 27001 when in 2005 it succeeded BS 7799-2. So what are the main
changes that ISO 22301 will bring when compared to BS 25999-2?

One important note here - since ISO 22301 hasn't been published yet, the final version of
the standard still doesn't exist, so some of the things I've written here may not exist in the
final version. I am using a draft version published in February 2011 on the BSi Draft
Review website.

ISO 22301 will have this title: ISO 22301, Societal security - Business continuity
management systems - Requirements. Although "Societal security" may sound a little
strange in relation to business continuity, here is how ISO defines it: "... standardization
in the area of societal security, aimed at increasing crisis management and business
continuity capabilities, i.e. through improved technical, human, organizational, and
functional interoperability as well as shared situational awareness, amongst all interested

At first sight, it is obvious that the structure of ISO 22301 is very different from BS
25999-2, although all the basic elements of BS 25999-2 still do exist in ISO 22301.

Let's take a deeper look.


The biggest similarity is that all core business continuity elements in BS 25999-2 will be
present in ISO 22301 too: business continuity policy, business impact analysis, risk
assessment, business continuity strategy (in ISO 22301 it will be called "business
continuity options"), business continuity plans, exercising and testing etc.

Business impact analysis will probably be broken down in several clauses, demanding
more precision. The requirements for business continuity plans, including response
procedures and recovery plans, are much more detailed too - e.g. the communication part.

The management part of BS 25999-2 will also be transferred to the new standard -
document control, internal audit, management review, corrective and preventive actions,
human resources management etc. (by the way, these elements exist in all other
management standards - ISO 9001, ISO 14001, ISO 27001...).
However the documentation will be called "documented information", and preventive
actions will be called "actions to address issues and concerns".

... and differences

Plan-Do-Check-Act (PDCA) model is even less clearly stated in ISO 22301 compared to
BS 25999-2, although BS 25999-2 is not as clear in that respect as ISO 27001. However,
in my view that won't affect the clarity of the process through which the standard should
be implemented since the main sections of the standard are organized in a rather logical

ISO 22301 will obviously put much greater emphasis on setting the objectives,
monitoring performance and metrics - therefore bringing business continuity much closer
to top management way of thinking.

Following that line, ISO 22301 puts clearer expectations on management and summarizes
them in a single section.

ISO 22301 will resolve one of the shortcomings of BS 25999-2, and will require much
more careful planning for and preparing the resources needed for ensuring business
continuity - those requirements are now extended and more clearly structured.

Finally, what will be different about ISO 22301, being an international standard, is that
certification bodies will push certification against this standard much harder, so it will
gain its popularity much faster.

As a conclusion, all the basic elements of BS 25999-2 will probably be present in ISO
22301 too, only ISO 22301 will be more precise and more demanding. Organizations that
have already implemented BS 25999-2, and want to "upgrade" to ISO 22301, will have to
pay more attention to detail and will have to invest more time into preparing and
maintaining their system. On the other hand, ISO 22301 will certainly help them raise
their level of resilience and their level of credibility - the same thing that ISO 27001 did 6
years ago when it replaced BS 7799-2.

If you want to download over free 50 ebook for iso 9001 standard, you can visit:

Best regards

To top