14. Jan 2020

What is new?

ISO 22301:2019

The new revision of ISO 22301 – Business Continuity Management Systems was published on October 30 and is now available as ISO 22301:2019; the changes are minor.

The focus was laid on increasing the standard’s practical suitability; this is already reflected by the new name – the former title „Societal security” of the 2012 version has been changed to „Security and resilience – Business continuity management systems – Requirements” in the 2019 version.

ISO 22301 is the first Standard that specifies the requirements for implementing and maintaining an effective business continuity plan. It will help an organization to respond more effectively and to recover more quickly to disruption, thus reducing the impacts on persons, products and the company performance.

The key changes in ISO 22301:2019:

  • focus on a resilient organization to adapt to changes more effectively
  • focus on quick recovery from disruption based on response plans and employees who know how to respond in case of disruptive incident
  • systematic identification of internal weaknesses to mitigate them and implementation of plans to respond in case of disruption
  • redundancies of texts and requirements have been removed
  • 100% adaption of the „high level structure“
  • improved and „process-oriented“ structure – clear and logical operational sequence
  • emphasis on processes
  • enhanced user-orientation such as
    • 4.1 – “Context of the organization” – documentation requirements have been reduced
    • 5.1 –„Leadership and commitment“ and management commitment are now summed up in one clause
    • 5.2 – Active participation of management in response exercises is no longer required
    • 6.3 – It is now required to plan the changes to the BCM management system
    • 8.2 – A BIA (Business Impact Analysis) now should take impact categories as a starting point
    • 8.3 – In the previous version of the standard, the focus was on BCM strategies; now, the practical focus is also on finding solutions for specific risks and impacts
  • improved integration into existing management systems, such as ISO 9001, ISO 14001; ISO 45001, etc.
  • instead of an organization’s risk appetite, the focus is now on impacts and the extent to which an impact is acceptable for an organization.

The transition period will be 3 years, which means, after 30 October 2022 certificates for ISO 22301:2012 will no longer be valid.

Contact Persons Risk and Security

Unfortunately your search was unsuccessful. Please check your settings and your spelling.

News & Events

The basis for long-term success!

08. Jan 2024

Current information on the ISO 450xx series

New publication EN ISO 45001:2023

Learn more
13. Mar 2024

Event: 29. qualityaustria Forum

21. Dec 2023

ISO 9001 Revision: What you need to know now!

The first board meeting has taken place

Learn more
18. Dec 2023

Whistleblower system SecuReveal now accessible via qualityaustria website

All about the anonymous whistleblowing system for whistleblowers

Learn more
28. Nov 2023

SCC: Current status and important news

Known key points and further information

Learn more
07. Nov 2023

Quality Austria is new Certification Body for ISO/IEC 27001

Increasing demand for information security

Learn more
28. Aug 2023

Notified Body for in vitro diagnostics and medical devices

Communication from QMD Services GmbH

Learn more
24. Aug 2023

Achieving the green transformation with management systems

Achieving the green transformation with management systems

Learn more
24. Aug 2023

Pick up speed with EN 15085

Quality Austria recognized as manufacturer certification body

Learn more
19. Sep 2023

Event: CIS Compliance Summit 2023

The event will take place on 19 September 2023 at the ATH Savoyen in Vienna.

Learn more
07. Aug 2023

Quality Austria receives accredi­tation for ISO 55001 Asset Management

Key standard for asset management

Learn more
03. Aug 2023

ISO 9001 is being revised!

Revision of the international quality standard approved

Learn more
+43 732 34 23 22