ISO 22301 "SOCIETAL SECURITY – BUSINESS CONTINUITY MANAGEMENT SYSTEMS – REQUIREMENTS" was the first published in 2012 and was the first ISO standard that had fully adopted the High Level Structure format for establishing management system standards as described in Annex SL. It has become the international benchmark for business continuity management systems. There were around 4000 organizations certified to ISO 22301 worldwide (basing on 2017 data), and was mainly adopted by industries such as IT, Banks, Government and Manufacturer where business continuity is vital to them.
In 2017, ISO/TC 292 Security and resilience took up the responsibility to carry out a review on the 2012 version of ISO 22301. After rounds of review and balloting, ISO 22301: 2019 "SECURITY AND RESILIENCE - BUSINESS CONTINUITY MANAGEMENT SYSTEMS - REQUIREMENTS" was published on 30 Oct 2019.
As mentioned, since 2012 version of ISO 22301 was established basing on the High Level Structure format, there is only minor changes pertaining to the clause titles layout as shown below. The main changes are under Clause 8. Example, business continuity strategies must be identify and selected basing on the outputs from the business impact analysis and risk assessment; and such business continuity strategies shall be comprised of one or more solutions.
On top of these, the other changes are mainly refinement on the wordings, terms, phrasing, etc for clarity and consistency. There are also some redundant descriptions which were removed, making it better and with logical sense.
Similar like any other revised ISO standards, organisation is to transit to the 2019 version by 3 years time. To be exact, organisation is to update its relevant documents and implement accordingly, and arrange with its Certification Body to carry out transition assessment by October 31, 2022.