Transitioning from BS 25999 to ISO 22301

Information and support to assist BSI clients in making the transition.

In May 2012, the ISO published ISO 22301: Societal security - Business continuity management system - Requirements. ISO 22301 is the new international Standard for business continuity management. The good news for BS 25999 certification customers is that the additional requirements are not too difficult.  

BSI will be able to assess your organization to the new Standard during your usual continuing assessment visits, providing good progress is being made towards the expiry deadline that is fast approaching. You and your BSI Client Manager will need to agree in advance, of future visits, when you are ready to be transitioned to the new Standard.

ISO 22301:2012 will supersede BS 25999-2. This means that any organization holding a certificate to BS 25999-2:2007 wishing to retain business continuity certification will need to demonstrate compliance to ISO 22301:2012. The deadline for BSI to ensure all of our clients are through transition is 31 May 2014, which means we are urging organisations to transfer to ISO 22301 by the end of March 2014 to allow time for our independent review process and certificate issue before the expiry date. It is important that you commence this process much earlier as failure to complete your transition by 31 May 2014, will result in the expiry of your certification.


What are the main changes?

  • First standard to be written using the new high level structure, which is common to all new management systems standards. This will allow easy integration when implementing more than one management system
  • Change in the way an organization is defined
  • Clearer expectations on management
  • Preventive action has been replaced with “actions to address risks and opportunities” and features earlier
  • ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics – aligning BC to top management strategic thinking