It’s update season at CertiKit and following on from our recent launch of version 7 of our ISO/IEC 27001 toolkit we have now released version 3 of the equivalent ISO22301 product.
Existing customers will receive this as part of their 12 month update subscription provided as part of their original purchase. ISO22301 is an up and coming standard with a lot of interest internationally as organizations look to show that they have the capability to survive a disruptive event (and there are always plenty of those around!).
A fuller explanation of what we do to find out what our customers want is included in our ISO/IEC 27001 version 7 announcement but basically we’ve spent the last 12 months listening hard via direct discussions, email questions, feedback surveys and our own experience to identify the changes and improvements we needed to make to the ISO22301 toolkit. Thanks to everyone that contributed to that discussion.
Version 3 is a document by document improvement with further detail added where required, greater focus on meeting the exact requirements of the standard and the addition of further documents and forms where we felt they were warranted.
We have produced an ISO22301 version of our popular ISO27001 In Simple English which may help you to understand what the ISO really means when it says things like “the organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its BCMS” (and that’s just the first line of the standard).
In addition to the content improvements, we have also amended the naming convention to make it clearer which items are documents and which are forms, improved the labelling of tables and figures and removed the odd cosmetic item that proved unpopular.
Key documents such as the Risk Assessment and Treatment Process have been enhanced to give more context to risk assessments and the corresponding reports have been developed in line with this revised process. More detail about key business continuity targets has been added to the Business Impact Analysis Process and definitions of the main terms used in the standard added to the Business Impact Analysis Workbook.
Internal auditing and management review have been revamped with several new documents in this area, including an Internal Audit Checklist which gives an auditor a good starting point for what questions to ask during audit meetings.
A few documents that were peripheral to the requirements of the ISO22301 standard have been removed such as the Procedure for Continual Improvement, and their contents incorporated in other documents.
New documents added in Version 3 include:
We have also included more example documents with the contents completed so that the type of information needed is clearer.
The intention of this release is to make the process of gaining certification simpler to follow and more focussed on what needs to be done and we have tried to remove any distractions from this purpose. Customer feedback about the previous version was great and we’ve made sure we haven’t removed or altered anything that our customers particularly liked. Hopefully version 3 will build on this success and help many more organizations improve their business continuity and gain certification at the first attempt.