All insights
ArticleArticle · ISO 22301in the ISO 22301 series

Preparing for the Next ISO 22301: What's Actually Confirmed (and What Isn't)

A next edition of ISO 22301 is in the works, but the facts are narrower than the headlines suggest: the current standard is still 22301:2019 plus a 2024 climate-action amendment, and the revision project has no publication date. What's confirmed, what to do now, and what to ignore.

The BCM DeskBCMStack Editorial · Riyadh
10 June 20264 min read

Every few years a management-system standard generates a wave of "the new version is coming" content well ahead of any actual change. ISO 22301 is in that phase now. The responsible position is to separate what is confirmed from what is speculation, because acting on the speculation wastes effort — and acting on the one confirmed change is genuinely worthwhile.

This article sits under our ISO 22301 implementation guide and gives you the honest state of play.

What's actually confirmed

Three facts, and only three:

  1. The current standard is still ISO 22301:2019. There is no 2024 or 2025 replacement edition. If you are certified, you are certified to 22301:2019.
  2. A climate-action amendment exists. ISO published Amendment 1:2024 (Climate action changes) across its management-system standards, including 22301. It adds explicit consideration of climate as a relevant issue in the management system's context. This is real, it's current, and it's small.
  3. A next-edition project has been approved. ISO/TC 292 (the committee that owns 22301) has approved development of the next edition — but as of early 2026 there is no published committee draft with public detail and no confirmed publication date.

What to do now (the one thing that's real)

The actionable item today is Amendment 1:2024, not the hypothetical next edition. The climate amendment asks you to consider whether climate change is a relevant issue for your organisation and interested parties — which, for a business-continuity management system, it plainly can be (regional weather, power, water, supply-chain and facility exposure).

This is a light touch in practice:

  • Add climate to the issues you assess in your context of the organisation (the §4.1 analysis).
  • Make sure climate-driven disruption scenarios appear where relevant in your risk assessment and BIA — regional weather and infrastructure events, not just IT and cyber.
  • Record the consideration. An auditor checking Amendment 1 wants to see you thought about it, not that you rebuilt the BCMS.

If your continuity scenarios already include regional environmental events, you are most of the way there — this is a documentation-and-traceability task, not a redesign.

What to expect from the next edition (directionally)

Without a published draft, specifics would be invention. What can be said directionally — based on how ISO/TC 292 and parallel management-system revisions are moving — is that revisions of this generation tend to:

  • Embed sustainability and climate considerations more firmly (consistent with Amendment 1's direction).
  • Position risk as a strategic discipline rather than a supporting activity.
  • Tighten alignment with the shared harmonised structure used across ISO management-system standards.

Treat all of that as a weather forecast, not a plan. The moment a committee draft is published, it becomes possible to do real gap work; until then, the best preparation is a clean, well-run 22301:2019 system, because a strong current baseline always transitions more easily than a weak one.

The honest preparation checklist

  1. 1

    Stay on a clean 22301:2019 baseline

    The single best preparation for any future revision is a current system that's actually maintained — exercised plans, fresh BIAs, real management reviews. Revisions reward strong baselines.

  2. 2

    Adopt Amendment 1 (climate) now

    Add climate to your context analysis and ensure climate-driven scenarios appear in your risk and BIA work. Document it. This is the one confirmed, actionable change.

  3. 3

    Monitor ISO/TC 292, don't pre-build

    Watch for the committee draft. Don't spend budget preparing against clauses that don't exist yet.

  4. 4

    Keep your evidence regenerable

    When the next edition lands, the institutions that transition fastest will be the ones whose BCM evidence comes from a single maintained system, not a folder of stale documents.

Where this connects

For the current standard end to end, see the ISO 22301 implementation guide; for the certification mechanics, the Stage 1 vs Stage 2 audit guide; and for the KSA regulatory overlay, how to implement ISO 22301 in Saudi Arabia.

The headline to resist: there is no "ISO 22301:2026" to prepare against yet. The work that pays off now is adopting the climate amendment and keeping your 2019 system genuinely healthy.

Read the pillar

ISO 22301:2019 Implementation Guide — From Clause 4 to Certificate

A practitioner's walk-through of ISO 22301:2019: every clause explained, the certification path, the gaps auditors find most often, and how to operationalise the standard.

Open guide

Related reading

Article5 min read

ISO 22301 §9.3 Management Review: A Template That Survives Audit

Management review is one of the most under-invested clauses in ISO 22301 — and one of the most-sampled. A practical template covering required inputs, decision capture and outputs.

Read article
Article7 min read

The BCM Lifecycle Explained: From Policy to Continual Improvement

The BCM lifecycle is the operating rhythm of every BCMS — the cycle that keeps plans, BIAs, exercises and reviews in motion together. A practical walk-through of the six phases.

Read article
Article5 min read

ISO 22301 Stage 1 vs Stage 2 Audit: What Each Auditor Actually Does

Stage 1 is documentation. Stage 2 is operational. Knowing the difference — and what each auditor will ask for — is the difference between a clean certification and an avoidable major finding.

Read article

BCMStack platform

Put what you've just read into practice.

Native ISO 22301 §8.4.4 plans, ISO 22398 exercise programme, SAMA-mapped reporting. Built for KSA & GCC continuity teams.

Request access