ISO TRANSITION

ISO 50001:2018 – Energy Management

---

ISO 50001:2018 replaces ISO 50001:2011. It adopts the ISO High-Level Structure (HLS), making it easier to integrate with other systems (e.g., ISO 9001 and ISO 14001). The standard drives a methodical, data-driven approach to continually improve energy performance.

What changed (key deltas from 2011):

HLS & system-wide updates

• Context and interested parties: Define internal/external issues and stakeholder needs that affect energy performance.
• Leadership: Stronger top-management accountability and resourcing.
• Risk and opportunity: Plan actions to address risks/opportunities that influence EnMS outcomes.
• Competence and communication: Clearer role-based competence; expanded internal and external communication.
• Operational planning and control: Tighter control of operations affecting energy performance, including change management.
• Monitoring, measurement, analysis, and evaluation: More prescriptive performance evaluation requirements.
• Management review: Expanded inputs/outputs aligned to HLS.

Energy-specific enhancements

• Energy review (strengthened): Method, criteria and outputs formalised.
• Energy Performance Indicators (EnPIs) and Energy Baseline (EnB): Mandatory, including rules for normalisation using relevant variables and static factors.
• Significant Energy Uses (SEUs): Identify, prioritise and control SEUs with objectives and action plans.
• Energy data collection planning: Define metering, frequency, accuracy, responsibilities and retention.
• Design & procurement: Built-in consideration of energy performance over the life cycle for equipment, processes and services.
• Terminology updates: Emphasis on “energy performance improvement”, “relevant variables”, “normalisation”, “EnPI value”; legacy terms such as “correction”, “preventive action”, “record”, and “procedure” are replaced by HLS equivalents (e.g., documented information, risk-based thinking).

What you should update now:

• Policy, scope & boundaries of the EnMS.
• Context and interested-party register plus legal/other requirements.
• Energy review methodology (criteria, data sources, SEU identification).
• EnB and EnPIs (with normalisation rules and recalculation triggers).
• SEU register with controls, objectives, targets and action plans.
• Energy data plan and metering (what/how/often/by whom; accuracy and calibration).
• Operational controls (including design and procurement criteria).
• Competence and awareness (operators, engineers, buyers, contractors).
• Performance evaluation (trend analysis, M&V of improvements).
• Internal audit programme aligned to ISO 50001:2018.
• Management review covering updated inputs/outputs.
• Records/evidence: Maintain 3–6 months of data showing the enhanced system works.

Transition with WWISE — 4 phases

Phase 1: Gap Analysis & Transition Plan

Map your 2011 system to 2018 requirements; confirm scope/boundaries, SEUs, EnPIs/EnB; build a dated transition plan tied to your certification body’s timeline.

Phase 2: Documentation & Data Infrastructure

Update policy, processes and forms; formalise the energy review, EnB/EnPIs rules, data-collection and metering plan; embed design/procurement energy criteria; refresh legal and risk registers.

Phase 3: Implementation, Training & Evidence

Roll out controls for SEUs; train roles (ops, maintenance, engineering, procurement); run internal audits and a management review; collect verified energy data and M&V evidence.

Phase 4: Transition Audit Support

Coordinate the transition audit with your accredited certification body, close any findings with corrective and preventive action, and secure your ISO 50001:2018 certificate.

ISO 22301:2019 – Business Continuity Management

---

ISO 22301:2019 aligns to the ISO High-Level Structure (HLS), making it simpler to integrate with ISO 9001/27001. The revision reduces prescription, focuses on performance, and gives you more flexibility to design a BCMS that fits your organisation.

What changed (key deltas):

• HLS adoption: New requirements for context, interested parties, leadership, and risk & opportunity management.
• BIA & risk assessment (clause 8): Clearer method expectations. Impact types and context-relevant criteria are mandatory, leading to prioritised activities, RTO/MBCO targets, and resource needs.
• Change management: Any BCMS changes must consider purpose, consequences, responsibilities, integrity, and resources.
• Documented information: Less “must-have procedures”; more freedom as long as controls are effective and evidenced.
• Performance and improvement: Stronger emphasis on measurable objectives, exercising/testing, evaluation, nonconformity/corrective and preventive action, and continual improvement.

What to update now:

• Context and stakeholders register (incl. legal/other requirements).
• BIA methodology and outputs: impact types/criteria, RTO/MTPD/MBCO, dependencies, resource needs.
• Risk assessment and treatment specific to continuity threats.
• Continuity strategies and solutions documented as practical, resourced options.
• Incident response and communications (internal, external, regulators/customers).
• Exercise and test programme with defined objectives, scenarios, and evaluation.
• KPIs and management review inputs/outputs aligned to 2019 requirements.
• Controlled change process for the BCMS.
• Evidence: keep 3–6 months of records to demonstrate effective operation.

Transition with WWISE — 4 phases

Phase 1: Gap Analysis & Transition Plan

Map 2012→2019, confirm BIA/risk methods, set RTO/MBCO targets, build a dated plan.

Phase 2: Documentation & Controls

Update policy, roles, BIA/risk procedures, incident/communication plans, exercise programme, KPIs, and change control.

Phase 3: Implementation, Training & Evidence

Run exercises/tests, internal audits, and management review; close findings with corrective and protective action; collect performance data.

Phase 4: Transition Audit Support

Coordinate with your accredited certification body, respond to nonconformities, and secure 2019 certification.

ISO 22000:2018 – Food Safety Management

---

ISO 22000:2018 adopts the ISO HLS and introduces a clearer split between organisation-level risk management and operational food-safety controls. It’s designed to integrate easily with ISO 9001/14001 and modernise your FSMS.

What changed (key deltas):

• HLS adoption: New clauses for context, interested parties, leadership, risk & opportunity, and enhanced communication.
• Dual PDCA cycles: One PDCA for the FSMS as a whole and one for operations (PRPs, hazard control plan).
• Risk vs hazard: Organisation-level risk-based thinking in addition to hazard analysis at process level.
• PRPs/OPRPs/CCPs clarified: Stronger requirements for classification, monitoring, verification, and validation within a documented hazard control plan.
• Outsourced processes & suppliers: More explicit control of externally provided processes, products and services.
• Scope & terms: Scope explicitly includes animal food/feed; manual is no longer mandatory focus is on documented information that proves control.

What to update now:

• Context and stakeholder analysis incl. regulatory mapping.
• Food Safety Policy and measurable objectives linked to risks and hazards.
• PRPs selection and maintenance (aligned to your sector).
• Hazard analysis and control plan: decision criteria for CCP vs OPRP, monitoring, verification, validation, and corrective actions.
• Traceability, recall/withdrawal and emergency preparedness (incl. communication).
• Control of external providers (approval, performance, specifications).
• Performance evaluation: trend analysis, internal audits, management review.
• Evidence: maintain 3–6 months of records to demonstrate control effectiveness.

Transition with WWISE — 4 phases

Phase 1: Gap Analysis & Transition Plan

Assess 2005→2018 gaps; confirm PRPs; review hazard analysis and CCP/OPRP logic; build a dated plan.

Phase 2: Documentation & HACCP Enhancements

Update policy, risk & objective setting, hazard control plan, traceability/recall, supplier controls, and communications.

Phase 3: Implementation, Training & Evidence

Train teams on PRPs, CCP/OPRP monitoring, verification/validation; run internal audits and a management review; capture operational records.

Phase 4: Certification Support

Prepare for the transition audit with your accredited certification body; resolve findings with corrective and preventive action and finalise certification.

ISO 20000-1:2018 Information Technology – Service Management

---

ISO/IEC 20000-1:2018 replaces the 2011 edition and adopts the ISO High-Level Structure (HLS). The revision is less prescriptive, more outcome-based, and easier to integrate with ISO 9001/27001/22301. It focuses on running an effective Service Management System (SMS) that consistently delivers value to customers and the business.

What changed (key deltas):

HLS and governance

• New/stronger requirements for context, interested parties, risk & opportunity, leadership, objectives, competence, communication, performance evaluation, and improvement.
• Reduced “must-have” procedures; the emphasis is on effective controls and documented information that proves they work.

Service management content (clause 8 themes):

• Service portfolio and catalogue management formalised; clear linkage to SLAs/OLAs/underpinning contracts.
• Supply and demand management added/strengthened (forecasting, capacity, financials).
• Asset and configuration management remains, but a specific CMDB is not mandated—maintain reliable configuration information in a form that suits your environment.
• Capacity and availability management required, but stand-alone “plans/policies” are not explicitly mandatory—you must still demonstrate analysis, targets, and results.
• Service reporting requirements refocused on relevant, accurate, decision-useful metrics.
• End-to-end lifecycle controls clarified: requirements for new/changed services, design and transition, change, release and deployment, incident and request fulfilment, problem, continuity, information security, supplier, budgeting and accounting, and measurement and reporting.

What to update now:

• Context and scope of the SMS (incl. shared services and outsourced providers).
• Stakeholder and obligation register (legal, regulatory, contractual).
• Risk and opportunity approach for the SMS and service delivery.
• Service portfolio and catalogue with traceability to SLRs/SLAs/OLAs/UCs.
• Operational controls: change, release, incident, request, problem, continuity, capacity/performance, availability, supplier, and security.
• Asset/configuration information (baseline, ownership, accuracy controls).
• Service reporting and KPIs tied to business and customer outcomes.
• Competence and awareness, internal audit, management review, and continual improvement/ corrective and preventive action.
• Evidence window: keep 3–6 months of records to demonstrate effective operation before the transition audit.

Transition with WWISE — 4 phases

Phase 1: Gap Analysis & Transition Plan

Map 2011→2018 requirements, review portfolio/catalogue, SLAs, operational controls, risks, and reporting. Produce a dated transition plan.

Phase 2: Documentation & Control Refresh

Update policy, scope, roles/RACI, risk and objectives, supplier controls, lifecycle procedures, service reporting, and documented information (only what is needed to prove control).

Phase 3: Implementation, Training & Evidence

Embed refreshed processes, run service reports and reviews, deliver role-based training, execute internal audits, hold a management review, and close findings with corrective and preventive action.

Phase 4: Certification Support

Coordinate the transition audit with your accredited certification body, address non-conformities, and secure ISO/IEC 20000-1:2018 certification.