The ISO 22301 standard is the latest and pre-eminent standard for business continuity. Whereas the ISO 27001 standard covers information and technological systems, ISO 22301 aims to address every conceivable cause of disruption to a business. It’s a continual process using the Plan-Do-Check-Act model. In this blog, I’ll cover what ISO 22301 is and of what advantage it can be to your business.
Anything can go wrong
Business continuity is more than just recovering from a technological or informational disaster. Factors such as economic downturn, fraud, staff cutbacks or even mergers can affect continuity significantly. ISO 22301 aims to preemptively identify possible types of disruptions and implement solutions that are ready to kick into action as and when the need arises.
Understanding the organisation
The key to business continuity is understanding the intricacies that make it tick. A novel approach that we use is to break the business down into locations (people, assets, vendors, suppliers and service providers) and services (processes and functions). All C-level staff need to bring their part in piecing the puzzle together in order to get the full picture of your business and identify the loopholes that could lead to a disruption in business continuity.
Continuous improvement means well-preparedness
Even the most well-written and thought-out plans can go wrong, thus it’s essential to regularly schedule and simulate plans and maintenance events. There’s no sense in having a backup power generator that has no fuel or hasn’t been tested because when the power goes out, everyone will be left in the dark. Continuous auditing reveals areas where improvement can be made and keeps plans up to date and relevant.
Planning and consultation
In this phase, after the Business Impact Analysis (BIA) and Risk Analysis (RA) has been done, plans can be devised to counter threats to continuity. An often missed opportunity to get concise and accurate information is from staff themselves. Having worked in the motor industry before, I know that workers often devise ways to make processes more efficient and safe. An added benefit is cost-cutting: even the smallest change can translate into big savings.
Evaluation is the phase where everything is analysed and then re-evaluated against new developments or changes in the business. Response times, delays, safety hazards and effectiveness are all monitored. Return On Investment (ROI) exercises are useful in convincing your Chief Financial Officer (CFO) to invest in that much-needed new piece of server hardware.
ISO 22301 has many benefits
Even though the ISO 22301 standard is quite extensive and fairly complex it can be used to your advantage in simple ways. From leadership to continuous improvement, the phases of ISO 22301 need to be managed and supported. Cost-cutting, improved processes and turnover, better staff morale are just some of the benefits and effects of an effective business continuity system. With the advent of cloud technology and mobility, ISO 22301 is set to take business continuity to new and unprecedented levels.