Let’s start off by explaining what is meant by business continuity and then we will get into what ISO 22301 is all about. Business continuity in short describes how any business or organisation plans to function in the aftermath of a major disaster or severe disruption that affects that business. The ability for a business to become fully functional after a serious incident occurs is paramount, and the speed at which this happens depends mainly on how well it has prepared before the event occurs.
The concept of managing the expectations of this type of disaster recovery falls on the whole company and having the right management systems established is a great place to start.
The International Organization of Standardization or ISO established a management standard which any business can use to ensure that it is ready and able to recover from a major event or disaster as quickly as possible. The management standard that covers business continuity is called ISO 22301.
What is ISO 22301?
ISO 22301 is a societal security and business continuity management system that establishes requirements and processes that every business should have in place to ensure that it is ready in the event of a disaster. Additionally, there are also a number of other standards within the ISO 22300 family that are available to support the business.
There are three main areas that the ISO 22301 continuity management system deals with and they are:
Resilience
The ability of a business to sustain normal functionality in the event of a severe disruption or disaster. The key to this has to be the availability and implementation of an infrastructure that includes redundant capacity.
Recovery
The ability to restore critical and secondary systems as quickly as possible is paramount without regard to the cause.
Contingency
A well-made contingency plan has to include the ability to maintain full capability taking into consideration any and all possible disasters, even if what happens was never on the company radar.
What types of disaster are covered in the management system?
Disasters or severe disruptions that can affect a business can vary and don’t necessarily have to occur in the immediate geographical area of the business. There are several different types of disaster such as; fire, flood, storms, earthquakes and other damaging structural events. However, there are other disasters that can also have catastrophic consequences to a business such as major server failures, computer virus infections (ransomware attacks) and even loss of key personnel. There are also some non-company events that can cause serious concerns such as major supplier issues, damage to businesses reputation (press and social media) and even a crash on the stock market.
Should disaster planning be optional?
Having a well-developed disaster plan based on a tried and tested management system such as ISO 22301 should be a part of every business plan and if it isn’t there is a high probability that a business may struggle to, or perhaps never recover from even a minor disaster.
If you are still considering your options, remember that while the size, scope and complexity of a business will play a big role in the overall cost of a contingency plan, it really isn’t a matter of should you, it is more about why wouldn’t you have one.
World-class quality management frameworks
Quality Management Systems deliver a comprehensive range of world-class business continuity management frameworks, auditing, training and software solutions to organisations wishing to enhance business continuity protocols, build robust disaster recovery plans, support business-critical processes, and achieve ISO 22301 certification quickly and efficiently.
If you would like to learn more about our disaster management systems, and how we can help you develop world-class processes please get in touch today.
Further reading…
More information about the ISO 22301 … here →