“Unprecedented times” is how the current situation is being constantly described, and no wonder – the Coronavirus has the world in its grip – and for many UK business, the future is looking uncertain. Whilst ISO 22301 business continuity management system will not guarantee survival, it will help when disaster strikes.
There is nothing more certain in life that, at some point, a catastrophe will land on the doorstep. For a business, understanding what these disasters could be and the response needed is all part of the ISO 22301 certification process.
The origins of ISO 22301
Whilst Coronavirus is clearly very serious with far-reaching consequences, it is not the first nor the last incident to befall countries and communities.
During the 1980s and early 1990s, businesses faced increased threats relating to natural disasters (which we still face today) and terrorist acts, again an event that could strike at any time. Previously, these kinds of catastrophes were very rare and almost unheard of. The increase in their frequency called for a response. One solution was ISO 22301.
ISO 22301 is specific to planning and preparation for ‘disaster’ and how a business would respond should the worse happen.
Business continuity means that an organisation or company, no matter how big or small, is agile enough to be able to adapt and change processes and systems to cope with disasters when they strike.
In the case of a natural disaster, for example, a business may be physically forced out of its premises but, with backups of systems, should be able to run, albeit at a reduced capacity, from other premises. They may also have to adapt the supply chain, including how orders are fulfilled.
However, to do all of this, companies need to have disaster planning and business continuity as part of their systems and processes.
ISO 22301 is, therefore, used as a demonstration of good practice. It will not stop a disaster, such as the unique situation we find ourselves in currently but it may stop a company from sinking further into the hole it creates.
ISO 22301 links with other standards including ISO 9001 quality management systems, the environmental standard ISO 14001 and ISO/IEC 27001 relating to information security. There are 10 main clauses as part of the standard including;
- Normative references
- Terms and definitions
- Context of the organisation
Clause 8 is the main body of the business continuity process. Completed risk assessments will help a business understand the risks in a structured way, informing the development of a business continuity strategy. Should an incident occur (or when an incident occurs), this plan ensures that the response is appropriate and escalated as needed.
Successful implementation of ISO 22301
For this standard to be a success for any business, the organisation needs to have thoroughly understood it and its requirements. Every line in the standard has meaning and our expert staff can help get the very best from this important standard.