Skip to main content

The world is more uncertain than ever in recent history. Had we written this article prior to 2021, its relevance might have been minimal. Today, somewhat, unfortunately, it is extremely important. Business continuity has risen in importance to become one of the most significant and consequential priorities.

From Brexit to Covid-19, the war in eastern Europe to a container ship blocking one of the world’s main shipping routes, businesses have had to deal with one emergency after another. Unfortunately, no enterprise can hope to survive in the long term just by putting out the fires whenever they arise.

Being prepared to handle different emergencies, sometimes simultaneously, is vital in order to keep your business moving forward. 

Predicting the future is impossible, but ISO 22301 provides the next best option.

ISO 22301 explained

ISO 22301:2019 Security and resilience – Business continuity management systems is an international standard created by the International Standards Organisation (ISO). 

As with most other ISO standards, it provides users with a structured, proven, and professional way to prepare an organisation to handle business continuity during times of uncertainty.

What’s the process of becoming ISO 22301 certified?

To attain the ISO 22301 standard for your organisation, you will need to carry out analysis and assessments on your existing operations, and then develop strategies and plans to handle different situations and emergencies.

STEP can help provide the necessary expertise to guide your business or entity through the entire process, up to and including certification.

The main stages of ISO 22301 are:

Business impact analysis

This stage involves finding out what the overall impact on your business would be if one or more processes or activities are suddenly halted. Through the analysis, we will identify the most crucial operations within your organisation and estimate the maximum affordable disruption and subsequent recovery times.

Business risk assessment

To carry out this assessment, we would need to identify potential risks and rank them according to likelihood. For each risk, we would develop a plan of action, allowing us to identify potential vulnerabilities such as good shortages or currency fluctuations.

Developing continuity strategies

A calamity has befallen your business, what happens next? Answering this question is the main objective of this stage. Once we have identified risks and vulnerabilities in the previous stage, we must now create or enhance strategies to mitigate them.

Setting up recovery plans

With strategies in place, we now need to lay out practical and effective plans to recover from the calamity and return to a situation that is as close to normal as possible.

Carrying out business continuity exercises

Planning and theorising can only get you so far. At this stage, we simulate various scenarios to confirm that the strategies and recovery plans can be carried out appropriately.

This stage is similar to fire drills in offices or evacuation drills on aircraft, providing valuable insight into previously unseen vulnerabilities and allowing all those involved to understand the impact of their action or inaction.

Is your business going to survive the next calamity?

This really depends on what you do after reading this article.

If you wish to find out more about the benefits of ISO 22301 on your business, we invite you to get in touch with one of our representatives.

Let's talk ISO

Fyll i detta formulär så kontaktar vi dig snart


    Drop your details below and we’ll be in touch


      Drop your details below and we’ll be in touch


        Sign up to our newsletter

        Receive information about the latest ISO standards, best practices, quality and information security & management tips.