Business continuity is essential to any organisation’s cyber security practices, and those adopting its principles should follow the requirements of ISO 22301, the international standard that describes best practice for a business continuity management system (BCMS). The 2018 Horizon Scan Report found that 70% of respondents now use the Standard, which suggests that organisations are beginning to appreciate its importance.
However, only 16% of these organisations have actually certified to ISO 22301; the other 54% use it simply as a guideline for their BCMS. This is hard to justify – if an organisation goes to the effort of implementing the Standard’s requirements, why shouldn’t it reap the benefits of certification?
Organisations that certify to ISO 22301 can:
- Prove to existing and potential clients that they have an effective BCMS. Without documented proof, clients will have to take the organisation’s word for it, which is rarely effective;
- Obtain an independent opinion about their security posture. Accredited certification involves regular reviews and internal audits of the BCMS to make sure it continually improves; and
- Meet regulatory requirements. The EU General Data Protection Regulation (GDPR) and the NIS Directive state that organisations must implement incident response capabilities. Certification to ISO 22301 provides a best practice approach to business continuity.
With both the GDPR and NIS Directive taking effect in May 2018, this final point is especially relevant, and organisations that already follow ISO 22301 will be better prepared to meet their requirements.
To find out how you can implement an ISO 22301-compliant BCMS, take a look at our free green paper: Business Continuity Management – The nine-step approach.
- How to implement a BCMS;
- The issues you need to consider;
- The roles that your employees will play; and
- How to measure, monitor and review your BCMS.