Business continuity is essential to any organisation’s cyber security practices, and those adopting its principles should follow the requirements of ISO 22301, the international standard that describes best practice for a BCMS (business continuity management system).
The 2021 Horizon Scan Report found that two thirds of respondents now use the Standard, which suggests that organisations appreciate its importance.
However, only 12.5% of these organisations have actually certified to ISO 22301; the other 52.4% use it simply as a guideline.
This is hard to justify – if an organisation goes to the effort of implementing the Standard’s requirements, why shouldn’t it reap the benefits of certification?
If you’re unsure exactly what those are, we explain everything you need to know in this blog.
Benefits of ISO 22301 certification
Organisations that certify to ISO 22301 can:
- Prove to existing and potential clients that they have an effective BCMS. Without documented proof, clients will have to take the organisation’s word for it, which is rarely effective;
- Obtain an independent opinion about their security posture. Accredited certification involves regular reviews and internal audits of the BCMS to make sure it continually improves; and
- Meet regulatory requirements. The GDPR (General Data Protection Regulation) and the NIS Directive state that organisations must implement incident response capabilities. Certification to ISO 22301 provides a best practice approach to business continuity.
ISO 22301 and COVID-19
If organisations needed any more evidence of the benefits of ISO 22301, they needn’t look any further than the fallout of COVID-19.
With staff required to work from home where possible, many employers were left scrambling to put together the necessary tools and resources.
The solutions have often been haphazard, with inefficient work processes that affect productivity and expose the organisation to a variety of cyber security threats.
However, organisations that had a BCMS were able to quickly adapt and get on with work with only a small delay.
Free download: Business Continuity and ISO 22301 – Preparing for disruption
You can find out more about the Standard by downloading our free green paper: Business Continuity and ISO 22301 – Preparing for disruption.
It explains the key components of best-practice business continuity management and our step-by-step approach to implementing a BCMS in line with ISO 22301’s requirements.
Although coronavirus is a once-in-a-lifetime disaster (one hopes, anyway), there are plenty of other events that could cause similar problems, so organisations must be prepared.
For example, a snowstorm could knock out your electrical supply, or an electrical fire could damage your premises. These are both incidents that will leave your staff unable to work from the office, so you’ll need to find an alternative.
Fortunately, you now have first-hand experience of how to deal with this threat, but you need to ensure those lessons aren’t forgotten over time. The best way to do that is to document your response strategy as part of a BCMS.
How to create a BCMS
You can find out more about this topic by reading ISO 22301:2019 – An introduction to a business continuity management system (BCMS).
Written by IT Governance’s founder and chief executive, Alan Calder, this guide provides an easy-to-read and straightforward introduction to business continuity management, which will help organisations of all sizes get their implementation project started.
It covers the basics of businesses continuity, including key terms and definitions, before going on to explain ISO 22301’s compliance requirements and how you can certify to the Standard.
A version of this blog was originally published on 22 March 2018.