Business Continuity | ISO 22301

Your guide to developing a fit-for-purpose business continuity plan

Apr. 11 2022

The Disaster Recovery Institute’s latest Trends and Predictions Report[1] lists its top risks for 2022. First on the list is no surprise: the Covid-19 pandemic. Its associated impacts are predicted to last longer than expected, with restricted movements and delayed return to work disrupting businesses even without more lockdowns.

Cyber threats come in as a close number two. Malware, ransomware and data breaches are on the rise, with criminals targeting companies that use outdated cybersecurity tools. And as our reliance on IT infrastructure soars, so does the risk of IT extended outages, the third risk on the report. This would include denial of access or use of essential IT services.

Meanwhile, natural disasters take fourth place on the list. Record-breaking temperatures, flooding, hurricanes and wildfires over the last few years indicate that extreme weather events are becoming both more frequent and severe.

To respond to these rapidly evolving threats, businesses should look to create a comprehensive, actionable business continuity plan (BCP) – and one that can keep pace.

How to create a business continuity plan: step-by-step

A BCP outlines the steps needed to build resilient operations that ensure that a business can continue its operations in the event of disruption. As business continuity risks take many forms, a holistic approach is necessary.

To develop a robust BCP, an organization needs to define all its internal business processes, including at a department-specific level. Then, it must perform a business impact analysis to determine priority, define continuity timing, highlight critical dates, and develop appropriate strategies. This analysis provides a solid foundation for the BCP, equipping the organization and its employees with a scenario-independent​ guide for continuing daily business.

In today’s business landscape, however, circumstances can change quickly. A BCP should thus be continually reviewed, tested and updated. Treating it as a static document could lead to poor outcomes. The BCI Crisis Management Report 2021, for example, found that 33% of organizations had a pre-pandemic crisis plan that was ineffective in dealing with Covid-19.[2]

When updating the BCP, an organization should ask key questions to address the full spectrum of risks. This could include:

  • How effective was the previous BCP, and what is no longer needed?
  • Have there been significant changes in terms of technology, vendors, business processes, personnel, or priorities?
  • Is the plan too rigid or too vague?

While frequently updating a BCP can help ensure that it remains fit for purpose, certification to ISO 22301 can strengthen it further.

ISO 22301: mitigating losses due to disruption

The ISO 22301 international Business Continuity Management System (BCMS) standard lays out the requirements for organizations to identify risk, implement controls and allocate responsibilities appropriately. Crucially, the standard considers stakeholders throughout the value chain, enhancing both the resilience of the organization’s entire ecosystem and its reputation. 

By certifying to ISO 22301, business continuity thinking is embedded in the organization, driving a culture of year-on-year process improvement. Moreover, the high-level framework of the standard, applicable to public and private companies of all sizes, makes it simple to integrate into existing ISO-based management systems.

How Bureau Veritas can help

A certified BCMS can enable organizations to recover more swiftly in the face of disruptions. On top of that, it can help minimize property risks and revenue losses, keep employees safe, and reduce risk of legal non-compliance. Bureau Veritas’ globally recognized ISO 22301 certification services demonstrate an organization’s commitment to excellence and reliability, while reassuring all stakeholders of its operational preparedness.