Managing risks such as natural disasters, power outages, cyber attacks, pandemics, human error and similar disruptive incidents means that organizations need effective business continuity management (BCM) to help them recover quickly from any such events.

ISO 22301: 2019 (Security and resilience – Business continuity management systems – Requirements) is an international standard that describes how to manage business continuity in an organization.

The focus of ISO 22301 is to ensure business continuity in the delivery of products and services following a disruptive incident. This is achieved by looking at business continuity priorities (through business impact analysis), which potential events can cause disruption and affect business operations (through risk assessment), defining what should be done to prevent such events from occurring, and then defining how to recover the minimum and normal operations in the shortest possible time. Strategies and solutions to be implemented are usually in the form of policies, procedures and technical/physical implementation (eg: facilities, software and equipment). The implementation of ISO 22301 will involve not only setting the organizational rules that are needed, but also developing plans and allocating technical and other resources to enable the continuity and recovery of business activities.

As a result of BCMS implementation and certification, organizations will:

• demonstrate that they protect life, property and the environment
• protect and enhance reputation and credibility
• contribute to competitive advantage by enabling them to operate during disruption
• reduce the costs incurred by disruptions and improve the ability to remain efficient during them
• contribute to overall organizational resilience
• strengthen the confidence of interested parties
• reduce legal and financial exposure
• demonstrate the ability to manage risk and address operational vulnerabilities.