To some degree or another, we have all been thrown off course in 2020, and even as we move into 2021 the external business environment is getting no reprieve. From the enduring saga that is US politics through to the uncharted path that COVID-19 is now taking, Black Swan events are commonplace and uncertainty is not going away.
There is one school of thought that says ‘just hang in there’ business as usual will return by the spring (or was it autumn…), however, a more pragmatic view might be to recognise that we are forging our own ‘new normal’ of which COVID-19, or whatever succeeds it, is part of the narrative.
Historically Business Continuity was either a line-item in a job description or contracting document, or alternatively, a little known function attached to the C-Suite in a slightly convoluted way (and wheeled out once or twice a year for some testing and exercising). Sporadically those of us in this space saw spikes of interest after a major event, and occasionally in the run-up to a known event, though this was typically short-lived and quickly forgotten.
In March 2020 Google Trends showed such a spike in interest for Business Continuity, but this was short-lived.
Knowing what we now know, in the midst of a third lockdown with school reopening’s still uncertain and a vaccine programme in its infancy, is now finally the time to reflect on your Business Continuity and Resilience?
There is no ‘one size fits all’ and different organisations will have different starting points. Importantly however is being able to arrive at a position where there is a level of confidence that no matter what the coming months and years bring, your organisation has clarity on its purpose and the (availability of) critical components needed to deliver against it.
ISO 22301:2019 is as good a framework as any to reflect on this. Although ISO 27001:2013 also talks about Business Continuity, this is limited to information processing systems and third parties and does not take a wider organisational view. ISO 22301:2019 is the internationally recognised Business Continuity Management Systems Standard and specifies requirements to “plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise”.
As with all ISO Management Systems Standards, there are sector-specific drivers for certification. Notwithstanding this, Business Continuity should first and foremost be about enhancing the resiliency of your organisation, and this is something that can no longer be delayed.
This illustration is designed to help you consider where you currently stand when talking about resiliency.
(1) Demonstrates the effects of a low maturity crisis management plan with significant negative impact and effort to reign the situation under control, and return to a state of normality, if this is even attainable.
(2) Reflects on the value of considering Business Continuity as an embedded theme, and how this reduces the initial impact and effort of a crisis event and the time to recovery.
(3) Illustrates a comprehensive framework which recognises critical assets and processes, introduces appropriate controls to reduce any negative exposure, and subsequently demonstrates the reduced impact that a crisis event places on an organisation.
Organisations that take this proactive stance frequently cite their capacity to exploit crises and come out the other end stronger than before.
Regardless of the size of your organisation or the sector you serve, if you do not consider the continuity of your organisation then you are failing to prepare, and we all know what that means…
Do not hesitate to Contact Us to learn more about Business Continuity planning.