ISO 22301

Business continuity (BC) is about minimizing disruption to the company’s operations and making sure that business is still viable during the force majeure, like of today, the COVID-19 outbreak.

Building the Business Continuity Strategy 

What is ISO 22301 and Business Continuity?

The ISO 22301 business continuity management standard talks about critical business functions that need to be defined to ensure that business is still viable in force majeure. It focuses on the maintenance of the continuous process of management and involves a thorough business impact analysis and risk assessment. After you identify potential threats that could lead to the disruption of your business, the next step is to analyze what potential damage it could pose, whether financial, reputational, or any other. Useful and timely reaction to incidents and elimination of outcomes make a BC strategy that involves the identification and implementation of the continuity procedures.

TOP-6 Threats to Business Continuity

After you identify potential threats that could lead to the disruption of your business, the next step is to analyze what potential damage it could pose, whether financial, reputational, or any other. Some of the crucial disruptions are the following: 

  • Cyberattacks
  • Data infringements
  • Adverse weather 
  • Unplanned IT failures
  • Interruption of supply chains
  • Pandemic

Reasons to have BCMS based on ISO 22301 certification as a competitive advantage:

  • Company reputation;
  • Faster recovery with lower disruption costs;
  • Identification of ineffective risk management controls;
  • Business process improvement catalyzation;
  • Higher ROI for an organization.

Creating a Business Continuity Management System for Your Organization

Four fundamental principles of BCMS:

1. Getting management support

For the initiative to be successful, it must be supported by C-executives or board management. Support from management ensures that the company will have all the necessary resources to start on creating and implementing the BCMS and that it will be consistent with the overall business strategy of the company. Management support will also help to promote continuous improvement of the BCMS and support throughout the organization.

2. Risk evaluation

Consider damage scenarios that may cause process disruption. They should be very specific to your organization. Here you should end up with the risk score that includes two points: the seriousness of an incident and likelihood of its occurrence.

3. BIA (Business impact analysis)

Identify your essential activities and resources and then define levels of severity of the business impact if those activities were disrupted or those resources unavailable. This will help you to further determine priorities for recovery after a disruption: how quickly will it take you to resume each activity after an incident.

4. Business Continuity Plan (BCP)

You will develop a BCP based on your risk evaluation and BIA. Its goal is to reach the stability of the situation after the disruption of the business process.

A BCP will include the following:

  • Contact details for suppliers, authorities, and other interested parties;
  • Call trees featuring key staff to ensure availability of the right competence;
  • Step-by-step checklists in case of specific events.

Please click here to get your personal trial tailored specifically for your needs.

How to Conduct Business Impact Analysis in ISO 22301 

During the business continuity management process, according to ISO 22301, companies use the BIA. It is about establishing, implementing, and maintaining an assessment process that helps to determine recovery priorities and continuity goals. The process should be documented. 

It should also include an evaluation of the impacts of disruptions that may affect the company’s products and services. 

The Basic Requirements for BIA according to ISO 22301:

  • identify activities that support the provision of products and services; 
  • assess the impacts over time of not performing these activities; 
  • set prioritized time frames when these activities could be resumed at a specified minimum acceptable level; consider the time within which the impacts of not resuming them would become unacceptable; 
  • identify resources for your company’s activities, such as outsource partners, suppliers, and other relevant parties. 

Building BCMS with Infopulse SCM

With Infopulse SCM, you will be able to manage BIA as a part of your ISMS.

Benefits that come with SCM supporting your BCM process:

  • import external relevant information for BIA, such as Analysis of downtime from CMDBs, or BIA data from other enterprise systems which refer to the business continuity management process
  • providing templates according to ISO 22301, requirements and instructions, general structures with the possibility to adopt to the individual need

Eventually, you will have all input data (such as asset structure model, correction to requirements, threats, safeguards) all in one place. 

ISO 22301 BIA Business impact analysis

Infopulse SCM you will help you to easily access the all the information around BCP and BCM, combining a standardized approach with your individual view:

  • Identify Assets and business processes, so the Asset Set/Structure is modeled;
  • Enter information for Assets of your project;
  • Define Protection needs for Assets/Objects. Assets with High/Very high protection will automatically be part of Risk Analysis;
  • Evaluate the downtime and input the results of RTO (Recovery Time Objective) and RPO (Recovery Point Objective) are input as Requirements.

Advantages of Implementing ISO 22301

The Infopulse SCM incorporates the set of features for quick and productive workflow establishment streamlining security and business continuity processes.

  • Disaster recovery and business continuity planning
  • Consolidation of all fragmented data into one platform (via integration with CMDB or manual entering). 
  • The step-by-step standard implementation guide for the process of compliance assessment according to BCMS policies.
  • Task management 
  • Dashboards
  • Customizable reporting 

An effective BCM assists in maintaining social responsibility, reaching accountability in the event of an incident, and securing information and networks. When using Infopulse SCM for establishing your BCM, you will be able to respond to unpredicted circumstances and make BC plans. 

Infopulse SCM is your assistant in aligning with the ISO 22301, security and data privacy standards, allowing you to arrange your BCMS holistically.

Request a trial


Benefit of free usage of the Infopulse SCM for 3 months to find out how the solution can optimize and streamline your compliance management. Please fill out this form, choose the standards and features you are most interested in. Our consultants will be glad to deliver a personalized webinar for you explaining step by step all the benefits of the SCM adoption.