Business continuity (BC) is about minimizing disruption to the company’s operations and making sure that business is still viable during the force majeure, like of today, the COVID-19 outbreak. BC has a significant foot in the camp of cyber resilience. This is because any info systems disruptions caused by cyber or any other form of threat are central to what BC is about today.
TOP-6 disruption threats:
- Data infringements
- Adverse weather
- Unplanned IT failures
- Interruption of supply chains
What is ISO 22301 and Business Continuity?
The ISO 22301 business continuity management standard talks about critical business functions that need to be defined to ensure that business is still viable in force majeure. It focuses on the maintenance of the continuous process of management and involves a thorough business impact analysis and risk assessment. After you identify potential threats that could lead to the disruption of your business, the next step is to analyze what potential damage it could pose, whether financial, reputational, or any other. Useful and timely reaction to incidents and elimination of outcomes make a BC strategy that involves the identification and implementation of the continuity procedures.
Creating a Business Continuity Management System for Your Organization
Four fundamental principles of BCMS:
1. Getting management support
For the initiative to be successful, it must be supported by C-executives or board management. Support from management ensures that the company will have all the necessary resources to start on creating and implementing the BCMS and that it will be consistent with the overall business strategy of the company. Management support will also help to promote continuous improvement of the BCMS and support throughout the organization.
2. Risk evaluation
Consider damage scenarios that may cause process disruption. They should be very specific to your organization. Here you should end up with the risk score that includes two points: the seriousness of an incident and likelihood of its occurrence.
3. BIA (Business impact analysis)
Identify your essential activities and resources and then define levels of severity of the business impact if those activities were disrupted or those resources unavailable. This will help you to further determine priorities for recovery after a disruption: how quickly will it take you to resume each activity after an incident.
4. Business Continuity Plan (BCP)
You will develop a BCP based on your risk evaluation and BIA. Its goal is to reach the stability of the situation after the disruption of the business process.
A BCP will include the following:
- Contact details for suppliers, authorities, and other interested parties;
- Call trees featuring key staff to ensure availability of the right competence;
- Step-by-step checklists in case of specific events.
5. Practical Implementation of BCMS
You can successfully apply all the steps described above with Infopulse SCM. It will allow you to holistically and efficiently create and manage your BCP.
Please click here to get your personal trial tailored specifically for your needs.
Successful Implementation of ISO 22301
During the business continuity management process, according to ISO 22301, companies use the BIA. It is about establishing, implementing, and maintaining an assessment process that helps to determine recovery priorities and continuity goals. The process should be documented.
It should also include an evaluation of the impacts of disruptions that may affect the company’s products and services.
The basic requirements for Business Impact Analysis according to ISO 22301 are as follows:
- identify activities that support the provision of products and services;
- assess the impacts over time of not performing these activities;
- set prioritized time frames when these activities could be resumed at a specified minimum acceptable level; consider the time within which the impacts of not resuming them would become unacceptable;
- identify resources for your company’s activities, such as outsource partners, suppliers, and other relevant parties.
Building BCMS with Infopulse SCM
Benefits that come with SCM supporting your BCM process:
- import external relevant information for BIA, such as Analysis of downtime from CMDBs, or BIA data from other enterprise systems which refer to the business continuity management process
- providing templates according to ISO 22301, requirements and instructions, general structures with the possibility to adopt to the individual need
Eventually, you will have all input data (such as asset structure model, correction to requirements, threats, safeguards) all in one place.
Infopulse SCM you will help you to easily access the all the information around BCP and BCM, combining a standardized approach with your individual view:
- Identify Assets and business processes, so the Asset Set/Structure is modeled;
- Enter information for Assets of your project;
- Define Protection needs for Assets/Objects. Assets with High/Very high protection will automatically be part of Risk Analysis;
- Evaluate the downtime and input the results of RTO (Recovery Time Objective) and RPO (Recovery Point Objective) are input as Requirements.
Benefits of Implementing ISO 22301
The Infopulse SCM incorporates the set of features for quick and productive workflow establishment streamlining security and business continuity processes.
At the stage of disaster recovery and business continuity planning, you will be able to consolidate all fragmented data into the one platform (via integration with CMDB or manual entering). The process of compliance assessment according to BCMS policies and targets is supported by the step-by-step standard implementation guide. Task management, alerts, dashboards, and customizable reporting will help you streamline all-around BCMS operations.
In terms of corporate governance, an effective BCM assists in maintaining social responsibility, reaching accountability in the event of an incident, and securing information and networks. When using Infopulse SCM for establishing your BCM, you will be able to respond to unpredicted circumstances and make BC plans.
Reasons to have BCM based on ISO 22301 certification as a competitive advantage:
- Company reputation;
- Faster recovery with lower disruption costs;
- Identification of ineffective risk management controls;
- Business process improvement catalyzation;
- Higher ROI for an organization.
Infopulse SCM is your assistant in aligning with the ISO 22301, security and data privacy standards, allowing you to arrange your BCMS holistically.
Effective and easy-to-use IT security management system based on the latest standards and regulations — from planning and establishing the security concept to certification.