In today’s interconnected world, we need to protect ourselves from threats that range from technical failures through to pandemics. It is crucial to have a robust and resilient business that can quickly respond and recover from any kind of disaster and continue to operate in even the toughest of unforeseen circumstances.
BSI championed the global standard for Business Continuity (ISO 22301)
ISO 22301 is the international standard for Business Continuity Management which was originally published by BSI as the Business Continuity Standard BS 25999-2 in 2007.
BSI understands resilience and continuity planning. We know how important it is for organizations to have a documented process to mitigate, prepare, respond, recover, and manage the impacts of any disruption to an organization.
Your Business Continuity Journey
Our business continuity consultancy services can be divided into four key phases.
Whether you are just starting out on your Business Continuity journey, or looking to enhance your current knowledge and capabilities, our expert team can help you get ready.
We offer customized packages to guide you through the journey of planning, establishing, implementing, operating, monitoring, reviewing, maintaining, and continually improving your Business Continuity Policies and Procedures.
If you are looking to align or certify with ISO 22301 then we can support you in the development of a Business Continuity Management System (BCMS).
Developing effective business continuity for your organisation begins with gaining a thorough understanding of your organization’s business and its current business continuity capability maturity level. In this first phase, we assess whether your Business Continuity implementation is providing you with effective redundancy and resilience.
BSI will develop an understanding of your organization’s requirements, gaps, constraints, and features to design a tailor-made roadmap. This will allow you to grow your organisation’s business continuity capability. The following steps are performed as a part of this phase:
- Determine the scope of the business continuity management system
- Carry out a gap analysis against a recognised standard such as ISO 22301 and present the findings in a gap analysis report
- Identify Key Performance Indicators (KPIs) to assess the progress or maturity of your Business Continuity activities
- Develop a prioritised roadmap of activities and tasks
A core input into an effective business continuity program is the establishment of processes that methodically analyse business impacts and assess the risks of disruption. BSI will work with you to identify and assess criticality and estimate downtime of your organization’s essential services. The outcome will provide you with options to determine your business continuity strategy, solutions, policies, plans and procedures. The following steps are performed as a part of this phase:
- Business impact analysis (BIA) workshops
- Perform service/activity prioritization to confirm impact following a disruptive incident
- Identify system resource recovery time objectives (RTOs)
- Identify data recovery point objectives (RPOs)
- Perform a business continuity risk assessment
- Identify risk mitigation strategies
- Identify appropriate strategies and solutions to determine how continuity can be achieved in the event of an incident
- Determine business continuity plans and procedures
Having agreed the business continuity strategy, BSI will support your organization in developing, implementing and maintaining key business continuity plans and procedures. The following steps are performed as a part of this phase:
- Develop or update your business continuity plans
- Guidance on the Implementation of suitable controls from a recognised standard such as ISO 22301
- Launch a business continuity maintenance and enhancement program
- Establishment of an incident response framework that specifies the essential resources, procedures and activities
Establish a scenario testing program with customized tabletop exercises to ensure business continuity plans are fit for purpose.
For organisations that have mature Business Continuity implementations and are interested in preparing for certification or aligning with the ISO 22301 standard, BSI will assist by carrying out an internal audit review of the Business Continuity environment.
This will help to assess your organization’s preparedness for external certification and demonstrate that business continuity best practice is at the forefront of what you do. The following steps are performed as a part of this phase:
- Review your current business continuity management system against ISO 22301
- Assess the implementation of the procedures and controls within your organization to make sure that they are working effectively
- Produce internal audit report showing level of conformity to the standard or develop a certification readiness report with recommendations on steps that need to be taken to meet the certification criteria