ISO 22301 specifies the requirements for a BCMS to protect against, reduce the likelihood of, and ensure a business recovers from a disruptive incident. It provides a best practice framework for identifying potential threats and developing an appropriate strategy. To achieve certification an organisation must plan, establish, implement, operate, monitor, review, maintain and continually improve its BCMS, and have the right people and processes in place to respond to an incident.
It is worth bearing in mind though that while the scale of disruption this pandemic has caused is unprecedented in living memory, there are many other threats to business operations. Acts of terrorism, natural disasters such as earthquakes and floods, downtime caused by power outages, loss of internet connectivity and cyberattacks are far more commonplace and can have a detrimental impact on operational effectiveness.