Staying up and running with ISO 22301

10th July 2020

Darren Ward 19

The coronavirus outbreak has highlighted why a robust business continuity strategy is so important. I’m Darren Ward, business performance director at Wilson James, and I’m going to explain how certification to ISO 22301 has helped us maintain a consistent operation during this tumultuous time.

Coronavirus has affected organisations across the globe. Thankfully, Wilson James has, for the most part, managed to maintain consistently high standards of operational effectiveness. One of the key reasons that we have been able to weather the storm so successfully is thanks to our ISO 22301 certified business continuity management system (BCMS).

Protect and survive

ISO 22301 specifies the requirements for a BCMS to protect against, reduce the likelihood of, and ensure a business recovers from a disruptive incident. It provides a best practice framework for identifying potential threats and developing an appropriate strategy. To achieve certification an organisation must plan, establish, implement, operate, monitor, review, maintain and continually improve its BCMS, and have the right people and processes in place to respond to an incident. 

It is worth bearing in mind though that while the scale of disruption this pandemic has caused is unprecedented in living memory, there are many other threats to business operations. Acts of terrorism, natural disasters such as earthquakes and floods, downtime caused by power outages, loss of internet connectivity and cyberattacks are far more commonplace and can have a detrimental impact on operational effectiveness.

Thinking ahead

The role a BCMS plays in facilitating faster recovery times after an incident and reducing its impact while protecting brand and reputation is now widely accepted. This is because ISO 22301 places emphasis on the need for a well-defined incident response structure, so that when an event occurs responses are escalated in a timely manner and people are empowered to take necessary action.

ISO 22301 certification requires a thorough appraisal of a BCMS, so just over a year ago we appointed a specialist consultant to help identify all potential risks that could affect us during the implementation period and implement the specific process requirements.

Under the spotlight

Our ISO 22301 certification process was well underway by the middle of March and the Stage 1 assessment took place in our Westcliff office. At that time we hadn’t experienced any business continuity incidents, so the assessment was limited to our BCMS implementation. So far, so good.

Stage 2 was scheduled as an implementation review at our London office, but then the small matter of a global pandemic hit, meaning we had an unprecedented business continuity incident to deal with. The level of pre-planning already implemented enabled us to proactively deal with the situation by, for example, using Microsoft Teams to maintain a level of communication required to remotely manage our business. This also meant finishing Stage 2 during lockdown, with the scope of our assessment changing from a system audit to a full compliance review of any business continuity records generated during the pandemic. We also had to complete the assessment via a virtual meeting and BSI, our certification body, allocated a different auditor. This combined to make what should have been a relatively straightforward assessment process extremely challenging!

Parts of the process

It has been well worth it though – not just operationally but financially too. We have already made a return on our investment and will continue to make further savings over a relatively short timeframe. We are also now able to react in a more strategic way to any further unplanned events that threaten our business.

While ISO 22301 certification gives our stakeholders the confidence that we have an effective BCMS in place, just as importantly, it has enabled us to be there when our customers needed us most. It also makes it clear that Wilson James is a company that our employees and customers can rely on even in the toughest of times.

Damage limitation

‘It’ll never happen to us’ is an attitude that often prevails but every organisation will, at some point, have to respond to a disruptive incident that threatens their operation. The financial costs of poor planning could run into tens of thousands of pounds an hour, cause irreparable reputational damage or even mean going out of business altogether. As Wilson James’ experience during this time has shown, an ISO 22301 certified BCMS provides a best practice framework for identifying potential threats and developing a strategy to minimise disruption. We wouldn’t be without it.

While ISO 22301 certification gives our stakeholders the confidence that we have an effective BCMS in place, just as importantly, it has enabled us to be there when our customers needed us most. It also makes it clear that Wilson James is a company that our employees and customers can rely on even in the toughest of times.