Safety and resilience with the new ISO 22301:2019 standard
The full name of this standard is ISO 22301:2019 Security and resilience – Business continuity management systems – Requirements. The standard was developed by leading experts in the field of business continuity management.
An important feature that makes this standard different from other business continuity standards (BCMS) is the possibility of recognition by a certified body so that organizations can prove to customers, partners, owners, and other stakeholders that they are being compliant with the standard.
The benefits of Business Continuity
If properly implemented, the ISO 22301:2019 will reduce the risk of disruptive incidents and ensure that, if suddenly a disruption occurs, organizations can respond appropriately and continue business activities during the disruption. This is in order to ensure or pursue that potential damage to financial, life, property, and/or the environment for the stakeholder(s) internally or externally as a result of disruption is kept to a minimum.
Consequences still mild for non-profit
In the Netherlands, it has so far been limited to administrative sanctions as a warning. In the past year, many of these limited fines have already been imposed on non-profit organizations such as municipalities, hospitals and ministries. For now, the amounts are still relatively easy to pay. But administrators are frightened by this and become aware of the risks they run. That is why most fined organizations take costly measures to get rid of this ‘hassle’ for now and in the future.
For commercial companies, the consequences of calamities are often much more serious. They face an average of 10% to 20% loss of revenue due to reputational damage alone, so without the cost of technically solving the problems. In such an incident, you see that many important customers also drop out immediately, even before it is clear where the blame is.
Supply chain responsibility
The partial or complete loss of service can cause a chain reaction in the chain. For example, many companies process data for their customers, which can lead to a huge wave of liability issues and claims, leaving the company in question barely standing.
Spreadsheets offer false security
Although there has been an upward trend in recent months in the number of incidents related to calamities and business continuity that make the news, many companies claim to have things reasonably under control. But is that really the case?
Would you have thought that a pandemic would have so much impact on your services or within your chain responsibility? Did you have the right insights and management information available?
Are you also convinced that digging up all the information from different organizational layers in facts afterwards has little or no benefit? Unfortunately, the suffering has already happened.
Good Business Continuity Management
If you, as management, really want to be on top of all conscious or unconscious calamities, then you need the right (proper?) tools for that. With well-thought-out integral risk management, you proactively put your finger on the sore spot before it becomes a problem. Continuous insight into all Risk & Compliance factors within the organization is indispensable.
A good GRC management software package responds precisely to this much-needed assurance. It enables you to record and check what you want to comply with as an organization and what you have to comply with according to all laws and regulations.Request a demo
Continuous insight trough GRCcontrol
GRCcontrol from CompLions is the simplest solution to this problem. Because GRCcontrol offers an extensive set of smart assessment tools, in which all data from the organization come together. These are automatically coordinated so that different compliance processes can be executed simultaneously. Overlapping requirements in, for example, the ISO 22301:2019, GDPR and other ISO guidelines are recognized and bundled so they only need to be assessed once. This process is easy to monitor via dynamic files.
GRCcontrol thus offers all possible tools for the complete management of information security; by identifying possible threats and risks, proposing appropriate precautions and regulating continuous internal review.
Another advantage: a GRC tool immediately leads to better decision-making within the policy frameworks around business continuity and provides clarity about what budget and resources are needed to improve compliance. We often see that budgeting in this area is still a rather grey and unclear area, which means that measures are postponed for too long. On the contrary, this tool forces action.Request a demo
Grip on regulation
In contrast to many other compliance packages on the market, companies immediately purchase a piece of thinking with the GRCcontrol modules; it shows the way through all current laws, regulations, the GDPR and other compliance issues such as, the government letter issued in February 2020 on business continuity within healthcare. It goes without saying that all sectors and segments are highly dependent on IT. This means that the letter from the government applies to all companies where a failure of the ICT can lead to major calamities.
It also deduplicates all laws and frameworks that apply to your organization. As a result, you only need to perform certain actions once and they are automatically applied across the entire organization.
This saves an enormous amount of time and uncertainty!
Of course, despite such a tool, you cannot always prevent a calamity. For example, a pandemic, water damage, power outages, ICT failures, or unavailability of personnel can cause a lot of problems. But because you have already managed to lift internal compliance to a higher level, you are on top of it and you know what measures to take to limit any damage.