Business resilience standards

June 2013 Security Services & Risk Management

The International Standards Organisation (ISO) recently launched its first standard for Business Continuity Management, ISO 22301. “The business world is increasingly digital with systemic dependencies and a company’s effectiveness depends on its systems’ resilience,” says Eugene Taylor, managing director of TaGza and the UK’s Institute of Directors (IoD) constituent representative on the British Standards Institute TC223 committee. “Adherence to a reputable standard for business continuity like ISO 22301 indicates that a company is serious about its organisational resilience and is thus a suitable partner. Think of it as a ticket to the dance – and a strategy for remaining in business.”

Taylor was addressing a briefing on the new ISO 22301 standard, hosted by ContinuitySA as part of Business Continuity Awareness Week. Business Continuity Awareness Week (BCAW) is an annual global event organised by the Business Continuity Institute (BCI) and, this year, took place between 18-22 March.

Although South Africa has fully adopted the new standard, obtaining certification here is problematic at present as the South African National Accreditation Service (SANAS) has not yet decided whether it is viable to accredit local companies who would in turn be able to provide certification to local organisations. Alternatively, this certification can be done via internationally accredited certification companies through the International Accreditation Forum (IAF) who are party to the Multi Lateral Agreement (MLA) currently in place, but this approach is likely to be expensive and geographically problematic. While this issue is being resolved, South African companies should take a positive step towards organisational resilience and begin to align themselves with the new standard in preparation for certification.

“Business continuity has been incorporated into the principles of King III and so is already on the corporate agenda,” Taylor notes. “As most of King II was incorporated into the new Companies Act (2008), I would not be surprised if we found the King III recommendations making its way into company legislation in due course.”

Three valuable practical resources for companies contemplating this move are Hilary Estall’s Business Continuity management systems: Implementation and certification to ISO 22301, The BCI’s Good Practice Guide (GPG) and Business Continuity for dummies.

Taylor said that before considering the upgrading of an existing business continuity management system or implementing one from scratch, they should follow four steps.

“First make a strong business case,” he says. “It is also vital to obtain an enthusiastic sponsor in top management and a suitably qualified implementer.”

The next step is to obtain the buy-in of the executive team and board of directors, which will mean identifying the benefits and costs of the chosen approach over the entire life cycle. Allied to this is the process of putting together a comprehensive, realistic budget that covers not just the implementation but also delivery. “Do not restrict the budget discussion to basic resourcing of personnel, make sure you provide for technological support resources you will need to make business continuity management work,” Taylor adds.

The final step is the important task of building relationships. At one level, this means obtaining buy-in from the enterprise as broadly as possible but also building relationships with those who do not initially support the move. “There are always the doubters but if you work closely with them, they can be brought round to seeing the real benefits,” Taylor observes. “I have had instances in which those who were most hostile at the beginning of the process have become business continuity champions.”

Once these four steps have been completed, the company will be prepared to embark on its programme to comply with ISO 22301 – and thus demonstrate its reliability as a business partner or service provider across its entire value chain.

For more information contact ContinuitySA, +27 (0)11 554 8050, cindy.bodenstein@continuitysa.co.za, www.continuitysa.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
Vodacom and SAPS launch MySAPS mobile app
October 2019 , Security Services & Risk Management
Vodacom, in partnership with the South African Police Service, will empower citizens to contribute to their own safety as well as the safety of their communities through the newly launched MySAPS app.

Read more...
Enterprise security must change
October 2019 , Cyber Security, Security Services & Risk Management
The recent wave of cyberattacks against local banks has highlighted the importance of protecting data against malicious users.

Read more...
Drones improve risk management
October 2019 , Security Services & Risk Management
Indwe embraces drone technology to help improve risk management and optimise insurance.

Read more...
Body-worn cameras transforming security
October 2019 , CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
Police Service Northern Ireland now has over 7 000 officers using 2 500 cameras covering approximately 173 000 incidents each year.

Read more...
Protecting your customers’ data
October 2019 , Training & Education, Security Services & Risk Management
Simon Murrell, head of development and executive director at BrandQuantum says companies need to protect their customers from identity theft and data breaches.

Read more...
Edwards Public Address & Voice Alarm System
October 2019 , Security Services & Risk Management, Products
Carrier has added the Public Address & Voice Alarm (PAVA) range to its fire product offerings.

Read more...
ContinuitySA offers ISO 22301 Lead Implementer course
October 2019, ContinuitySA , Training & Education, Security Services & Risk Management
ContinuitySA is once again offer its five-day Certified ISO 22301 Lead Implementer course on 18-22 November 2019 at the company's Midrand facility.

Read more...
Preparing your data for PoPI
September 2019 , IT infrastructure, Security Services & Risk Management
When it comes to protecting any information, the way data is secured across the value chain needs to be addressed.

Read more...