Business Continuity Management

Business Continuity Management ISO 22301

ISO 22301 Security and Resilience - Business Continuity Management is a standard that aims to look at potential issues that can disrupt the normal day to day on goings of an organisation. It helps to create contingency plans, in the event of a major incident occurring. Having the Business Continuity Management standard in place within your company will install trust and help reassure your customers and suppliers.

Where is Plan B when you need it?

Having a plan B in place is advised for any business, large or small. ISO 22301 Security and Resilience - Business Continuity Management is all about identifying the parts of your business that you can't afford to lose, for example; company data, stock, offices or staff. Working together with your company IQS can help you to plan now, rather than waiting for a disaster to happen! Business Continuity Management reassures the customers and suppliers you work with, it tells them you are here to stay.

The ISO (International Organization for Standardisation) is a worldwide federation of national standards bodies. The work of preparing International Standards is usually carried out through ISO technical committees. Your BCM arrangements cannot be considered reliable until they are exercised and have proved to be workable. IQS will work with you to assess and validate your plans, working together we will rehearse and test systems later relied upon to promote your companies resilience.

Ok, not all aspects of a Business Continuity Management plan can be tested, but some crucial components can, such as the contact list and the activation process. Your contact list will be your key stakeholders, the activation process the method of obtaining the described plan.

In terms of business continuity and business recovery, your plan should identify critical activities to be recovered and the timescales in which they are to be recovered. We will discuss the tasks and activities needed to ensure the continuity and recovery of your business. We would suggest plans are exercised annually, the key areas being; testing, discussion, table-top and live exercises.

ISO 22301 Security and Resilience - Business Continuity Management has to become part of the culture of your company; this will make it fully effective. To raise awareness of Business Continuity Management we suggest regular training. If staff are aware of why BCM is important to you and your company then they will better manage responsibilities and BCM related tasks.

It is recommended that your companies Business Continuity Management arrangements be reviewed, either through a formal audit or self-assessment. This will be something IQS we will discuss with you once key products and services and their critical activities and supporting resources have been identified.

A Guide to ISO 22301 Security and Resilience - Business Continuity Management

  • Step 1: Identify and document potential hazards to your company, place of work or sector.
  • Step 2: List the likelihood of a hazard occurring.
  • Step 3: List what preparations you have setup to prevent or reduce the likelihood of hazard(s) occurring.
  • Step 4: We will discuss what arrangements you could put in place to prevent or reduce these hazard(s).
  • Step 5: We would assign a likelihood score to each hazard identified above.
  • Step 6: Using the risk matrix we would plot the likelihood identified in step 5 against the impact as previously identified in the BIA.
  • Step 7: You will now be able to rank any risks, making an informed decision about what action to take.


In many cases, a combination of Business Continuity Management and business insurance will give your organisation the best chance of a quick recovery. Lets not forget that having Business Continuity Management will also open new doors when it comes to new business, reassuring people you have a "Plan B" if anything goes wrong...

Here at IQS we believe in the keep it simple approach, this will ensure a scenario is both relevant and realistic - Business Continuity Management – Whatever you decide to do next IQS are here to help.

For more information on ISO 22301 Security and Resilience - Business Continuity Management please contact IQS