To paraphrase John Donne, no standard is an island. Users implementing systems according to ISO 22301, the standard for business continuity management within the context of societal security, can gain from linking their work to that done on other standards as well. While the standard takes an all-hazards approach and applies equally to both private and public sectors, it does not seek to re-invent the wheel concerning related disciplines. So which other standards might you consider linking to and integrating with, as you put ISO 22301 in place?
ISO itself suggests that work on business continuity can be appropriately integrated with initiatives concerning quality, information security and the environment, among others. The standards involved are:
- ISO 22301 itself. Specifies what organisations should do for BC management systems and sufficient disaster recovery preparedness. Includes metrics that allow an organisation to evaluate its current BCM situation. Reduces unknown risks and can give a business a competitive advantage with customers who then appreciate the demonstrable robustness of that business.
- ISO 9001 for quality management. Applies to the processes used by an organisation to make and monitor its products and services. Like ISO 22301, ISO 9001 is auditable. Saves an organisation time and money by highlighting any deficiencies and leading to increased efficiency and productivity.
- ISO/IEC 27001 for information security. Brings information security in general (including but not limited to IT) under management control, with systematic evaluation of risks, and the design of appropriate policies and controls. Has immediate links with business continuity and quality standards.
- ISO 14001 for the environment. For the prevention of pollution and the elimination of any other negative impact on the environment. “Going green” is of immediate benefit to the planet, and can also result in increased profitability and robustness (business continuity) for the organization concerned.