What Is ISO 22301?

Vicky Withey

Head of Compliance at Node4

ISO 22301 Business Continuity is the latest certification achieved by Node4, approved by their UKAS accredited body, Alcumus. Achievement of this certification verifies that Node4 is a resilient business - building trust and credibility to assure customers, partners, suppliers, employees and external stakeholders that Node4 is prepared during a crisis. 

In this blog, I discuss the standard in more detail and its benefits to you. 

 

What is ISO 22301? 

ISO 22301 provides a framework to plan, establish, operate, monitor, review, maintain and continually improve business continuity to help organisations prepare, protect, respond to, and recover when disruptive incidents arise. 

 

What are the benefits to Node4 customers and partners? 

The objective of implementing a robust business continuity management system is to seamlessly continue to deliver IT services to all our customers with as minimal disruption as possible. We achieve this by:

  • Identifying and managing current and future threats to our business. 
  • Understanding what our critical functions are to continue our business operations during times of crises. 
  • Taking a proactive approach to minimise the impact of a disruptive event by having a dedicated team to support the business, make key decisions and act quickly. 
  • Implementing a clear communications strategy, both internally and externally; providing reassurance and clear guidance on action plans invoked. 

 

How can organisations achieve ISO 22301? 

Obtaining ISO 22301 certification should be high on the priority list of organisations that need to demonstrate their resiliency; as we have all experienced, no one is immune from a pandemic!  

The certification process includes 15 essential steps: 

  1. Obtain senior management support and commitment necessary to provide the required resources to support the management system.
  2. Identify interested parties (internal, external, government and community members) and understand their unique requirements.
  3. Define business continuity program objectives, scope and policy. 
  4. Define a management framework using Plan, Do, Check, Act model. 
  5. Conduct risk assessments, apply risk treatments and update methodologies as needed.
  6. Define recovery time objectives and recovery point objectives. 
  7. Define resources and align your business continuity management strategy.
  8. Define response and recovery actions.
  9. Implement training and awareness programs throughout your organisation.
  10. Exercise and test your program activities using independent staff, enabling impartiality.
  11. Learn from each event in testing and benchmark experiences of multiple functions.
  12. Communicate the necessary information in a consumable format. 
  13. Measure and evaluate against initially set business continuity management objectives.
  14. Conduct an internal audit and maintain records to demonstrate compliance.
  15. Make continual improvement part of your processes and management review.

 

Being ISO 22301 certified puts Node4 within a unique group of companies committed to business resilience. Ultimately, our ISO certifications are part of what makes us a unique and well-rounded business that people want to work with and for! 

For further information on our awards and certifications, visit our dedicated webpage.