ISO 27001 requires your Information Systems to support Business Continuity (§A.17.1), usually through redundancy and definition of Objectives such as RTO/RPO, leading most of the times to the implementation of a technical, expensive, high-availability solutions. Good.
But let’s extend the scope and take the problem by the other end: the Business’ actual needs.
By taking the stakeholders’ view, assessing the organization itself, its activities, products and services, partners, suppliers and so on, ISO 22301 is enforcing an holistic approach, and setting the focus on what is really important: being able to provide the expected service, even in case of an adverse event.
This goes well beyond the sole technical answer, and by the way opening up new horizons for Emergency Response: alternate organization, delegation of service to a third-party, or even manual processing – sometimes low-tech (and inexpensive!) solutions are the most efficient!
This approach is promoted by the latest UK Operational Resilience regulation, which requires financial institutions to ensure provision of « Important Business Services », whatever the circumstances and whatever the probability of an event to occur – no matter how you achieve this.
An example? if a Bank’s ATM network is down, and it is unable to restore it fast enough, the Bank can provide the Service (« Cash delivery to end customer ») by opening a 24/7 manual cash desk in all their branches – fulfilling regulatory requirements and servicing Customers without any further investment in complex and expensive systems.
Looking forward to ISO 22301 certification? Please check our Business Continuity as a Service solution!
But let’s extend the scope and take the problem by the other end: the Business’ actual needs.
By taking the stakeholders’ view, assessing the organization itself, its activities, products and services, partners, suppliers and so on, ISO 22301 is enforcing an holistic approach, and setting the focus on what is really important: being able to provide the expected service, even in case of an adverse event.
This goes well beyond the sole technical answer, and by the way opening up new horizons for Emergency Response: alternate organization, delegation of service to a third-party, or even manual processing – sometimes low-tech (and inexpensive!) solutions are the most efficient!
This approach is promoted by the latest UK Operational Resilience regulation, which requires financial institutions to ensure provision of « Important Business Services », whatever the circumstances and whatever the probability of an event to occur – no matter how you achieve this.
An example? if a Bank’s ATM network is down, and it is unable to restore it fast enough, the Bank can provide the Service (« Cash delivery to end customer ») by opening a 24/7 manual cash desk in all their branches – fulfilling regulatory requirements and servicing Customers without any further investment in complex and expensive systems.
Looking forward to ISO 22301 certification? Please check our Business Continuity as a Service solution!
#business #businesscontinuity #ISO27001 #ISO22301