Business continuity management, to standard
South African companies must take advantage of the new international standard for business continuity management, says ContinuitySA
Business Continuity Awareness Week is an annual global event organised by the Business Continuity Institute, which recently took place from March 18 to 22. During the week, ContinuitySA hosted a briefing on the new International Standards Organisation (ISO) ISO22301 standard – the organisation’s first standard for business continuity management.
ContinuitySA employs some of Africa’s most highly-skilled and -qualified business continuity and disaster management experts, its primary focus being to ensure clients are able to address the resilience and recoverability of their IT services.
“The business world is becoming increasingly digital, with systemic dependencies, and a company’s effectiveness depends on the resilience of its systems,” says Eugene Taylor, managing director of TaGza and the United Kingdom’s Institute of Directors’ constituent representative on the British Standards Institute TC223 committee. “Adherence to a reputable standard for business continuity, like ISO22301, indicates that a company is serious about its organisational resilience and is thus a suitable partner.”
Although South Africa has fully adopted the new standard, obtaining certification is problematic at present, as the South African National Accreditation Service (SANAS) has not yet decided whether it is viable to accredit local companies, who would in turn be able to provide certification to local organisations.
Alternatively, certification can be done via internationally-accredited certification companies through the International Accreditation Forum (IAF). However, ContinuitySA cautions that this approach is likely to be expensive and geographically problematic.
While this issue is being resolved, ContinuitySA advises local companies to take a positive step towards organisational resilience and begin to align themselves with the new standard in preparation for certification.
According to Taylor, before considering the upgrading of an existing business continuity management system or implementing one from scratch, companies should follow four steps. “First make a strong business case and obtain an enthusiastic sponsor in top management and a suitably qualified implementer,” he says.
The next step is to obtain buy-in from the executive team and board of directors, which will mean identifying the benefits and costs of the chosen approach.
A comprehensive, realistic budget must cover both the implementation and delivery. “Don’t restrict the budget discussion to resourcing of personnel. Make sure you provide for the technological support resources too,” Taylor says.
The final step is the important task of building relationships. “There are always the doubters,” says Taylor. “But those who were most hostile at the beginning of the process sometimes become business continuity champions.”
Once a company has completed these four steps, it will be well prepared to embark on its programme to comply with ISO22301, and thus demonstrate its reliability as a business partner or service provider across its entire value chain.