Steve Byrom Synergos

When systems you rely on in your business are disrupted, do you have a backup plan for communicating with your customers, getting essential supplies or fulfilling orders? Here, Steve Byrom, Business Consultant at Synergos Consultancy, explains how business continuity planning and considering ISO 22301 certification could help to protect your organisation from unexpected disruptions.

In the past three years, 97% of global IT leaders have reported experiencing at least one IT brownout – where electricity voltage drops – with 51% reporting an increase in downtime since the beginning of 2020.

There are numerous potential causes for unplanned downtime and just as many aspects of your supply chain that can be hit.  

As the COVID-19 pandemic and several high-profile IT outages have shown us, it is crucial that businesses have resilient operations. The question, then, is what can you do to mitigate any potential fallout when there is a disruption?

The answer is to try to anticipate and plan for potential disruptions and to make a continuity plan for your business. You can get started on this yourself and progress by working with a consultant to prepare for and maintain your ISO 22301 certification.  

What is ISO 22301?

ISO 22301 is the International Standard for Business Continuity Management System (BCMS). It was developed to ensure that businesses and organisations were protected from any unexpected downtime due to disruption and disaster.    

By gaining an ISO 22301 certification, you can show stakeholders that your business is prepared for any eventuality. Being BCMS certified will ensure that not only does your organisation navigate through any disruption smoothly, but that it will recover quickly from any given misfortune and thrive. 

The core parts that ISO 22301 covers are:

  • Leadership
  • Planning
  • Support
  • Operations
  • Evaluation
  • Improvement

ISO 22301 has been designed to integrate seamlessly with other ISO standards, such as Quality Management Systems (ISO 9001) and Information Security Systems (ISO 27001). Many of the standards share core structures, allowing for easy adoption.

Does my organisation need ISO 22301?

Any unplanned disruption to your business can lead to a severe loss of revenue, market share, data breaches and failure to deliver client services as promises. While ISO 22301 is not mandatory for any business or organisation, having it can protect your business from sustaining damage to its reputation should any unexpected downtime occur.

How will ISO 22301 benefit my organisation?

There are a number of benefits that ISO 22301 certification can bring:

  • Increased revenue
  • Attract new customers and opportunities
  • Qualify during the tender process
  • Preferred supplier status
  • Increased business resilience
  • Improve processes
  • Demonstrate a commitment to data protection
  • Durability through disruption
  • Continuous internal improvement

How does ISO 22301 work?

There are five stages to ISO 22301 certification:

  1. Initial assessment

Determines if the mandatory requirements are met and if the management systems are in place.

  1. Secondary assessment

Determines the effectiveness of the systems in place and confirms that the management system is functional.

  1. Review

Any points of concern raised so far are addressed. Certification can be recommended upon satisfaction.

  1. Certification Review

An independent panel reviews your organisation's files and systems, and a decision is made on certification.

  1. Award

Successful reviews are certified, and ISO 22301 certificates are awarded.


Key takeaways…

  • ISO 22301 is an international standard for ensuring your business can continue to operate despite disruptions – for more information see the ICO’s free publication:
  • It is not mandatory for a business to have ISO 22301 but there are many benefits to certification, including making you a more attractive business to work with, maintaining a great reputation, winning tenders and getting on preferred supplier lists
  • You can prepare for certification on your own or by working with a consultancy who will help you ensure you have all the right policies, procedures and documentation to successfully complete and maintain your certification
  • Find out more about business continuity planning on the UMi platform:


Steve Byrom is a Business Consultant at Synergos Consultancy, assisting businesses to achieve various means of compliance, including ISO certifications, health and safety management, GDPR compliance and more.

Steve Byrom
Contributed by Steve Byrom
Neina Sheldon
Article by Neina Sheldon
Share Article