Fusion partnered with Continuity Insights to deliver a webinar on ISO 22301 in 2013. You can access it here.
While promoting the webinar, someone who knows me well asked, “Are you really going to jump on this bandwagon?” I realized it might serve everyone’s best interest to get a little perspective from me prior to the webinar.
It is true that I have not been a big proponent of Standards and Certifications generally over the years. The reason is simply that the most competent people and capable organizations that I know don’t focus on either. These are practitioners whose prime focus has been on business results and their organizations have top-down leadership and direction that sets the tone and defines the expectations for Business Continuity. But a lot has changed in the last few years and it was time for me to take a fresh look at standards and certifications.
Standards are not best practices and never will be, by definition. They define things generally and broadly – what I call “directionally accurate”. So, while being ISO22301 certified is commendable, it does not mean that an organization has applied the principles of Business Continuity entirely and appropriately for their business needs. Certification does not mean Mission Accomplished. It is a base, but it is not the end game.
The reasons that drive me to support compliance are mostly based on the strategic value that can be associated with the ability an organization has to make concise representations to it’s customers and stakeholders, and to demand the same from its suppliers. It makes no sense for thousands of organizations to come up with their own set of questions for their suppliers. It makes no sense for a practitioner to have to respond to hundreds of questions from each of hundreds of customers. There is a place for standards to streamline the qualification trading partners in the supply chain. The value isn’t because it makes your organization bullet proof. The value comes in the efficiencies and economies that an organization can achieve from being a responsible part of a supply chain. Standards enable remarkably efficient communication of complex topics. That a data center is Tier 3 and SSAE16 compliant speaks volumes about that facility and its operation. “UL Compliant” means something important and conveys responsibility and trust. Batteries, plugs, even labeling formats on food products are all grounded in standards that facilitate clear and truthful communication.
So why 22301 and why now? ISO is International. It focuses on Continuity Risk Management, and not just planning. It is not British and it is not American. ISO22301 is a converged standard that is part of larger, generally accepted family of standards from ISO. My focus has always been on value. And the webinar will expand on these thoughts as it relates to ISO 22301 and the value it can bring to your organization.
As practitioners charged with protecting the interests of an enterprise, we need to determine if embracing ISO22301 enables us to address a broader array of risks, and deliver value to the business in the process. We have reached a Tipping Point as our programs evolve to include key suppliers and service providers. There is a case for standards in a world of increasing threats and complexity driven by inexorable links between trading partners up and down the line. The concept of a Risk Conscious Culture is extending to our customers and our suppliers. Trust is at the core. And it behooves all participants to play well with others. Consider this the age of the Golden Rule… do unto others as you would have them do unto you…and standards are the only way to manage enterprise and supply chain continuity risk effectively and efficiently.
To hear more, you can download the Continuity Insights Webinar here.