Standards play an important role in the way our world works. Standards define how light bulbs will fit into sockets as a practical matter. But standards can also be valuable when applied to business processes and best practices. For example, the Uptime Institute Standard created a fast path for understanding the way a data center is built; and SAS70 provided context and content to more quickly determine how well run that data center might be.
But in the DR/BCP world we can’t seem to even agree on basic terminology much less a universal standard…until now? ISO 22301 couple with ISO 27001 provide the first hope that a true standard will emerge that will allow firms to quickly assess their trading partners making it easier to assess and easier to comply. Instead of chasing myriad, poorly defined objectives, these standards provide the foundation for business to business conversation between trading partners. How will Standards evolve? Who knows for sure. But what we do know is that solid standards reduce complexity and miscommunication and provide a clear, concise and reusable form for managing your DR/BC program. While we may individually have our own opinions about some elements of a given standard, we should all be motivated to contribute toward a future state where our compliance with a standard is stamp of approval that says “we have taken DR/BC seriously and have achieved measurable results!”