Trending #ISO22301 – A Webinar that Mattered

Last week, Fusion and Continuity Insights presented a very successful webinar with more than 230 people registered. David Nolan discussed his perspectives on standards in the past, what makes ISO 22301 different, and how you can gain the most business value possible. It is important to make decisions that are best for you and your company, and David explains how to make this standard work in your best interest, rather than simply jumping on the bandwagon or ignoring it. This unique perspective paired with insight into the business case for standards resulted in an effective and informative webinar.

We are very proud of how well received this session was among the attendees:

“I thought the information was spot on and well presented.”

“I agree that he is right on the mark regarding the ISO 22301 standard for BC/DR.”

“I very much enjoyed his presentation and presentation style; very clear and engaging.”

“Very well done.”

“Really enjoyed the discussion.”

“Good stuff!”

“Thank you for time well spent in my day.”

A big thank you to everyone who attended and shared their experience with us. Want to see what all the fuss is about? Read David’s blog post “22301 – The Tipping Point for BC Standards.” After you do that, contact lnolan@fusionrm.com for a copy of the presentation slides and/or recording of the session. Lots of valuable information for you!

David is also preparing for another presentation, this time in person at Continuity Insights Chicago. Register here for the event and don’t miss his session, “Making Social Media Work For Your BC Program” at 11:00 am on Tuesday, June 18th.

As always, make sure you are connected with Fusion on LinkedIn, Facebook, and Twitter. If you have something to say about this or similar topics, request to join our group, BCM Innovators.

Advertisements

22301: The Tipping Point for BC Standards

Fusion partnered with Continuity Insights to deliver a webinar on ISO 22301 in 2013. You can access it here.

While promoting the webinar, someone who knows me well asked, “Are you really going to jump on this bandwagon?” I realized it might serve everyone’s best interest to get a little perspective from me prior to the webinar.

It is true that I have not been a big proponent of Standards and Certifications generally over the years. The reason is simply that the most competent people and capable organizations that I know don’t focus on either. These are practitioners whose prime focus has been on business results and their organizations have top-down leadership and direction that sets the tone and defines the expectations for Business Continuity. But a lot has changed in the last few years and it was time for me to take a fresh look at standards and certifications.

Standards are not best practices and never will be, by definition. They define things generally and broadly – what I call “directionally accurate”. So, while being ISO22301 certified is commendable, it does not mean that an organization has applied the principles of Business Continuity entirely and appropriately for their business needs. Certification does not mean Mission Accomplished. It is a base, but it is not the end game.

The reasons that drive me to support compliance are mostly based on the strategic value that can be associated with the ability an organization has to make concise representations to it’s customers and stakeholders, and to demand the same from its suppliers. It makes no sense for thousands of organizations to come up with their own set of questions for their suppliers. It makes no sense for a practitioner to have to respond to hundreds of questions from each of hundreds of customers. There is a place for standards to streamline the qualification trading partners in the supply chain. The value isn’t because it makes your organization bullet proof. The value comes in the efficiencies and economies that an organization can achieve from being a responsible part of a supply chain. Standards enable remarkably efficient communication of complex topics. That a data center is Tier 3 and SSAE16 compliant speaks volumes about that facility and its operation. “UL Compliant” means something important and conveys responsibility and trust. Batteries, plugs, even labeling formats on food products are all grounded in standards that facilitate clear and truthful communication.

So why 22301 and why now? ISO is International. It focuses on Continuity Risk Management, and not just planning. It is not British and it is not American. ISO22301 is a converged standard that is part of larger, generally accepted family of standards from ISO.  My focus has always been on value. And the webinar will expand on these thoughts as it relates to ISO 22301 and the value it can bring to your organization.

As practitioners charged with protecting the interests of an enterprise, we need to determine if embracing ISO22301 enables us to address a broader array of risks, and deliver value to the business in the process. We have reached a Tipping Point as our programs evolve to include key suppliers and service providers. There is a case for standards in a world of increasing threats and complexity driven by inexorable links between trading partners up and down the line. The concept of a Risk Conscious Culture is extending to our customers and our suppliers. Trust is at the core. And it behooves all participants to play well with others. Consider this the age of the Golden Rule… do unto others as you would have them do unto you…and standards are the only way to manage enterprise and supply chain continuity risk effectively and efficiently.

To hear more, you can download the Continuity Insights Webinar here.

Standards

Standards play an important role in the way our world works. Standards define how light bulbs will fit into sockets as a practical matter. But standards can also be valuable when applied to business processes and best practices. For example, the Uptime Institute Standard created a fast path for understanding the way a data center is built; and SAS70 provided context and content to more quickly determine how well run that data center might be.

But in the DR/BCP world we can’t seem to even agree on basic terminology much less a universal standard…until now? ISO 22301 couple with ISO 27001 provide the first hope that a true standard will emerge that will allow firms to quickly assess their trading partners making it easier to assess and easier to comply. Instead of chasing myriad, poorly defined objectives, these standards provide the foundation for business to business conversation between trading partners. How will Standards evolve? Who knows for sure. But what we do know is that solid standards reduce complexity and miscommunication and provide a clear, concise and reusable form for managing your DR/BC program. While we may individually have our own opinions about some elements of a given standard, we should all be motivated to contribute toward a future state where our compliance with a standard is stamp of approval that says “we have taken DR/BC seriously and have achieved measurable results!”

To discuss this or any other related topics further, feel free to contact us. You can also connect with us on LinkedIn!