Resilience in your company
Today, the term resilience is usually understood to mean the psychological resistance of people to difficult life situations. This robustness is not only important for individuals, companies today must also ask themselves how they build resilience in order to be able to react appropriately to unforeseen events.
Resilience is increasingly finding its way into business administration; this refers to all measures that strengthen a company's resilience to external influences and help to maintain or restore business continuity.
Many disciplines converge in building business resilience, including business continuity management (BCMS), crisis management, risk management, communications management, emergency management, supply chain management, human resources management, and even strategic planning.
When a company addresses resilience, the result is an analysis of critical issues and areas, leading to a better understanding of the company and its vulnerabilities. These valuable insights can be incorporated into strategic planning and all other disciplines involved in resilience.
In addition to a functioning risk management system, as described in SN ISO 31000, the introduction of a "business continuity management" system can bring companies an important step closer to resilience and therefore prevent serious disruptions from catching management on the wrong foot. The distinction between risk management and business continuity management can be made as follows, according to Barnaby Lewis, chairman of the ISO working group "Continuity and organizational resilience ": Risk management tends to focus on specific threats and opportunities, whereas business continuity provides a recovery plan that can be deployed in all circumstances if something goes wrong and the business is disrupted.
ISO 22316 provides an overview of the principles and attributes of organizational resilience and makes the concept of resilience comprehensible according to ISO. If you can't understand what all the buzzwords mean, you can take a look at SN EN
ISO 22300, it defines the terms used in the scope "Security and Resilience".
Goals of the CRM system
The basic goal of a business continuity management system is to enable companies to respond more effectively and restore business operations more quickly. Thus, the negative impact on people, products and the company itself can be reduced.
The ISO 22301 standard is the world's first international standard for implementing and maintaining an effective business continuity plan. With an ISO 22301 implemented and certified "Business Continuity Management" system, a company demonstrates that it has sound systems and processes in place to quickly resume operations. The standard is based on the same high-level structure as the well-known system management standards SN EN ISO 9001 and SN EN ISO 14001, so it can be easily integrated into a company's established management systems.
ISO series helpful
For the personnel management of a company, the technical specification ISO/TS 22330 can concretize the overarching requirements written down in ISO 22301. Diverse people in their functions are central to the recovery of business continuity. It is therefore important to develop and implement strategies and guidelines for the management of people affected by incidents, disruptions and also disasters.
It is also important to keep an eye on the supply chain. Globalisation means that small and large companies alike are dependent on traders in other countries. This means that the supply chain and its resilience are of great importance. It is important to protect people, goods, infrastructure and equipment - including transportation - from security incidents and their potentially devastating effects. With the comprehensive management standard ISO 28000, companies can build a common security management system for supply chains by identifying their security needs and establishing processes and mechanisms.
For the successful implementation of ISO 28000, the standards ISO 28004-1, 28004-3 and 28004-4 have been issued. ISO 28004-1 deals with general principles. ISO 28004-3 addresses SMEs and describes guidelines and criteria for the implementation of ISO 28000.
All standards are developed by the Security and Resilience Technical Committee, where subject matter experts from diverse industries meet to develop standards that can help companies build resilience in a wide range of areas. A further 21 standards projects are in the pipeline.
With the necessary resilience, companies can view a crisis like the writer Max Frisch, who said, "A crisis is a productive state. You just have to take away the taint of catastrophe."
