iQoncept - Fotolia
The International Organization for Standardization has published an ongoing series of standards for business continuity...
and resilience. The most recent addition to the ISO 223xx series is ISO 22316:2017 Security and resilience -- Organizational resilience -- Principles and attributes.
ISO approved and released the new standard in 2017. ISO 22316:2017 provides guidance to enhance organizational resilience for any size or type of public or private organization. While it is not specific to any industry or vertical market, it can be applied throughout the lifecycle of an organization. Resilience is defined in ISO 22316:2017 as "the ability of an organization to absorb and adapt in a changing environment."
The Business Continuity Institute's Statement on Organizational Resilience describes resilience as "a quality within organizations [that] allows them to manage crises and disruption to operations, resist sudden shocks and adapt to changes." Other definitions include having resources to effectively recover and restore operations, a plan for responding to an unplanned event and employees who are trained and ready to respond to an event.
Resilience is often juxtaposed with business continuity, and there has been considerable debate in recent years whether BC results in resilience or vice versa. The traditional view is that each addresses the organization's ability to recover and restore operations following a disruptive event. Some feel BC is the process and resilience is the end state.
Standards serve as helpful guidelines for a business continuity strategy. They cover a wide range of topics within the field of business continuity and can aid with compliance, security, resilience and recovery.
ISO 22316:2017 helps clarify the nature and scope of resilience, itself a somewhat difficult condition to evaluate. The standard identifies key components so that an organization can assess its resilience; define, implement and measure improvements; and identify and recommend good practices for ensuring resilience based on existing standards and disciplines. This is where an organization may make reference to ISO 22301:2019 Security and resilience -- Business continuity management systems -- Requirements and ISO 22313:2020 Security and resilience -- Business continuity management systems -- Guidance on the use of ISO 22301.
Additional reference standards to complement ISO 22316:2017 can include ISO/IEC 27001 (information security) and ISO 31000 (risk management). In addition, one relevant non-ISO standard is ASIS SPC.1-2009 Organizational resilience: Security, preparedness and continuity management systems -- Requirements with guidance for use.
Dig Deeper on Disaster recovery planning - management
Related Q&A from Paul Kirvan
A major element in maintaining business continuity during a pandemic is taking care of employee health. Pandemic-specific planning must be a part of ... Continue Reading
This backup and recovery audit checklist offers a comprehensive group of controls and evidence examples to get you ready for the important process of... Continue Reading
Examine the major elements of an active archiving environment, including the kinds of data that you can use in one and resources to help with ... Continue Reading