iQoncept - Fotolia

Get started Bring yourself up to speed with our introductory content.

What standards for business continuity aid in compliance?

Business continuity and disaster recovery compliance is a valuable asset and may require a deeper understanding of modern standards and changes your organization needs to make.

Governance, risk and compliance are important factors to business leaders. Of these three criteria, compliance is important because it can be validated and demonstrated. The number of standards and regulations companies have to address has grown steadily in the past 20 years. The ability to demonstrate compliance by meeting specific standards for business continuity, disaster recovery and cybersecurity has become a competitive advantage.

For example, an increasing number of organizations want to see hard evidence that a potential business partner is compliant with specific standards, such as ISO 9000 (quality management). ISO standards are created by the International Organization for Standardization, a nongovernmental entity with representatives from over 160 countries. Because of their prevalence, ISO standards are widely used in many areas of IT.

More organizations are beginning to require evidence that companies are compliant with standards for business continuity, such as ISO 22301:2019, NFPA 1600 from the National Fire Protection Association or those found in the Business Continuity Planning booklet from the Federal Financial Institutions Examination Council. Compliance with such standards clearly demonstrates that organizations value their partners' ability to stay running when faced with a disruptive event.

The following steps can be used to determine that a cybersecurity strategy or business continuity/disaster recovery (BC/DR) plan is in compliance with today's standards:

  • Identify the standards and regulations for which compliance is needed.
  • Read and understand the standards and regulations.
  • Assess the current state of the organization with regard to the standards and regulations.
  • Pinpoint where changes need to be made to achieve compliance.
  • Determine the resources and funding needed to make changes needed for compliance.
  • Make the changes that have been identified.
  • Validate and document that the required level of compliance has been achieved using either internal or external auditors.

More on this topic

Standards serve as helpful guidelines for a business continuity strategy. They cover a wide range of topics within the field of business continuity and can aid with compliance, security, resilience and recovery.

ISO and FFIEC business continuity standards compared

What does the ISO 22330 business continuity standard cover?

ISO 22301:2019 vs. previous versions: What's changed?

How does the ISO 22316 standard cover resilience?

Follow these standards for business continuity and resilience

Perhaps the most important activity is documenting activities that demonstrate that you meet compliance standards for business continuity, disaster recovery and cybersecurity. These typically include policies and procedures, as they provide real evidence that the organization has made the effort to achieve compliance.

Once an organization has achieved and demonstrated its compliance with BC/DR and cybersecurity standards and regulations, compliance must be periodically reviewed and recertified. This should be performed annually. Along with ISO 22301:2019, standards for business continuity include ISO 22316:2017 and the rest of the ISO 223xx series. Cybersecurity compliance may be determined with the ISO/IEC 27000 series. Evidence of compliance with standards and regulations is often realized as certificates that can be framed and displayed where customers can see them.

Next Steps

Use disaster recovery standards to guide pandemic planning

Dig Deeper on Disaster recovery planning - management