Dejan Kosutic 
As you may have heard, on December 19 I’ll publish my new book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation. So, if you are a business continuity practitioner looking for some tips on how to implement this standard, here’s a brief overview of the book so that you can decide whether it might be useful for you.
Main focus of the book
My main goal for this book was to provide practical step-by-step guidelines for implementing ISO 22301 – on one hand, I knew I needed to cover all the in-depth details of such complex implementation, but on the other hand I wanted to avoid using specialized language that no one understands; just as with this blog, I tried to use plain language when explaining complex topics.
To make this book as practical as possible, in the chapter about the core business continuity elements (see what they are at the end of this article), in each section that focuses on different elements I have described the following aspects:
- Purpose – the purpose of each business continuity element, how it fits with other elements, and how to deal with it with optimum effort
- Inputs – which inputs you need to take into account when making decisions about the implementation
- Options – which options exist for implementing particular elements of business continuity
- Decisions – which decisions need to be made when starting the implementation
- Documentation – which documents need to be written, and how to structure them
Basically, the book gives a complete methodology for ISO 22301 implementation, seen from a consultant perspective: I tried to pass along my own knowledge collected throughout my consulting career.
Who it is written for
In the first place, I’ve written this book for beginners in business continuity – the people who are just entering this area, and have very little knowledge about it. I explained all the steps, from the very beginning all the way to the ISO 22301 certification. I also gave many practical examples, to make this book easier to use in real life.
However, I also tried to make this book interesting for business continuity professionals. I think it will be useful for ISO 22301 consultants as well, especially the part where I explain which options exist for the implementation of each step – this is basically what consultants can use to provide added value for their clients.
Finally, I hope the book will be useful for experienced business continuity practitioners. I was actually inspired by my experience delivering courses about the basics of ISO 22301: most of the attendees are beginners, but sometimes the experienced business continuity professionals also attend such courses – typically, their comment is, “I already knew most of the stuff from ISO 22301, but having all these things put together was definitely worth it.” And this is exactly how the book is structured.
Which topics the book covers
Of course, the book covers all the core business continuity elements: business impact analysis, risk assessment and mitigation, business continuity strategy, business continuity planning, incident response, crisis management, recovery, exercising and testing, etc.
However, I also focused on other less famous but equally important requirements of ISO 22301 – role of the top management, objectives, measurement, document control, internal audit, corrective actions, etc.
At last, but certainly not least, the book covers all the steps that come before and after the implementation – the crucial step of how to convince your top management to fund this kind of a project, how to structure the project team, and also how to prepare for the certification and how to speak to the certification auditor.
And that’s it – if it sounds like something you could benefit from, then I hope you enjoy the book! Click here to learn more.
