ISO 22301 benefits: How to get your management’s approval for a business continuity project

If you think your management loves to listen to you talk about your great idea for a disaster recovery site, or a perfect tool you’ve discovered for handling business continuity plans, you’re wrong – they just don’t care.

What management wants to hear (and does understand) are profit, market share, client satisfaction, cost cutting, business strategy, and business risks. And you can’t blame them – after all, this is what their job is about.

So if you can’t change them, you have to change yourself – first of all, if you want them to listen to you, you have to start speaking the language they understand. And they will understand if you present them with the potential benefits of ISO 22301/business continuity implementation.

How can business continuity help your business?

In my experience, there are four potential benefits you should consider:



1. Compliance. There are more and more laws and regulations in almost every country that require business continuity compliance; but, what’s even more interesting, is that there is an increasing number of business clients (e.g. financial institutions) which require their partners and suppliers to implement business continuity procedures. The good news is that ISO 22301 is a perfect framework for complying with all these requirements, partly because BS 25999 and ISO 22301 were a model when those laws and regulations were developed. This means less effort in the compliance process, and fewer penalties to be paid. Click here to see a list of business continuity legislation worldwide.

2. Marketing advantage. If your company has an ISO 22301 certificate and your competitors don’t, and if your clients are very sensitive to availability of the service, you could actually get new clients because you will be able to convince potential clients that you are the best in the industry. This means increased market share and higher profits.

3. Reducing dependence on individuals. More and more executives are aware that their business relies on a couple of people who are very often hard to replace – this is particularly obvious when people leave the company. With the implementation of business continuity, the company actually becomes far less dependent on those individuals (because of the replacement scheme and documenting of tasks), meaning you will have fewer headaches when someone does leave.

4. Prevent large-scale damage. If you are an Internet service provider, or a telecom company, every minute of your service unavailability costs a lot of money; maybe not so much in other industries, but again it does cost money. So basically, the implementation of your business continuity is a kind of insurance policy – it will enable you to prevent some of the incidents, while for others you will be able to recover more quickly. And by doing this, you can save quite a lot of money.

Choose the applicable benefits and stick with them.

I’m not saying all four of these will be applicable to your organization, but you have to pick at least two that are really relevant to your organization. And you have to consult with your colleagues in the company (the best would be from the business side of the organization, and in corporate functions), because you ultimately have to figure out which of these benefits are the most interesting to your top management, and which ones support your company’s strategy.

Once you have this focus on what business continuity can do for your business, you’ll find your job of obtaining the approval much easier. Of course, you still have to figure out how to present the whole case to your management, but that will be the topic of some other blog post…

This article is an excerpt from the book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation. Click here to see what’s included in the book…

Advisera Dejan Kosutic
Author
Dejan Kosutic
Leading expert on cybersecurity & information security and the author of several books, articles, webinars, and courses. As a premier expert, Dejan founded Advisera to help small and medium businesses obtain the resources they need to become compliant with EU regulations and ISO standards. He believes that making complex frameworks easy to understand and simple to use creates a competitive advantage for Advisera's clients, and that AI technology is crucial for achieving this.

As an ISO 27001 and NIS 2 expert, Dejan helps companies find the best path to compliance by eliminating overhead and adapting the implementation to their size and industry specifics.