• (0)
    ISO-27001-ISO-22301-blog

    ISO 27001 & ISO 22301 Knowledge base

    ISO 22301 benefits: How to get your management’s approval for a business continuity project

    If you think your management loves to listen to you talk about your great idea for a disaster recovery site, or a perfect tool you’ve discovered for handling business continuity plans, you’re wrong – they just don’t care.

    What management wants to hear (and does understand) are profit, market share, client satisfaction, cost cutting, business strategy, and business risks. And you can’t blame them – after all, this is what their job is about.

    So if you can’t change them, you have to change yourself – first of all, if you want them to listen to you, you have to start speaking the language they understand. And they will understand if you present them with the potential benefits of ISO 22301/business continuity implementation.

    How can business continuity help your business?

    In my experience, there are four potential benefits you should consider:



    1. Compliance. There are more and more laws and regulations in almost every country that require business continuity compliance; but, what’s even more interesting, is that there is an increasing number of business clients (e.g. financial institutions) which require their partners and suppliers to implement business continuity procedures. The good news is that ISO 22301 is a perfect framework for complying with all these requirements, partly because BS 25999 and ISO 22301 were a model when those laws and regulations were developed. This means less effort in the compliance process, and fewer penalties to be paid. Click here to see a list of business continuity legislation worldwide.

    2. Marketing advantage. If your company has an ISO 22301 certificate and your competitors don’t, and if your clients are very sensitive to availability of the service, you could actually get new clients because you will be able to convince potential clients that you are the best in the industry. This means increased market share and higher profits.

    3. Reducing dependence on individuals. More and more executives are aware that their business relies on a couple of people who are very often hard to replace – this is particularly obvious when people leave the company. With the implementation of business continuity, the company actually becomes far less dependent on those individuals (because of the replacement scheme and documenting of tasks), meaning you will have fewer headaches when someone does leave.

    4. Prevent large-scale damage. If you are an Internet service provider, or a telecom company, every minute of your service unavailability costs a lot of money; maybe not so much in other industries, but again it does cost money. So basically, the implementation of your business continuity is a kind of insurance policy – it will enable you to prevent some of the incidents, while for others you will be able to recover more quickly. And by doing this, you can save quite a lot of money.

    Choose the applicable benefits and stick with them.

    I’m not saying all four of these will be applicable to your organization, but you have to pick at least two that are really relevant to your organization. And you have to consult with your colleagues in the company (the best would be from the business side of the organization, and in corporate functions), because you ultimately have to figure out which of these benefits are the most interesting to your top management, and which ones support your company’s strategy.

    Once you have this focus on what business continuity can do for your business, you’ll find your job of obtaining the approval much easier. Of course, you still have to figure out how to present the whole case to your management, but that will be the topic of some other blog post…

    This article is an excerpt from the book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation. Click here to see what’s included in the book…

    Advisera Dejan Kosutic
    Author
    Dejan Kosutic
    Dejan holds a number of certifications, including Certified Management Consultant, ISO 27001 Lead Auditor, ISO 9001 Lead Auditor, and Associate Business Continuity Professional. Dejan leads our team in managing several websites that specialize in supporting ISO and IT professionals in their understanding and successful implementation of top international standards. Dejan earned his MBA from Henley Management College, and has extensive experience in investment, insurance, and banking. He is renowned for his expertise in international standards for business continuity and information security – ISO 22301 & ISO 27001 – and for authoring several related web tutorials, documentation toolkits, and books.