How INONI helped our client gain the ISO 22301 Business Continuity accreditation.
Our client provides technology, Call Centre and other outsourced services to a large metropolitan City Council and many other public and private sector organizations, including highly visible and sensitive Government authorized services. Many demand high levels of security and integrity, often dealing with highly personal, sensitive and time-critical information. Recognizing this, in 2007, our client decided to embark on a business continuity management (BCM) programme to ensure its services could never suffer unacceptable disruption from any cause. In addition to everyday risks, the scenarios covered include the real and potentially catastrophic impacts arising from ‘standard’ insurable hazards such as fire and flood, and also from less obvious 21st century threats such as information loss or corruption, critical utility failure and terrorism.
Certification to the British Standard
Our client set out to ensure its staff, stakeholders and customers had reliable protection against the effects of unplanned disruption. They applied for accreditation against the then leading British Standard BS25999:2007 for Business Continuity. This set the bar high with a strict audit carried out against industry best practice and BSI’s auditors ensured no stone was left unturned. Our client’s CEO wanted to be sure they had a watertight capability from the outset and knew they had the discipline and wherewithal to achieve accreditation. Months of hard work followed until ultimately, and from a standing start, our client received formal accreditation at the first attempt in March 2010 – an impressive achievement – particularly given the multi-faceted operation and complexity of the business.
Ask business people about BCM in their organization and most will tell you if a plan exists; some may be familiar with it and a minority will be aware of how the plan came about and how it was formed. Accreditation demands more; it requires demonstrable and long-term embedding of BCM within the organization’s culture. It involves management understanding the organisation’s position in the value chain and how the chain is able to accommodate disruption; it involves developing strategies to deal with diverse scenarios that threaten continuity and plans that ensure these strategies can be enacted appropriately. BS25999 demanded verification through testing and continual improvement of continuity capability through challenge and review that touched all staff. It offers exceptional levels of certainty and hence value to stakeholders, suppliers and employees alike.
From the outset, our client’s project sponsor and executive director, picked up the BCM initiative and propelled it rapidly in the right direction. When they started along this path the organisation had some idea of the volume or depth of work involved. Looking back now, we can see they have touched every aspect of the company’s operations, in many cases revealing things they didn’t know about themselves – a real eye-opener. Early on in the process, they realized they needed specialist help and contacted INONI, a BCM consultancy and software provider to deliver the technical aspect. INONI’s consultants quickly gained an understanding of the business and provided access to the INONI software tool.
Achieving ISO accreditation
Working with this impressive business has been a great experience for us. Management and staff are positive and universally supportive of the BCM initiative, knowledgeable and committed in equal measure. The real beneficiaries are our client’s customers who can now rest in the knowledge that the services they rely on will always be there. To date we have provided a managed service, providing consultancy and operating the INONI Pro software so it provides all of the deliverables and controls needed to comply. We have now handed over to our client’s BC Management Team, providing autonomy and reducing the maintenance overhead.
Since this study, our client retained INONI to support the transition from BS25999 to ISO 22301, the International Standard for Business Continuity. We started work on the transformation back in October 2012 and achieved formal accreditation for the entire business in May 2013 at the first attempt.
Download the whitepaper that discusses why you should measure BCM