Client overview
The client is a major UK materials supplier operating in a complex, operationally intensive environment where continuity of supply and rapid recovery from disruption are critical. We have supported the organisation for seven years, partnering with them to design, implement and continually mature their business continuity capability.
The original driver
When the organisation first engaged us in 2019, their primary objective was pragmatic rather than aspirational. They needed to satisfy an insurance requirement by demonstrating that business interruption exposure was properly understood, managed and balanced by credible business continuity arrangements. In particular, they wanted confidence that BI exposure was proportionate to their BCP capability, and that this could be clearly evidenced to insurers.
While certification was not the sole driver at the outset, it was clear that aligning the programme to recognised good practice, and ultimately ISO 22301, would provide a robust and defensible framework to support both insurance discussions and operational resilience.
Our approach
The organisation went through our established initial business continuity process in 2019, This included a focused but thorough business impact analysis to quantify impacts and recovery requirements, alongside the development of practical business continuity plans and concise runbooks.
A key principle from the outset was usability. Documentation was deliberately designed to be clear, proportionate and easy to follow, ensuring that plans would work in practice, not just on paper. This approach helped the client demonstrate to insurers that continuity arrangements were credible, actionable and aligned to the level of business interruption risk.
Beyond initial implementation, we have continued to support the client through regular exercising, training and structured review activity. Over time, the focus has shifted from meeting external requirements to embedding business continuity as a normal part of how the organisation manages risk and disruption.
The result
The client has now held ISO 22301 certification for three years and has shown steady, demonstrable growth in the maturity of their business continuity management system. What began as an insurance-driven requirement has evolved into a well-established, continually improving capability.
This maturity was clearly reflected in the client’s most recent ISO 22301 audit, which they passed with ease. Following the audit, the client shared the following feedback:
“I wanted to let you know the audit went extremely well. The auditor was very positive about the system, particularly the BCP and BIA, and how easy they were to follow and understand even on first viewing. She was also very complimentary about the runbooks and how everything is contained on just a couple of concise pages that make it easy for someone to know exactly what is required.”
The auditor’s comments reinforce the value of the original design approach: plans that are proportionate to risk, easy to understand, and immediately usable, even by someone unfamiliar with the organisation.
Ongoing value
This case demonstrates how an initially compliance- and insurance-led objective can act as a catalyst for meaningful, long-term resilience. Through sustained investment in exercising, training and review, the organisation has moved well beyond its original goal, achieving strong audit outcomes, improved operational confidence and a mature, well-embedded business continuity capability.
It is particularly rewarding to see a long-standing client continue to realise value from their investment in resilience, with clear benefits for insurers, auditors and the business itself.