What is actually normal? – Normal” is the term used to describe what is usual or what corresponds to the expectation. Something is also called “normal” if it conforms to a norm. A norm is generally seen as something very rigid, but a crisis is anything but. Above all, it is dynamic, constantly evolving, and does not seem to be manageable with a rigid solution. So how can a norm be used in a crisis? And why should a functioning business continuity management (BCM) standard be used as a foundation?

A standard can help manage a crisis, especially if it is designed to be very flexible, like DIN EN ISO 22301. It provides a framework for building resilient structures that are necessary for crisis management. In addition, preparedness is also an essential contribution that DIN EN ISO 22301 provides for BCM, so that crises can even be prevented and risks reduced.
If one compares the use of standards for BCM with the construction of a house, it becomes clear that above all a foundation is necessary. This consists, for example, of existing financing, the provision of resources and a risk analysis to identify potential crises. DIN EN ISO 22301 provides a good foundation for BCM. It deals with the creation of a Business Continuity Management System (BCMS) consisting of the sections shown in the figure below.

Essential for a BCMS according to DIN EN ISO 22301 is therefore the creation of a policy as a basis for the orientation of the Business Continuity Management (BCM). Furthermore, a business impact analysis is carried out to identify risks and their effects. Emergency preparedness is used to reduce these risks and increase the resilience of the company in general. The emergency manual serves as the basis for managing crises and events and provides, for example, immediate measures that can be applied to as many different risks as possible. The BCMS can be certified through audits. Finally, an improvement of the system is to be carried out, which closes the cycle of the BCMS.

In addition to DIN EN ISO 22301, a whole family of standards is available for BCM. ISO/ TS 22317, for example, deals with the business impact analysis and ISO 22313 deals with the guideline (referred to as policy according to the new version of DIN EN ISO 22301 from 2019) as components of the BCMS. Through this family of standards, a wide variety of detailed standards are available, which build on each other and can be consulted for the creation of the BCM depending on the company. All these standards are based on experiences of experts and companies and can thus support the BCM despite the dynamics of a crisis.

The BCM certification mentioned above can be carried out with the help of ISO 22325. This contains a rating system for crisis and emergency management, which shows four levels, each of which reflects the quality of BCM. Certification in practice is not yet consistently practiced, especially in Europe, because the vulnerability of companies to various risks is lower than in countries where natural disasters are more likely to occur. In the latter countries, companies are therefore more frequently certified in the area of BCM. However, a trend towards increased certification can also be seen in Germany, which will presumably increase further as a result of the experience gained from the Corona pandemic (Covid-19). Particularly in the spring of 2020, there were frequent supply bottlenecks, which can cause not only financial damage, but also reputational damage in the comparison between companies, if one of the companies continues to receive and deliver goods, but another cannot due to the failure of suppliers.

As a tip for certification, it is helpful to know that in BCM it is not enough to just have a certificate as proof, but that the plans should also work in the event of a crisis. In preparation for certification, it is therefore also useful to exchange ideas with people who have an external view of the company and can thus identify weaknesses in BCM. In any case, it is advisable to think outside the box.

As a practical tip for the implementation of standards, it should be noted that standards offer a point of reference and are therefore a useful basis when creating a BCM. For more information on how to apply business impact analysis, see our blog. If you need help with the implementation of a Business Continuity Management System in your company, please do not hesitate to contact us!

 

An article written by Anna Müller, published on 13 August 2020
Translated by Charlotte Ley