+44 (0)20 7877 0060 contact@2-sec.com
Select Page

Business Continuity (ISO 22301)


How can you clearly understand and prioritise the threats to address in your business? Having a plan to deal with disruption such as a cyber-attack, means that your organisation will be able to respond effectively to the breach and resume normal operations within the optimal time whilst ensuring minimal disruption to your clients, employees, and partners.

With the current highly complex and rapidly changing environment, it is imperative for any business to have a business continuity plan in place to achieve cyber resilience strategies.

Being prepared is key to minimal disruption. All parties within your business and 3rd party suppliers must work together to contain the effects of the attack as well as begin implementing the recover steps identified and tested in your plan.

Implementing a Business Continuity plan

2|SEC Consulting provides a well-defined and tested business recovery process to ensure business continuity of essential services in the event of a breach or system failure.

The service will identify critical assets and functions, regularly test, report and recommend improvements for your plan. Our expert consultants will assess any existing current business continuity arrangements against the standard and provide you with a roadmap to achieve a business continuity plan. This involves:

  1. Pre-Assessment Consultation: This consists of an initial scope review and gap analysis. Once possible problem areas have been identified, we provide a detailed checklist of issues that must be addressed before the Application Assessment can take place.
  2. Post-Assessment Summary Report: This report provides an overview of your compliance status and any remediation needs.
  3. Remediation: We will work with you to fix areas of non-compliance and expedite the retesting process to ensure timely completion.

Should you wish to achieve compliance with the international standard, ISO 22301 (Business Continuity), the business will need to complete steps 5 and 6 as well:

  1. Certification: An auditor will visit your organisation to ensure that the documented processes are being followed and that the necessary changes have been made. Once they are satisfied, you will be awarded your certification.
  2. Annual Audit: You will need to pass an annual audit to ensure your organisation continues to benefit from the certification for the ISO 22301 business continuity framework.

What is ISO 22301?

ISO 22301 (fully known as ISO 22301:2012) is an international standard for Business Continuity. It helps organisations to understand and prioritise threats to their organisation. The standard specifies the steps a business needs to complete to reduce the threat of disruption, protect its assets if an incident occurs, and recover quickly from any security breaches. It includes disaster recovery and business continuity plans that focus on the recovery of specific operations, functions, sites, services, etc.

ISO 22301 involves a comprehensive analysis that is required to be regularly reviewed and updated by management. ISO 22301 emphasises the need for a well-defined incident response structure. This ensures that when incidents occur, responses are escalated in a timely manner and people are empowered to take the necessary effective actions. Awareness of a Business Continuity Management System (BCMS) will be organisation-wide and is firmly embedded in the company culture.


Business Benefits

Implementing this framework will help your business to:

  • Protect its assets, turnover, and profits;
  • Ensure continuity of business operations by helping maintain an organisation’s service levels to its customers;
  • Help the business define suitable timescales for resuming business activities;
  • Increase competitive advantage and enhance corporate reputation;
  • Meet legal and regulatory requirements.

Why 2|SEC Consulting?

  • We can assist with the full ISO 22301 BCMS implementation process, from project scoping and risk assessment right through to certification;
  • We deliver complete project support including implementing the recommended resolution;
  • We have vast experience working with cyber and information security industry standards;
  • We streamline the compliance approach by using state of the art tools and expert methodology to enable your business to achieve certification as quickly and as efficiently as possible, without compromising your programme;
  • We produce easy to understand reporting.

Is this the right framework for your business?

Speak to a consultant about protecting your assets, turnover and profits.

“The level of service received has been consistently high and we will continue to approach 2|SEC Consulting for future projects.  We have been happy working with them, being guided through the process from scope definition to execution and final reporting.  Due to the nature of the business, we’ve had to work to extremely tight deadlines and they have been able to accommodate us at short notice.”

Project Manager

Telecomms Company

Cyber & Information Security: Discover More

Here are some quick links to related services and articles that might be of interest