“Are we doing everything we should be doing to build organizational resilience?” Perhaps you’ve wondered about this. Plans, projects and technologies may occupy most of your time, but it’s worth taking a step back to reflect on how your resilience-focused activities may be aligned…or misaligned. Building organizational resilience requires having optimal plans, strategies, tools, and processes. The newly released standard to help organizations build resilience–ISO 22336–is the first international standard that provides comprehensive guidelines for designing, implementing and improving resilience policies and strategies within organizations. This standard offers a blueprint to enhance resilience, optimize risk management, and refine strategic planning. It also complements and works in tandem with other standards that focus on risk management, business continuity management, and crisis management, like ISO 31000, ISO 22301, and ISO 22361.
“Most organizations are doing things to become more resilient, but programs and initiatives are often segmented. With ISO 22336, executives and managers now have clear guidance on how to drive their organization to become more resilient. Perhaps the most helpful thing about this standard is that it helps organizations identify what they aren’t doing, but should be,” says Thomsas Crane, resilience consulting director at Everbridge.
What is ISO 22336:2024?
ISO 22336 is specifically for organizations seeking to improve their resilience capabilities. It focuses on formulating policy, designing strategy, and determining priorities to implement an organization’s resilience strategy effectively.
Key points include:
- Designing and formulating a resilience policy.
- Creating strategies to achieve resilience objectives.
- Determining priorities for implementing resilience initiatives.
- Establishing cooperative and coordinated capabilities to enhance resilience.
This standard is applicable to any organization, regardless of industry or sector, and aims to enhance its resilience throughout its lifecycle.
What are the benefits of implementing the new ISO?
- Enhanced resilience: ISO 22336:2024 equips organizations with the framework and tools to build robust resilience processes. This ensures that businesses can withstand and recover from disruptions, maintaining operational continuity and safeguarding stakeholder interests.
- Improved risk management: The standard emphasizes a proactive approach to risk management. By understanding and anticipating potential threats, organizations can implement measures to mitigate risks before they escalate into crises.
- Strategic planning: ISO 22336:2024 encourages integrating resilience into strategic planning. This alignment ensures that resilience is not an afterthought but a core component of organizational strategy, enabling businesses to adapt to changing environments effectively. It enables improved oversight on establishing KPIs and objectives that can be evaluated to understand the benefit of resilience and the investment towards organizational resilience. It can also provide a comprehensive framework for resilience ensuring all avenues of resilience (e.g. risk, continuity, disaster recovery, third-party risk management) are all working collaboratively and are minimizing gaps.
Real-world applications: bridging theory and practice
For organizations that apply the ISO 22336:2024 standard, the benefits can lead to tangible improvements in resilience and organizational performance. Consider the following examples:
Example 1: Integrated
Sections 6.4.4 and 7.4 of the standard state that organizations should eliminate silos and be integrated, which includes integrating systems, teams, and budgets. One example is having a critical event management (CEM) platform that is used across several teams, and integrated with other systems and sources, like risk intelligence feeds, Human Resource Information Systems, badging systems, and travel management systems. These integrations allow organizations to detect risks to employees and operations, and quickly respond to critical events.
Example 2: Prepared
Section 7.6 of the standard states that organizations should demonstrate preparedness by investing in capabilities to anticipate and respond to changing circumstances, and demonstrate resourcefulness by anticipating future conditions, and mobilizing and coordinating wider human, financial, and physical resources. An example of this is the Business Continuity in the Cloud (BCIC) platform, which is used by several Fortune 10 companies. It helps organizations assess potential business impacts, identify interdependencies, and develop plans to prepare for all types of threats and hazards. By combining the Everbridge CEM platform (Everbridge 360) with the BCIC platform, organizations are able to access an end-to-end solution that allows them to plan, anticipate, mitigate, respond to, and recover from critical events.
Example 3: Continual improvement and evaluation
Section 8.6 of the standard states that organizations should evaluate performance against its purpose, plans and indicators, and expected behaviors. The BCIC platform facilitates this by enabling organizations to store, manage and update plans, as well as identify progress and performance against the plans.
Conclusion: a strategic imperative for resilience
Although complying with ISO 22336:2024 isn’t a legal requirement, doing so can help organizations gain a competitive edge in today’s complex business landscape. By embedding resilience into every facet of their operations, organizations can transform challenges into opportunities, ensuring stability and continuity no matter what the future holds. As the landscape of risk evolves, so must our strategies—ISO 22336:2024 is the key to unlocking a resilient future.
How resilient is your organization? Complete the Best in Resilience Maturity Self-Assessment to see how you measure up against over 800 global organizations.
We’re here to help. Contact us today to discover how we can help to enhance your organizational resilience.