Navigation on Security Ligue

Content navigation

New standard for the organization of resilience: ISO 22316

Jul 26, 2017 11:09 AM

by German Business Protection

The economic crisis in 2009 and the subsequent finacial crisis in many parts of Europe in 2011 have shown that the resilience of a company against crises must be viewed as a fundamental element in the survivability of organizations. Several companies have fallen victim to the difficult economic conditions due to the lack of resilience.

New developments such as the advancing digitization (keywords Industrie 4.0 as well as IoT) or the increasing globalization are also major challenges for companies. Many of the resulting dangers and risks can not be foreseen at present. It follows that a company can not prepare itself for all changes and risks. An adaptable and resilient company has the great advantage in such situations that it can respond flexibly, quickly and agile to changes and crises, regardless of their trigger. Such companies focus not only on structures and processes, but also on the ability of employees to deal with burdens and unexpected events.

In order to strengthen the organizational resilience of companies, in particular against external factors which can not be influenced, and thus to improve the resilience and survival of a company as a whole in changing market conditions, the International Organization for Standardization (ISO) published a new norm with the topic organizational resilience in march 2017. This new standard gives companies of all industries guidelines for developing a resilient organization. In detail, the new standard shows which principles a robust management should be based on, which elements a consistent and resistant organization must have and gives hints for the development of these attributes.

The new standard represents a useful addition to the ISO standard 27001 (Information security) as well as the ISO standard 22301 (Business Continuity Management). The ISO standard 22316 is based on the two standards mentioned, but does not replace them. Rather, an implementation of the new ISO 22316 only makes sense for a company if the company has already fully implemented the other two ISO standards. Many of the recommendations for action therefore refer directly to the standards 27001 and 22301 to be implemented in companies in advance. Based on the new standard, companies can then carry out a very focused review of the current situation of entrepreneurial resilience and, if necessary, carry out the required steps to implement the new standard in order to further improve the resiliance in a company. In addition to the key aspects of information security and business continuity management, ISO 22316 also covers areas such as financial control, strategic planning and HR management in companies.

A resilient company is created by a bundle of measures implemented by all parts of the company. Such a process is not limited in time, but rather a continuous process that is constantly refined by experience. The new ISO 22316 standard is designed to raise awareness of resilience, assist a company in the implementation of important processes towards a more resilient company, and better manage emerging risks.

Assessments of security situations are based on the information available at the time specified and assessed as trustworthy by German Business Protection (GBP). Although the compilation of the information was handled with extreme care, GBP cannot be made responsible for the timeliness, accuracy or completeness of the article. In no event GBP can be held responsible for any damage of any kind arising from the use of the information provided here, whether direct or indirect or consequential damages, including lost profits. Hazardous situations are often confusing and can change rapidly.

Further informations