At any moment, a host of causes could disrupt your operations and have you scrambling to get back to normal. Natural disasters, climate changes, global conflicts, pandemics, epidemics – any could bring your organisation’s activities to a halt.

Those specific elements, in fact, were cited by the International Organisation for Standardisation (ISO) in developing detailed guidelines for implementing an organisational resilience program. Recently released, ISO 22336 lays out in 20 pages what it takes to move from conception to implementation, no matter the industry.

Unlike the related ISO 22301 standard for business continuity, ISO 22336 does not have a certification process. But combining the two can give your organisation operational, strategic, and marketing advantages worth pursuing.

What Exactly Does ISO 22336 Provide?

ISO 22336 Provide
The standards organisation has weighed in on resilience before, releasing ISO 22316 in 2017. That document provided a largely theoretical discussion of resilience, while the new guidelines are more concrete. They map out a process, a group of attitudinal attributes, and a set of objectives to enhance your resilience, making it a key component of your overall organisational strategy.

There are three phases of the ISO 22336 process. Paraphrasing and condensing, they are:

  1. Formulate a policy. Establish the continuity and resilience policy parameters you want to be part of your organisation’s strategies.
  2. Design a strategy. Create a plan for bringing that policy to fruition, considering elements such as governance, leadership, knowledge, skills, and experience.
  3. Implement the strategy. Set the plan in motion by providing sufficient resources to support it but also keeping an eye toward organisational buy-in, anticipating issues, coordinating systems, and learning as you go.

What Elements Are Essential to Implementing ISO 22336?

Elements Are Essential
The goal of an effective resilience program is to help organisations anticipate and respond to change so they can stay in business and meet their short- and long-term objectives. But organisations differ not only between industries, but within the same sector. An effective resilience program therefore has to be aligned to your specific organisation’s values, vision, and purpose.

The ISO 22336 guidelines strongly emphasise this point. To do so, each phase of the strategy should be imbued with what the standards organisation calls “enabling behaviours.” These affect how your organisation creates and executes the policies and strategies of resilience.

To again paraphrase and condense the ISO guidelines, these behaviours include demonstrating:

  • A readiness to adapt to change
  • Inclusiveness of all interested parties
  • Integration of people and systems to work together effectively
  • Reflection on the program’s processes and outcomes, then making future decisions based on those insights
  • Preparation for changing circumstances with established priorities and processes
  • Incorporating robustness in preparation for disruptions
  • Innovation in developing and adjusting the resilience program

The Benefits of Combining ISO 22336 with ISO 22301

The Benefits of Combining
Your organisation stands to gain advantages – both internally and externally – by combining ISO 22336 with ISO 22301. While the former provides guidelines for embedding resilience policies and strategies within an organisation, the latter focuses on maintaining operations during disruptions. This combination ensures that resilience is not just about recovery but also anticipating and adapting to changes and challenges.

Working in tandem, the ISO standards provide these benefits:

  • Demonstrated leadership and commitment. Both standards emphasise the importance of top management’s role in supporting and promoting resilience and continuity.
  • Complementary policy formulation. ISO 22336 helps create a high-level resilience policy that aligns with the business continuity plans outlined in ISO 22301.
  • Holistic strategy design and implementation. ISO 22336 provides a roadmap for integrating resilience into the strategic fabric of the organisation, augmenting the continuity strategies of ISO 22301.
  • Effective performance evaluation. Regular audits and reviews from ISO 22301 can be expanded to include resilience metrics from ISO 22336 for a comprehensive approach to organisational health.

How to Boost Your Resilience with ISO Standards

Consider getting certified in ISO 22301 if you’re not already. This guide can further explain the benefits and assist you in that process. The ISO 22336 guidelines are highly detailed, but worth working through to strengthen your organisation’s resilience.

By combining ISO 22301 and ISO 22336, you not only better set up your organisation to cope in the face of disruptions but demonstrate your reliability to partners, investors, and customers. You can’t predict when the next disruptive event may occur, but you can take steps now to be ready for it.

For assistance with setting up a resilience program using ISO guidelines, connect with a Riskonnect consultant. Also consider Riskonnect’s software options available to help you manage your business continuity and resilience efforts.