At any moment, a host of causes could disrupt your operations and have you scrambling to get back to normal. Natural disasters, climate changes, global conflicts, pandemics, epidemics – any could bring your organization’s activities to a halt.

Those specific elements, in fact, were cited by the International Organization for Standardization (ISO) in developing detailed guidelines for implementing an organizational resilience program. Recently released, ISO 22336 lays out in 20 pages what it takes to move from conception to implementation, no matter the industry.

Unlike the related ISO 22301 standard for business continuity, ISO 22336 does not have a certification process. But combining the two can give your organization operational, strategic, and marketing advantages worth pursuing.

What Exactly Does ISO 22336 Provide?

ISO 22336 Provide
The standards organization has weighed in on resilience before, releasing ISO 22316 in 2017. That document provided a largely theoretical discussion of resilience, while the new guidelines are more concrete. They map out a process, a group of attitudinal attributes, and a set of objectives to enhance your resilience, making it a key component of your overall organizational strategy.

There are three phases of the ISO 22336 process. Paraphrasing and condensing, they are:

  1. Formulate a policy. Establish the continuity and resilience policy parameters you want to be part of your organization’s strategies.
  2. Design a strategy. Create a plan for bringing that policy to fruition, considering elements such as governance, leadership, knowledge, skills, and experience.
  3. Implement the strategy. Set the plan in motion by providing sufficient resources to support it but also keeping an eye toward organizational buy-in, anticipating issues, coordinating systems, and learning as you go.

What Elements Are Essential to Implementing ISO 22336?

Elements Are Essential
The goal of an effective resilience program is to help organizations anticipate and respond to change so they can stay in business and meet their short- and long-term objectives. But organizations differ not only between industries, but within the same sector. An effective resilience program therefore has to be aligned to your specific organization’s values, vision, and purpose.

The ISO 22336 guidelines strongly emphasize this point. To do so, each phase of the strategy should be imbued with what the standards organization calls “enabling behaviors.” These affect how your organization creates and executes the policies and strategies of resilience.

To again paraphrase and condense the ISO guidelines, these behaviors include demonstrating:

  • A readiness to adapt to change
  • Inclusiveness of all interested parties
  • Integration of people and systems to work together effectively
  • Reflection on the program’s processes and outcomes, then making future decisions based on those insights
  • Preparation for changing circumstances with established priorities and processes
  • Incorporating robustness in preparation for disruptions
  • Innovation in developing and adjusting the resilience program

The Benefits of Combining ISO 22336 with ISO 22301

The Benefits of Combining
Your organization stands to gain advantages – both internally and externally – by combining ISO 22336 with ISO 22301. While the former provides guidelines for embedding resilience policies and strategies within an organization, the latter focuses on maintaining operations during disruptions. This combination ensures that resilience is not just about recovery but also anticipating and adapting to changes and challenges.

Working in tandem, the ISO standards provide these benefits:

  • Demonstrated leadership and commitment. Both standards emphasize the importance of top management’s role in supporting and promoting resilience and continuity.
  • Complementary policy formulation. ISO 22336 helps create a high-level resilience policy that aligns with the business continuity plans outlined in ISO 22301.
  • Holistic strategy design and implementation. ISO 22336 provides a roadmap for integrating resilience into the strategic fabric of the organization, augmenting the continuity strategies of ISO 22301.
  • Effective performance evaluation. Regular audits and reviews from ISO 22301 can be expanded to include resilience metrics from ISO 22336 for a comprehensive approach to organizational health.

How to Boost Your Resilience with ISO Standards

Consider getting certified in ISO 22301 if you’re not already. This guide can further explain the benefits and assist you in that process. The ISO 22336 guidelines are highly detailed, but worth working through to strengthen your organization’s resilience.

By combining ISO 22301 and ISO 22336, you not only better set up your organization to cope in the face of disruptions but demonstrate your reliability to partners, investors, and customers. You can’t predict when the next disruptive event may occur, but you can take steps now to be ready for it.

For assistance with setting up a resilience program using ISO guidelines, connect with a Riskonnect consultant. Also consider Riskonnect’s software options available to help you manage your business continuity and resilience efforts.