Staying ahead entails understanding the key differences between organizational resilience and business continuity
Firms today are struggling to find their bearings after years of uninterrupted crises. As companies get pushed to the brink, their senior leaders must ask, what will it take to stay ahead? Organizational resilience and business continuity come to mind. But they aren’t the same practices.
For starters, organizational resilience is the ability of an organization to absorb change and adapt, to deliver on objectives, survive, and prosper. Business continuity, on the other hand, is the capability of an organization to continue the delivery of products and services within acceptable time frames at a predefined capacity during a disruption.
Core principles of organizational resilience and business continuity
The more substantive differences go on from there. Indeed, the primary differences between organizational resilience and business continuity are sketched out in international standards ISO 22316:2017 and ISO 22301:2019.
Providing best-practice guidance for organizational resilience and business continuity management systems (BCMS) respectively, the standards offer practical advice for firms of any size and in any industry seeking to develop plans and recovery strategies to address risk.
What do the standards say?
Organizational resilience, as argued in ISO 22316, results from the interaction of attributes, activities, and contributions made from other technical and scientific areas of expertise – all of which are influenced by the way in which uncertainty is addressed, decisions are made and enacted, and how people work together.
To this end, the purpose of ISO 22316 is to establish the core principles for organizational resilience. The standard identifies the attributes and activities that support an organization in enhancing its resilience.
Meanwhile, ISO 22301 – the sole, high-level, international BCM standard – specifies requirements to plan, establish, implement, operate, monitor, review, maintain, and continually improve a documented management system.
The standard specifies the structure and requirements for implementing and maintaining such a BCMS – one that will develop business continuity appropriate to the amount and type of impact that the organization may or may not accept following a disruption.
And just like an organization’s resilience will be influenced by a combination of strategic and operational factors, the outcomes of its BCMS will also be shaped by legal, regulatory, organizational, and industry requirements, products and services provided, processes employed, size and structure, and the requirements of its interested parties.
The importance of sharing information and knowledge in organizational resilience and business continuity
Of course, that only scratches the surface of the differences between organizational resilience and business continuity. But there’s an important commonality well worth knowing.
ISO 22301 and ISO 22316 both encourage sharing information and knowledge. ISO 22316, for its part, advocates sharing important experiences. It also recommends valuing information, knowledge, and learning – with learnings extracted from all available sources.
Implementation of ISO 22301, too, depends on a thorough understanding of an organization’s internal and external needs, which comes from sharing information and knowledge.
As a result, both standards advocate for the use of on-going monitoring reports to track trends in data.
How does that work? Well, organizations will have to confirm whether their current critical event management platforms and business continuity software solutions provide the requisite capability.
Unsure whether they do? That’s not uncommon. For a checklist of the capabilities that matter, download our guide, Business Continuity versus Organizational Resilience: The differences between ISO 22301 and ISO 22316.