BIA
Impact analysis: critical processes, MTPD.
Documentation of critical processes, maximum tolerable periods of disruption (MTPD) and business continuity and recovery plans. Complements ISO 27001.
ISO 22301 requires businesses to document their critical processes, maximum tolerable periods of disruption (MTPD) and continuity and recovery plans. Every organisation that has experienced a serious incident learns this lesson: fire, cyberattack, key-person absence, supplier failure.
The core of the work is the business impact analysis (BIA): which processes cannot stop, for how long, and with what minimum resources they could operate in degraded mode. On this basis, the continuity strategy is built — replication, redundancy, supplier contracts, response team — together with the recovery plan.
It complements ISO 27001 naturally when the main risk is cyber-related. And with ENS when the client is a public-sector entity or sells to the public sector.
Impact analysis: critical processes, MTPD.
Replication, redundancy, contracts.
Continuity and recovery.
Annual as a minimum.
The operational detail: what we deliver as part of the engagement and what we keep active afterwards.
BIA · business impact analysis
Critical processes, MTPD, degraded-mode resources.
Continuity strategy
Decisions on redundancy and replication.
Operational continuity plan
What to do during the incident.
Operational recovery plan
How to return to normal operations.
Testing and exercises
Annual as a minimum. Tabletop, functional, full-scale.
Post-incident review
Formalised lessons learned.
ISO 22301 with ISO 27001 when the risk is cyber-related, with ENS when the client is public-sector.
After an incident, under regulatory pressure, or when a client requires it.
We build on it. ISO 22301 structures and tests it.
Full annual exercise. Quarterly tabletop sessions.