Implementing ISO 22301: The Business Continuity Management System Standard
ISO 22330: Adding People Management to Your Business Continuity Planning
This is part 2 of a 2-part series about the impact of disruptions on employees and how you can use business continuity planning to support them. If you haven’t already, check out part 1 here.
In part 1 of this series, I shared some thoughts about how employee health and well-being are often overlooked when we face organizational disruptions, including a few tips about how we can readjust focus to include employees in our business continuity plans.
Now, I’d like to take a closer look at some of those ideas, focusing on how we can use the ISO 22330 framework to manage the people components of business continuity planning.
In our 2019 Business Continuity Benchmark Study, 80% of respondents said that ensuring employee safety during a crisis is a priority business continuity objective for their organization.
First, what’s ISO 22330?
The International Organization for Standardization (ISO) released ISO 22330 in 2018. It was created to help organizations plan for and develop procedures, policies, and strategies to better manage people-related issues associated with disruptions or disasters.
ISO 22330 expands on already established people management guidelines created by ISO 22301 and ISO 22313.
The goal here is to create a uniform approach to address people-related issues as part of our business continuity management programs. And it’s not just for our employees, but others who may also be directly impacted by a disruption like customers.
ISO 22330 focuses on:
- Prepare: Awareness, needs, learning, and development
- Respond: How to deal with the immediate effects of an event
- Recover: How to manage people during the disruption
- Restore: Supporting employees after a return to business as usual
It’s important to point out that during the first stage, prepare, we don’t have to re-invent the wheel. Many of the disruption-related employee issues uncovered in business continuity plans are already part of organizational policies and procedures, like human resources protocols. You can draw on those and include them in your business continuity and disaster recovery processes.
Before getting started, take a look at your policies and think about:
- What are we doing well?
- Do we have gaps or blind spots?
- Would these policies work/be applicable during a disruptive event?
- How can we adapt these policies to fit a variety of disruption types?
- Are there other changes we should make within our organization to better support employees during non-crisis events, too?
From there, you can use ISO 22330 guidelines to include more effective employee support into business continuity planning.
Disruptions and Mental Well-Being
Whether working-from-home, limiting social interactions, crisis fatigue, or sudden and unexpected job losses, this pandemic’s societal and professional changes have negative impacts on significant portions of our workforce.
And that’s difficult because not only do we care about our people, but our employees (and our key stakeholders, clients, and suppliers) are critical to our overall organizational success.
It’s not just about the pandemic, either. Our employees can be negatively impacted by a variety of disruptions such as:
- Natural disasters
- Workplace violence
- Cyber attacks
- Co-worker-related death or injuries
- Other issues in employees’ personal lives
A report from the Kaiser Family Foundation during the early weeks of the pandemic said that almost half of respondents felt the pandemic and related adjustments have negatively affected their mental health.
Other reports say the psychological impact could last months or even years after the pandemic is over, fueled in part by economic issues and an uptick in substance abuse during the outbreak.
The reality is, we’re all facing unique and challenging times. So how can we work together to support employees, while we make difficult and challenging decisions to ensure organizational—and people—success and well-being?
ISO 22330 and Business Continuity
First, we must remember that we can’t exclude the people components of business from our planning.
As part of our business continuity strategies, we should include all the resources needed to successfully respond to and recover from a disruptive event.
While employee safety often is top of mind, often we focus too closely on the technical components of doing business—assets, systems, applications, and processes—and less on the potential psychological impacts of disruptions on employee well-being, productivity, and morale.
Individual impacts can range from a variety of psychological or physical issues for individuals. As a result, failing to plan for people-related issues can negatively affect your business including:
- Retention of employees
- The ability to hire and recruit new employees
Duty of Care and Employee Support
So how can we help from a business perspective? ISO sets the stage for people-planning by establishing precursors to guide our approach. These precursors include:
- Assessing responsibilities related to duty of care
- Defining attributes that are important to your organization
- Identifying team and individual competencies, including technical and non-technical behaviors
Here are a few examples of what duty of care might look like for your organization, including situational examples and ways you can respond:
- Your people are directly impacted by a physical threat.
Move them to a safe and secure location away from the threat.
- Your people experience physical harm.
Provide medical care immediately and then ensure safe movement to appropriate medical facilities as needed.
- Your people must be evacuated or need to shelter in place.
Ensure they have basic support such as appropriate shelter, food, and water.
- Your people witness an injury, threat of violence, or death.
Provide appropriate resources and support.
Adopting the ISO 22330 Framework
ISO 22330 goes much deeper than the duty of care highlights I’ve shared here. It’s a great reference point to help you evaluate what you’re already doing well within your organization and where you can make improvements to better support your employees during disruptions.
If you’d like to know more about how you can use ISO 22330 to enhance the people management components of your existing business continuity strategies, connect with a Castellan advisor or join us for our webinar: “Community Communication During Crisis Management,” to explore how effective communications strategies can help ensure organizational success when dealing with some of the people components of crisis management.
Get resilience insights delivered to your inbox.