The continuidade de negócio é a capacidade de uma organização manter a sua atividade durante e após a ocorrência de um desastre, recuperando com o menor impacto e tempo de inatividade possível. Arrisco em dizer que isto será um objetivo de todas as organizações, porém nem sempre é fácil que estas possam despender tempo e recursos para planear a continuidade, definindo cenários hipotéticos de desastre e métodos alternativos que, se tudo correr bem, podem nunca vir a ser usados. Contudo, os últimos dois anos têm-nos mostrado a todos que acontecimentos com baixa probabilidade não significam baixo risco e que todas as organizações precisam estar preparadas para situações inesperadas. Têm sido tempos de reflexão e mudança que levam as organizações a estarem mais conscientes da necessidade de analisarem e implementarem estratégias de continuidade.

ISO 22301 supports organizations in the design of this continuity, indicating the way to the creation of a system that will work this theme in the organization over time. The first step we take with our clients is to define which activities are critical for the business and which resources are needed for these activities to be carried out, through a Business Impact Analysis (BIA – Business Impact Analysis). In parallel, we carry out a Continuity Risk Assessment (Continuity Risk Assessment) to the internal and external context of the organization to identify the risks to which the organization is exposed, be they natural disasters, cyber attacks, technology failures, shortage of human resources, interruptions in the supply of critical products or services, among others, varying from reality to reality. All this helps us to define with the client which disaster scenarios are possible for the organization and which procedures, plans and redundancies have to be implemented to respond to these scenarios. In addition to the defined strategies, tools and processes are chosen that will allow the detection of warning signs of a potentially disruptive event, helping organizations to activate their procedures and plans as quickly as possible. These plans and procedures will not only be used in times of crisis, but disseminated, known and tested to ensure that they are adequate and, above all, that they are feasible.

When we help our clients in the implementation of this standard, we are helping them not only to define the appropriate strategy for that moment of the organization, but to develop mechanisms to look at business continuity as something in constant change, this because the strategies created today may not be the most appropriate tomorrow, given that new risks and needs are constantly emerging. Climate change, the search for sustainability, changes in behavior and ways of working are examples of this. Using this last example, organizations in which teleworking is a reality will have to consider in their continuity strategy resources and risks that they would not previously include (ex: internet connectivity of employees in telework, greater number of threats in terms of security and availability of information, communication tools, among others).

In short, with a strong continuity strategy, organizations will be transforming the unexpected into something expected, concrete and planned, which will allow them to save money, time and avoid losses, fines or breakages of reputation, as well as having mechanisms to adapt to the constant changes that arise.