ISO
3 Reasons to Implement and Pursue ISO 22301:2019 Certification
What would you do if your website, service, or products went offline, resulting in a denial of service? How would you continue operations if your Domain Name System (DNS) provider suddenly stopped working? Likewise, what if all of your systems and data were locked, demanding a ransom for access? Do you feel prepared to handle these scenarios? Are you implementing comprehensive and orchestrated business continuity processes that will ensure timely recovery of your mission-critical business processes?
Common scenarios like these illuminate the importance of a robust Business Continuity Management System (BCMS). The last thing you would want in these scenarios is to let panic cloud your judgement and lack clear strategy to sustain operational resilience in the face of a disruption. Fortunately, ISO 22301:2019 is a holistic framework that can benefit any organization of any size or complexity to help you effectively manage and reduce the impact of any disruptions to your organization. Moreover, the instances below emphasize why pursuing ISO 22301:2019 certification will amplify your organization’s ability to respond to business disruptions.
Facebook’s Outage in October 2021
A few years ago, Facebook had an almost six-hour long outage that impacted Facebook, WhatsApp, Instagram, and Messenger. The root cause? “A command [that] was issued with the intention to assess the availability of [their] global backbone capacity”. Although the change was supposed to be part of usual maintenance, it unintentionally resulted in terminating communications for all of the Facebook computing facilities across their backbone network that serves all Facebook data centers. The audit tool in use to prevent issues with these commands had a bug at the time and was unable to prevent the command from being executed. This first issue then cascaded into another issue with their DNS servers that made Facebook’s data centers appear like there was an unhealthy network status for all of them. Ironically, all systems in Facebook’s data centers were fully functioning when this instance took place.
Despite these challenges, Facebook handled the situation proactively. Fortunately, they frequently carried out “storm” drills where they replicated critical system failures to ensure they could return to operations in a timely and organized manner. Overall, the actions that Facebook took during this situation demonstrated how resilient their team and systems can be in the event of a disruption. Overall, every organization needs to have business continuity and disaster recovery plans in place for sustaining business operations.
Dyn DDoS Attack in October 2016
Another notable incident to learn from is the Dyn Distributed-Denial-of-Service (DDoS) attack. Ultimately, this incident impacted a plethora of companies. The Mirai botnet commandeered a myriad of Internet of Things (IoT) devices that end users had overlooked best security practices for because many of these IoT devices still had default factory settings! To clarify, a botnet is when multiple devices or bots are compromised by a malicious actor and the devices are flooded with traffic causing a denial-of-service for the devices involved within this attack.
“Dyn estimated that the attack had involved ‘100,000 malicious endpoints’,” just to put it into perspective the damage caused by this attack. Therefore, this attack reminds us to be vigilant in mitigating potential disruptions, especially when your business operations might rely on third-party dependencies for a DNS provider.
WannaCry Ransomware Attack in May 2017
Looking back at the impact of the WannaCry ransomware attack that disrupted service for multiple organizations, we can learn from this experience around the criticality of a resilient BCMS. WannaCry was a worm, malware that copies itself and disseminates without the help of a user, that took advantage of a “Microsoft Windows Server Message Block (SMB)” vulnerability that replicated itself over numerous network-connected devices.
70,000 of Britain’s National Health Service (NHS) devices were infected, resulting in a disruption for operations for countless hospitals and their systems for hours. Furthermore, a BCMS is essential for understanding and knowing your recovery priorities and strategies in an attack like this one, so you can immediately know what critical resources to recover first and to return swiftly back to your vital business processes and operations.
Why Your Business Needs to Pursue ISO 22301 Certification
Therefore, these past incidents reinforce the gravity of business continuity and disaster recovery planning and how a strong foundation for business continuity recovery processes will endure potential disruptions. Implementing a BCMS based on ISO 22301:2019 provides the governance and structure needed to quickly respond to any disruption.
By achieving ISO 22301:2019 certification, organizations can:
✔Enhance resilience against disruptions
✔Ensure regulatory compliance and minimize legal and financial impacts
✔Strengthen competitive advantage by demonstrating high availability and reliability
Predominantly, ISO 22301:2019 certification is not just about compliance—it’s about ensuring your business processes remain operational, resilient, and trusted by stakeholders even against any unforeseen disruptions.
About Coalfire Certification
Coalfire Certification, the certification arm of Coalfire, is a registered certification body (CB) with the ANSI National Accreditation Board (ANAB). Coalfire Certification is accredited to issue management system certifications against ISO/IEC 27001:2022, ISO/IEC 42001:2023, ISO 9001:2015, ISO/IEC 27701:2019, ISO 22301:2019, and ISO/IEC 20000-1:2018 standards.