How can ISOs make your business disaster-proof?


A crisis is always unexpected, but that doesn’t mean your response to it needs to be equally surprising. By regularly assessing hazards and risks to your business, its products and services, you can form watertight plans for what to do if the worst should happen.

ISOs are, by their nature, process and procedure focused. This means that they encourage you to look for risks, evaluate them and write up concise plans to mitigate or eliminate them. They also encourage the training and empowerment of staff so that they are confident in their roles and responsibilities in a crisis. They highlight the importance of testing the plans you have drawn up too.

In an emergency, ISO 9001, ISO 22301, ISO 27001 and ISO 45001 are particularly good allies to have in your corner – here’s why.

How ISO 9001 can help in a crisis

A ISO 9001 Quality Management system encourages organisation and the creation of an ordered structure. To achieve this ISO, you need to be aware of all the processes your business has to maintain in order to produce products and services of unvarying quality. This also means that you get an understanding of what could impact your ability to deliver them.

This could include risks to supply, the gathering of raw materials and resources, logistical issues or even legislation.

Once you’re aware of the risks, you can work towards minimising them or removing them altogether. For instance, you could have a list of alternative approved suppliers, IT equipment that allows staff to work from home in the event of unexpected office closure, alternative premises or back-up power sources.

This ISO also highlights the importance of leadership. It encourages businesses to clearly define roles and responsibilities so that leaders within the business can act confidently in the continued delivery of products or services.

Maintaining business in an emergency with ISO 22301

ISO 22301 – Business Continuity Management is perhaps the biggest hitter in the business protection area. Its whole reason for existing is to enable organisations to put in place procedures that allow the safe and smooth continuance of usual business activity.

As well as helping you identify threats, this ISO also encourages you to be proactive in your actions and plan what to do in order to maintain critical business practices. By creating detailed plans, and testing them in various scenarios, you can help to minimise downtime and improve your business’ recovery time.

For instance, in case of widespread illness in the workplace, effective planning would include staff training in hygiene as well as cross-training so that the jobs of ill workers can be easily covered by others. It could also include having the right equipment to enable staff to work from home while still being able to access vital servers and keeping work telephone lines open.

Crisis management for data with ISO 27001

Data security can also be threatened by environmental and external factors. Flooding could damage your technology, or perhaps you could be unable to reach equipment in order to back it up safely. And if staff are forced to work remotely, they may suddenly need to access more sensitive information outside of the office, which could put it at risk. There are also risks such as vandalism, theft or even events such as civil unrest.

In order to protect your data, ISO 27001 encourages you to secure your site and take risks such as fire, flooding and theft into consideration. Perhaps you need to move your servers to a floor that won’t be affected by flooding? Or do you need to increase security on site so that only authorised persons can gain access? This ISO can highlight what needs to be done.

Protecting your staff with ISO 45001

If crisis strikes, having the right occupational health and safety policies and procedures in place will help to keep your staff healthy and safe.

To achieve ISO 45001, you must identify hazards and risks to your staff during work. This can be very broad depending on your business and can include contact with biological elements such as allergens, bacteria or viruses.

By identifying potential threats, you can then assess them, which will help to inform your plans in how to prepare and deal with them.

This ISO also demands emergency preparation plans. This is key as emergencies need an immediate and effective response in order to minimise their effects on your business. In addition to creating plans, this ISO also emphasises the importance of testing them, which could be crucial if disaster actually strikes. This will also be reassuring to you as you will then know that your emergency procedures will be fit for purpose if disaster strikes.

Want to disaster-proof your company?

If you want to make your business more resilient, proactive and responsive to potential risks and emergencies, an ISO may give you the framework and preparation to cope.

If you’d like to discuss your business’ needs and find out more about ISOs, please get in touch with us at 0333 344 3646.

You can also get a quote for your desired ISO using our handy free calculator.

Sign up to get the latest in your inbox

    • Email address

About the author

  • Name:

    Claire Price

  • Company:

    Content Marketing Executive

  • Bio:

    Claire worked for Citation ISO Certification between 2020 and 2022 writing creative and informative content on ISO certification and consultation to help businesses reach their potential.


QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.

By continuing, you consent to the use of cookies in accordance with our Cookie Policy

Allow All Cookies

Allow Strictly Necessary Cookies Only