Cookie consent(s)
We use cookies to personalize content and ads, provide social media features, and analyze traffic. This is done only with your explicit consent. By clicking "ACCEPT ALL," you agree to the processing and sharing of your data with our partners for social media, advertising, and analytics, including in third countries in accordance with Art. 49(1)(a) GDPR and Art. 17(1)(a) FADP (Switzerland). There is a risk that your data may be monitored by authorities without legal recourse. You can change or revoke your consents at any time in the data privacy settings.
Data protection declaration | Legal notices
Settings
Jubilee Signet

Business continuity management according to ISO 22301

Apr 02, 2024 Audit

Strengthening resilience in companies with ISO 22301

In the light of complex environmental, social and economic risk situations as well as fragile infrastructure, business continuity can no longer be taken for granted. To ensure they remain capable of adapting and responding to critical events, companies are developing strategies based on the internationally recognized ISO 22301 standard.

Blackout at the Tesla gigafactory: a case for business continuity management
On the night of March 26th to 27th, 2024, there was a power failure at the Tesla gigafactory in GrĂĽnheide near Berlin which brought production to a grinding halt for several days. The blackout led to a seven-day interruption and evacuation of the plant, with the damage amounting to several hundred million euros. The cause was an alleged arson attack on an electricity mast near the plant.
The incident highlights the importance of business continuity management (BCM) at a time of change. Companies of all sizes and industries are exposed to potential threats that can lead to disruptions to their business operations. These include natural disasters, cyber attacks, technical failure and even arson.

Tesla: effects of the blackout and possible BCM measures

The blackout at the Tesla gigafactory highlights the huge impact, such as loss of reputation and financial losses, that a disruption of business operations can have. A blackout can also lead to supply bottlenecks, damage to the company’s image and a loss of customer confidence. It is therefore important for companies to have BCM measures in place so that they can return to normal operations as quickly as possible in the case of interruptions. Possible measures that could be taken in such a case include:
  • Emergency power supply: ensuring that critical systems and processes can continue to operate in the event of a power failure.
  • Redundant systems: building redundant systems to compensate for the failure of individual components.
  • Outsourcing: moving production to another site if the original site is no longer operational.
  • Communication: notifying employees, customers and suppliers of the situation and the measures taken.
The management system
Business continuity management encompasses all of the measures that a company takes to maintain its business processes in the case of unforeseen events. It includes the creation of a business continuity plan (BCP), which defines the most important processes, resources and responsibilities in the event of an incident.
The tried and tested 22301 standard, like the entire ISO family, is based on the Harmonized Structure of Quality Management (ISO 9001). Should an interruption to operations be inevitable (cyber attack, damage to buildings, natural disaster, interruption to supply, etc.), the BCMS that is implemented enables the organization to make a rapid return to normal operations within a tolerable timeframe.
Liability issues are becoming more relevant
Negligence and an inability to produce evidence for any preventive crisis management can hit the responsible person or persons hard in the event of the company being held liable. Section 1 of the StaRUG (Corporate Stabilization and Restructuring Act), for example, which has been in force since the beginning of 2021, obligates limited liability companies to carry out early crisis detection and crisis management. The KonTraG (Law on Control and Transparency in Business), Section 91 (2) of the AktG (Stock Corporation Act), Section 317 (4) of the GmbHG (Act on Limited Liability Companies) and the duty of care of a prudent merchant set out in Section 347 (1) of the HGB (Commercial Code), for example, also give impose stricter requirements regarding preventive security and safety measures for business operations.
Synergies with new Critical Infrastructures Act
The crisis scenario from GrĂĽnheide shows how cross-sectoral inter-dependencies pose a challenge to risk management. Failures in areas such as the energy supply, IT or logistics can have an immediate impact on the entire value chain. While comprehensive regulations (the BSI Act (Act on the Federal Office for Information Security), the BSI-KritisV (Ordinance on the Determination of Critical Infrastructure according to the BSI Act)), and standards for achieving information security (ISO 27001) are already in place for the cyber security of critical infrastructures, physical protection is now being tightened up. The Critical Infrastructure Act represents a cross-sectoral and risk-spanning set of regulations for the physical protection of critical infrastructure. It will enter into force on October 2024 and thus implement the EU RCE Directive and the CER Directive, EU 2022/2557, on the resilience of critical infrastructure in Germany. It is currently expected that more than 20,000 additional companies will also be affected by the new regulation.
Companies covered by the Directive will have to demonstrate concrete resilience measures in the areas of prevention, physical protection, response, recovery, staff security and an awareness for the critical risk factors. Business continuity management, or ISO 22301, is therefore within the area of application of the critical infrastructure regulations and fulfills requirements such as:
  • the establishment of company risk and crisis management systems,
  • continuous risk analysis and risk assessments,
  • the preparation of resilience plans,
  • the implementation of the appropriate and proportionate technical, personnel and organizational measures.
Conclusion:
The blackout at the Tesla gigafactory demonstrates the importance of business continuity management for companies. Companies that establish BCMS in accordance with ISO 22301 not only strengthen their key corporate functions,in adopting a BCM system, organizations are also able to both minimize the risks of business disruption and to reduce the negative effects on their business. The blackout at the Tesla plant should serve as a wake-up call for all businesses for recognizing the importance of Business Continuity Management and taking the appropriate action. You can have your BCMS certified by independent experts and thereby provide the confirmation to your customers, suppliers and investors that your organization is both resilient and able to respond to crisis events.
Show all articles