Using ISO 22301 to build resilience where it actually matters

Rising operational costs and increasingly fragile supply chains are no longer temporary challenges. They are structural conditions that businesses must learn to operate within. Energy price volatility, global political instability, labour shortages, transport disruption, and supplier insolvencies are all contributing to an environment where predictability is limited and margins are under constant pressure.

For many organisations, the instinctive response has been to cut costs, reduce stock, and streamline supplier bases. While these actions may improve short term financial performance, they often introduce new risks that only become visible when disruption occurs. The result is a cycle of reactive decision making, where businesses are constantly responding to problems rather than controlling them.

The question therefore shifts from how to avoid disruption to how to remain stable and operational through it. This is where ISO 22301, the international standard for Business Continuity Management, becomes directly relevant. When applied properly, it provides a structured way to protect revenue, maintain delivery capability, and make informed decisions under pressure.

Unsure where to start? Chat with us for some quick advice!

Understanding the current operating environment

Before looking at solutions, it is important to recognise the scale and nature of the challenge.

Costs are rising across multiple areas simultaneously. Energy, raw materials, labour, and logistics have all seen significant increases. At the same time, customers are more price sensitive, which limits the ability to pass these costs on without affecting demand.

Supply chains are also becoming less reliable. Businesses are experiencing longer lead times, inconsistent quality, and reduced supplier responsiveness. In some cases, suppliers are failing altogether, leaving businesses scrambling to find alternatives.

What makes this situation particularly difficult is that these issues are interconnected. A delay from one supplier can disrupt production schedules, which then affects delivery commitments, cash flow, and customer relationships. Small disruptions quickly escalate into wider operational problems.

Without a structured approach, businesses tend to respond in isolation. They address the immediate issue without fully understanding the broader impact. This is where instability begins to take hold.

Why traditional approaches fall short

Many organisations already have some form of risk management or contingency planning. However, these are often limited in scope or not embedded into day to day operations.

Common weaknesses include:

Plans that exist on paper but are not tested or used
A lack of clarity around which activities are truly critical
Over reliance on key individuals rather than structured processes
Limited visibility of supplier dependencies beyond immediate vendors
Decisions driven purely by cost without understanding risk exposure

These gaps mean that when disruption occurs, the response is inconsistent and often delayed. Instead of executing a predefined strategy, teams are forced to improvise under pressure.

ISO 22301 addresses this by introducing a systematic and repeatable approach to continuity. It ensures that critical activities are identified, protected, and supported by practical response mechanisms.

Identifying what actually matters

One of the most important steps in stabilising a business is understanding which parts of the operation are essential.

ISO 22301 requires a Business Impact Analysis. This is not just an administrative exercise. It is a process that forces organisations to evaluate their activities in commercial terms.

Key questions include:

Which products or services generate the most revenue
Which processes are essential to delivering those products or services
What is the maximum acceptable downtime for each activity
What would be the financial and operational impact of disruption

This level of clarity is often missing. Many businesses treat all activities as equally important, which leads to resources being spread too thinly.

By identifying priorities, organisations can focus their efforts where they will have the greatest impact. This ensures that critical functions are protected first, rather than attempting to safeguard everything at once.

Gaining visibility of supply chain risk

Supply chain fragility is one of the most significant challenges facing businesses today. However, many organisations only have visibility of their immediate suppliers and limited understanding of deeper dependencies.

ISO 22301 encourages a more detailed assessment of the supply chain, including:

Identifying critical suppliers that directly impact key operations
Understanding dependencies on tier 2 suppliers where possible
Assessing supplier resilience in terms of financial stability and capacity
Evaluating geographic risks such as political instability or transport disruption

This process often reveals hidden vulnerabilities. For example, a business may believe it has multiple suppliers for a product, only to discover that they all rely on the same upstream manufacturer.

Without this insight, contingency planning is incomplete.

Moving from single sourcing to strategic sourcing

Cost pressures have led many businesses to reduce the number of suppliers they work with. While this can improve purchasing power and simplify procurement, it also increases dependency.

ISO 22301 does not prescribe specific sourcing models, but it does require organisations to consider continuity when making decisions.

This often leads to a more balanced approach, such as:

Maintaining secondary suppliers for critical materials
Establishing framework agreements that can be activated quickly
Diversifying suppliers across different regions to reduce geographic risk

These measures may introduce additional cost in the short term, but they significantly reduce the likelihood of severe disruption.

The key is to treat sourcing decisions as risk based rather than purely cost driven.

Rethinking inventory strategy

Inventory management is another area where cost reduction can conflict with continuity.

Reducing stock levels improves cash flow and reduces storage costs. However, it also limits the ability to absorb supply chain disruption.

ISO 22301 encourages organisations to evaluate inventory decisions in the context of risk. This involves considering:

The criticality of the materials or products
The reliability of suppliers
The lead time required to replenish stock
The potential impact of stockouts on operations and customers

In some cases, holding additional stock for critical items is justified. In others, alternative strategies such as local sourcing or flexible production may be more appropriate.

The objective is not to maximise or minimise inventory, but to align it with the level of risk the business is willing to accept.

Embedding continuity into operational decision making

A common issue in many organisations is that continuity planning is treated as a separate function rather than being integrated into everyday decision making.

ISO 22301 changes this by embedding continuity considerations into operational processes.

For example:

Procurement decisions take into account supplier resilience as well as cost
Production planning considers alternative scenarios and capacity constraints
Financial planning includes the potential impact of disruption

This integrated approach ensures that continuity is not an afterthought. It becomes part of how the business operates.

Developing practical and usable strategies

One of the biggest criticisms of continuity planning is that it often results in documents that are rarely used.

ISO 22301 addresses this by focusing on practical strategies rather than theoretical plans.

Effective strategies are:

Clear and specific
Aligned with actual operational capabilities
Supported by resources and training
Regularly reviewed and updated

Examples include:

Pre approved alternative suppliers with agreed pricing structures
Defined procedures for reallocating production capacity
Agreements with logistics providers for emergency transport options
Cross training employees to cover critical roles

These strategies provide a foundation for consistent and effective response.

Strengthening response capability

Even with strong preventive measures, disruption is inevitable. The ability to respond quickly and effectively is therefore critical.

ISO 22301 requires organisations to establish structured response mechanisms, including:

Defined roles and responsibilities during incidents
Clear escalation processes
Communication plans for internal teams and external stakeholders
Procedures for maintaining or restoring operations

This ensures that when disruption occurs, the response is coordinated rather than reactive.

Regular testing is also essential. Scenario exercises help identify gaps and build confidence within teams. They ensure that plans are not only understood but also executable under pressure.

Improving communication under pressure

Communication is often overlooked, but it plays a central role in managing disruption.

Poor communication can lead to confusion, delays, and loss of trust. Customers may not be informed of issues in time, and internal teams may not have the information they need to act effectively.

ISO 22301 emphasises the importance of clear and structured communication, including:

Who needs to be informed and when
What information should be communicated
How communication will be delivered

This applies both internally and externally. Customers, suppliers, and stakeholders all need timely and accurate information during disruption.

Effective communication helps maintain confidence even when challenges arise.

Balancing cost and resilience

One of the most important contributions of ISO 22301 is that it enables better decision making around cost and risk.

Rather than focusing solely on reducing expenditure, organisations are encouraged to consider the potential consequences of those reductions.

For example:

What is the financial impact of a production stoppage compared to the cost of maintaining a secondary supplier
How does reduced inventory affect the ability to meet customer demand during delays
What is the cost of losing a key customer due to missed deliveries

By quantifying these factors, businesses can make more informed decisions.

This does not mean eliminating cost pressures. It means managing them in a way that does not compromise stability.

Would you like the help of our experts? Get a free quote and consultation on the introductory phone call!

Building long term resilience

Resilience is not achieved through a single initiative. It is the result of consistent and structured effort over time.

ISO 22301 provides a framework for continuous improvement. Organisations are required to:

Monitor performance
Review incidents and learn from them
Update strategies based on changing conditions
Ensure ongoing alignment with business objectives

This ensures that continuity capabilities evolve alongside the business.

The commercial impact

Implementing ISO 22301 is not just about risk reduction. It has direct commercial benefits.

Businesses that operate with greater stability are able to:

Maintain consistent delivery performance
Protect revenue during disruption
Retain customers and build trust
Respond more effectively to market changes

In many sectors, demonstrating continuity capability is also becoming a requirement in tenders and supplier assessments.

This makes ISO 22301 not only a protective measure but also a competitive advantage.

Final thought

Rising costs and fragile supply chains are not problems that can be solved once and then ignored. They are ongoing challenges that require a structured and proactive approach.

ISO 22301 provides that structure. It helps organisations identify what matters most, protect critical activities, and respond effectively when disruption occurs.

The businesses that will perform best in this environment are not those that avoid disruption entirely. They are the ones that can absorb it, adapt, and continue operating with minimal impact.

The question is not whether disruption will happen. It is whether your business is prepared to handle it without losing control.

If rising costs and supply chain instability are starting to affect your ability to deliver consistently, it is worth assessing how resilient your business actually is.

We help organisations implement ISO 22301 in a way that is practical, commercially focused, and aligned with day to day operations. No unnecessary complexity, just clear strategies that protect your business where it matters most.

Book a free consultation to identify your key risks and see where your current approach may fall short.

Candy Management Consultants has guided UK businesses through stress-free ISO certifications since 2017. Our 100% first-pass success rate comes from tailoring frameworks to your operations and personalised approach – not checklists, at fixed day rates, transparent per-project contracts and with the help of the modern ISO management software.