top of page

Implementation of Business Continuity Management Systems & ISO 22301 Certification

Client: Confidential

Sector: Artificial Intelligence and Machine Learning

Location: United States of America, Australia, Philippines, and United Kingdom


The Client is a major player in Artificial Intelligence and Machine Learning (AI & ML) domains across the globe. Before we get into details, let us tell you that this project was another feather in our cap because we became one of the first few companies to have implemented BCMS in AI & ML services and solutions sector.

Among our Client’s customers, there are 5 well-known, reputed and giant enterprise customers from across the world whom the Client provides their services. One of those giant customers have 400 plus projects running, which amounts to the major revenue source for the Client. Hence, the Client wanted to ensure the continuity and resilience of these 400 plus projects. On top of that, they were audited by BIG-4 external auditors on behalf of this giant customer. The auditors came out with non-conformities and observations in their audit report which included major gaps in business continuity.

The Client reached out to Gorisco and we got engaged to assist in bridging the gaps and providing assurance to the customer and the auditors. The solution included end-to-end implementation of Business Continuity Management Systems (BCMS) in alignment with the international standard ISO 22301:2019.

The objective of the engagement was to ensure the closure of the non-conformities and observations related to BCMS and to create a common structure for Business Impact Analysis (BIA), Risk Assessment (RA), Recovery Strategies, and Business Continuity Plan (BCP) for the projects. The projects were divided into two phases – Phase 1 and 2. Phase 1 focused on defining the framework, policies, procedures and the strategy on how Gorisco is going to approach the problem and help the Client meet their objectives. Gorisco’s deliverables from Phase 1 were reviewed by the BIG-4 auditors and based on their recommendations, the customer provided the approval to continue with Phase 2.

Gorisco led the project successfully from start until the closure and completed within the defined timelines. At end of the project, the Client was able to identify similar categories of projects and have a common BCP structure that can be used for current and future projects with just 15% to 20% of alteration. This strategy ensured that the Client need not have to maintain 400 plus BCPs while ensuring that there is a common BCP available for multiple projects.

It was a cheerful and proud moment for all of us because our work was appreciated by the Client Management. This was one of the best projects for us till date, since it gave us a lot of insight and experience in analysing business continuity requirements in Artificial Intelligence and Machine Learning domain.

Our Approach:

The project had an ambitious schedule that relied upon Business Impact Analysis (BIA), Risk Assessment (RA), and all other Business Continuity Management Systems (BCMS) implementation activities.

Following are the list of major activities executed by us:

• Defining the BCMS Objectives

• Drafting of BCMS Policy, Manual and Governance charter

• Shortlisting the major projects and conducting the Business Impact Analysis for all the processes for major projects

• Conducting Risk Assessments for the risks associated with all the critical processes

• Performed BIA and RA analysis and derived a common structure acceptable to the Client

• Preparing the recovery strategies and solutions

• Designing the templates and forms

• Defining and baselining the definitions for business impact categories, criticality levels, risk severity and likelihood in consultation with the client

• Creation of similar architecture Business Continuity Plans

• Creation of an Information Technology (IT) Disaster Recovery Plan

• Conducting the exercises for the plans

• Preparation of :

o Communication Plan

o Incident Management Plan

o Emergency Response Plan (ERP)

o Crisis Management Plan (CMP)

o Change Management Procedure

• Preparation of the responses from the previous observations for the external auditors

Gorisco mobilized its expert consultants to carry out activities as listed above. The Client supported all the activities and provided their valuable inputs. It was an interesting and challenging project that involved extensive discussions, brainstorming, meetings, and interviews with the Client to achieve the above stated objectives.

The Positives

1. With the good support of the Client, all activities were completed within the aggressive timelines

2. Due to the pandemic, the project was executed remotely without any physical presence

3. We have developed a common template that could be utilized by the Client for all current and future projects with similar business requirements

4. Understood that new and highly dynamic workforce structure that includes permanent, contract and crowd workers

Benefits & Values

1. The Client was able to address the concerns of the external auditors and the customer and regain their confidence on deliveries

2. The implementation process helped the client become more resilient and confident in their operations

3. BCMS implementation clearly and objectively showed the Client their compliance status and level of risks associated with each activity

4. Identifying priority (high-risk) activities enabled the client to refine their business strategies and channel resources to the areas of greatest need

5. These risks were managed through proper assessment and application of the mitigation plans

6. The Client can use this practice and assure its other customers as well that they have business continuity capabilities

7. The BCMS implementation facilitates the client for future certification audit

56 views0 comments


bottom of page