Business Continuity Strategies & Solutions

What “strategy & solution” means in ISO 22301 (and what it doesn’t)

• Boundaries: strategy selection vs. planning, response, and exercising

• Inputs and outputs: how strategy consumes time requirements and produces implementable solution requirements

Strategy options landscape (continuity-specific)

• Typical strategy families (avoid, reduce exposure, maintain, recover, substitute) and where they fit

• Misfits and failure patterns (e.g., DR-only mindset, “paper resilience”, unrealistic assumptions)

Designing solutions across enabling dimensions

• People, facilities, technology, information, and third parties as integrated solution components

• Minimum operating model and recovery sequencing (what must be available first, and why)

Feasibility and constraint evaluation

• Constraints: capability, time, cost, compliance/contractual, supply chain, and site realities

• Practical checks: single points of failure, shared dependencies, and unrealistic manual workarounds

Decision logic and governance of trade-offs

• Making trade-offs explicit (cost vs. recovery time vs. complexity vs. residual exposure)

• Decision records: what must be documented so choices remain understandable and auditable

Traceability and maintainability of strategy decisions

• Linking strategy and solution choices to time requirements and key assumptions

• Change triggers: what updates strategies (service changes, supplier shifts, platform migrations)

Technology as an enabler

• Using structured registers to keep strategy decisions current and comparable

• AI-assisted summarisation of stakeholder inputs and consistency checks (supporting judgement, not replacing it)

Workshop (case-based)

• Select strategies for a Halderstone case using given time requirements and dependency constraints

• Consolidate into a solution set with documented trade-offs, assumptions, and ownership