As a small business owner, you can’t be expected to have the answers to every unexpected challenge. Using standards in your planning and preparation, however, helps you create processes and procedures for most eventualities – whether that’s complying with new regulatory requirements or dealing with a serious cyberattack.
When things are going well it’s easier for SME owners to fall into the trap of thinking ‘it won’t happen to us.’ Even during the good times, it pays to prepare for sudden changes in fortune. A seemingly minor incident can always escalate, and without the ability to react and quickly implement contingencies you leave your business vulnerable.
A further consideration is the pace of change in today’s business landscape, often led by digital or technological innovation. While this can add greater complexity and potential risk factors, it also offers growth opportunities for the prepared business owner.
It’s impossible to predict exactly when your business might face a serious and unexpected issue, but by taking a standards-based approach to your strategy you’ll be in the best possible position to act, recover and minimize any long-term disruption.
Standards help small businesses understand their current and potential risks, then design the right processes and procedures to manage and mitigate them. They improve resilience and boost confidence amongst employees, stakeholders, suppliers, and partners.
Below, we’ve listed below five ‘what if’ scenarios to consider, as well as the standards you can use to prepare your business for them.
What if there’s a cybersecurity incident or data breach?
The IEC/ISO 27000 series of standards help you bolster your defences while creating a full information security management system – IEC/ISO 27001 is a great place to start. They help SME owners protect against hacking, phishing as well as data loss from human error. The series also helps response and recovery in the event of a data breach or cybersecurity incident.
What if there’s an issue with my suppliers, or the companies that I supply?
There are various risks in every supply chain. Unexpected events can lead to delays and extra costs which, in turn, can damage relationships and reputations. Internationally recognized standards, such as ISO 28000, help build an awareness of supply chain risk and provide a framework to help small businesses anticipate and adapt to events.
What if we’re working inefficiently?
ISO 9001 is the world’s most recognized quality management standard, helping SMEs optimize every aspect of their operations. It allows small business owners to benchmark quality levels and then tailor a quality management system to maintain them. It also helps reduce risk through continuous improvement, cost reduction and sustainable management processes.
What if we don’t fully understand our risks?
ISO 31000 is designed to help small businesses embed systems for ongoing risk analysis and assessment, covering most activities from planning, operations, safety and communication. This improves confidence – both inside the business and amongst external audiences like partners, suppliers and investors. Certification to ISO 31000 demonstrates a clear commitment to risk management, which can be a useful reputation builder.
What if we’re not looking after our staff properly?
In today’s transparent business climate, building meaningful employee loyalty has never been more important.Each employee is critical to a small business’ survival and future success. Poor staff wellbeing increases the likelihood of absenteeism, staff turnover – damaging productivity and even overall reputation.
SMEs can use ISO 45001 to make sure their health and safety policies are appropriate, and will be able to use ISO 45003, which is under development, to support employees’ mental health.
Summary
- It pays to prepare for sudden changes in fortune. By taking a standards-based approach to your strategy you will put yourself in the best possible position to act, recover and minimize any long-term disruption.
- The IEC/ISO 27000 series of standards help you bolster your cybersecurity defences while creating a full information security management system – IEC/ISO 27001 is a great place to start.
- There are various risks in every supply chain. Unexpected events can lead to delays and extra costs which, in turn, lead to damaged relationships and reputations. ISO 28000 helps businesses build an understanding and awareness of their supply chain risks.
- ISO 9001 is the world’s most recognized quality management standard, helping SMEs optimize every aspect of their operations. It allows small business owners to benchmark quality levels and maintain them.
- ISO 31000 is designed to help small businesses embed systems for ongoing risk analysis and assessment, covering most activities from planning, operations, safety and communication.
- Protect staff wellbeing with ISO 45001 from a health and safety perspective. ISO 45003, which is under development, will support employees’ mental health.