Building Resilience in the Face of Disruption: LinkedIn’s Journey to ISO 22301 Certification


Co-Authors: Chau Vu and Whitney Parsons

In March 2020, the world turned upside down—the World Health Organization declared a global pandemic, and life as we knew it was altered completely. Offices closed, we stopped traveling, and we had to change the way we interacted with others. 

In the face of this disaster, businesses were challenged to adapt to continue operating while keeping their employees safe and healthy. When companies began reaching out to LinkedIn for information on how we were handling the crisis, we believed that our customers should have complete confidence in the reliability of our products and services. Customers wanted to know about our response to the pandemic, our ability to conduct routine exercises, and whether we had a dedicated business continuity program. As defined by the International Standard Organization (ISO), business continuity is the capability of an organization to continue the delivery of products and services within acceptable time frames at predefined capacity during a disruption. We wanted to demonstrate our commitment to continuity and resilience to our customers and that’s one of the reasons why we pursued ISO 22301 business continuity certification.

The pandemic caused a meaningful disruption, which underscored the criticality of business continuity as well as the need to create a dedicated program to bring together all the work that had been done while expanding the integrity of products and services within a business continuity focus. With no formal business continuity program, the need to sustain LinkedIn throughout any future disasters, while maintaining the trust and reliability posture, was necessary and just made sense. As a result, we began to build our team. 

Like most businesses, LinkedIn responded to the pandemic by utilizing existing systems and resources while addressing business continuity gaps. According to Sonora Al-Najjar, Senior Security Manager, Global Security & Safety, “As LinkedIn and the world navigated the unprecedented times of the pandemic, we were challenged with the requirement of providing our core essential services, workspaces, and services to our global employees who had abruptly pivoted to a fully remote model.” Creating any new program inherently involves addressing uncertainties. Regardless of this monumental challenge, LinkedIn stayed committed to ensuring uninterrupted service for our global customers by taking the necessary steps in establishing LinkedIn’s first formalized Business Continuity & Resilience Program.

In this post, we will share how we formalized  the LinkedIn Business Continuity & Resilience Program, how this new program helped increase our customers’ confidence in our operations, and the lessons that we learned as we attained ISO 22301 certification.

Building the Program 

LinkedIn established its Business Continuity and Resilience Program in January 2021 to ensure the continued delivery of products and services following disruptive incidents. Though the program was new, it was built on measures that we currently had in place. To ensure success, we needed to take time to understand the organization as well as learn more about the key processes crucial for sustained growth and maturity. Observing how LinkedIn navigated the pandemic provided much needed insight into how our current practices needed to evolve.

We needed to find a way to introduce business continuity concepts to all employees and get their buy-in. This was done through cultivating relationships, active listening, and connecting the dots. To empower our teams, it was also important to understand their experiences during the pandemic and identify areas for improvement, which was achieved by appointing a person-in-charge for each team.

We also created the role of Team Business Continuity Lead, who leads and participates in all business continuity activities to ensure their team responds adequately to any incident. They also perform specific duties outlined in their team’s Business Continuity Plans.

Setting clear expectations for Team Business Continuity Leads and key-stakeholders is imperative. This is accomplished by the Business Continuity and Resilience Strategic Roadmap that delineates all the annual activities to mature and sustain the program as well as to facilitate the attainment of ISO 22301. This roadmap outlined key milestones for program maintenance and a straightforward progression to build a scalable and efficient program.



Source link