In an increasingly volatile world—marked by cyber incidents, supply chain disruption, workforce instability, and economic uncertainty—UK organisations can no longer rely on traditional business continuity plans alone. Resilience today is about anticipation, adaptation, and long-term survival, not just recovery. ISO 22316 provides the strategic framework to embed resilience into the very fabric of how your organisation operates.
ISO 22316 is the international guidance standard for Organisational Resilience. It helps organisations strengthen their ability to absorb shocks, adapt to change, and continue to achieve objectives—no matter what disruption they face. Rather than focusing on single threats, ISO 22316 takes a whole-organisation view of resilience, spanning leadership, culture, governance, people, and strategy.
🛡️ What is ISO 22316?
ISO 22316 is a guidance standard published by the International Organization for Standardization. It provides a structured framework to help organisations build, enhance, and review organisational resilience.
In plain English, ISO 22316 helps you answer critical questions such as:
How well can we anticipate disruption?
Are our leaders and people equipped to respond to uncertainty?
Can we adapt our strategy under pressure?
Will our organisation still function if key assumptions fail?
Unlike ISO 22301 (Business Continuity), ISO 22316 is strategic rather than procedural. It does not prescribe plans or checklists; instead, it focuses on building the capabilities and behaviours that make organisations resilient over the long term.
Why ISO 22316 was created
Many organisations discovered during major crises—such as COVID-19, cyber-attacks, or global supply chain failures—that having documented plans was not enough. Plans failed because leadership, culture, decision-making, and communication were not resilient.
ISO 22316 was created to address this gap. It shifts resilience from a siloed compliance activity into a leadership-led management discipline. The standard recognises that resilience emerges from how an organisation is governed, how it learns, and how it adapts—not just how it recovers.
🇬🇧 Why ISO 22316 matters for UK organisations
UK organisations operate in an environment of:
ISO 22316 provides a credible framework for demonstrating that resilience is being actively managed at board level. It is particularly valuable for organisations subject to regulatory scrutiny, public accountability, or critical service delivery expectations.
Who ISO 22316 is for
🏛️ Public Sector & Local Authorities
Maintaining essential services under pressure
⚡ Critical Infrastructure & Utilities
Managing systemic and cascading risks
💼 Financial & Professional Services
Meeting governance and risk expectations
🏥 Healthcare & Education
Sustaining operations during prolonged disruption
🚀 Growing SMEs
Building resilience early to support sustainable growth
Key Principles of ISO 22316
Leadership & Culture
Resilience starts with leadership behaviours, decision-making, and organisational values
Shared Purpose
A clear mission and objectives help organisations stay focused during disruption
Situational Awareness
Understanding internal and external risks, trends, and weak signals
Effective Governance
Clear accountability, risk ownership, and oversight at senior levels
Adaptive Capacity
The ability to change structures, strategies, and priorities quickly
Continuous Learning
Learning from incidents, near-misses, and change
Benefits of ISO 22316
🔧 Internal Benefits
- ✓ Stronger leadership decision-making under pressure
- ✓ Improved cross-functional collaboration
- ✓ Enhanced staff confidence and engagement
- ✓ Reduced impact of disruption
🎯 Strategic Benefits
- ✓ Greater long-term stability and sustainability
- ✓ Improved board-level governance and assurance
- ✓ Stronger reputation with stakeholders and regulators
- ✓ Better alignment between risk, strategy, and performance
📋 Risk & Compliance
- ✓ Complements ISO 22301, ISO 27001, and ISO 9001
- ✓ Supports regulatory expectations around operational resilience
- ✓ Provides evidence of proactive risk management
What assessors look for when using ISO 22316
While ISO 22316 is not a certifiable standard on its own, it is often used as a benchmark for maturity assessments or integrated into existing management systems.
👔 Leadership Commitment
Evidence of leadership commitment to resilience
🎯 Clear Purpose
Clear understanding of organisational purpose and priorities
📊 Risk Monitoring
Mechanisms for monitoring emerging risks
🔗 Integration
Integration of resilience into strategy and governance
📚 Learning Evidence
Evidence of learning and adaptation
The focus is always on capability and behaviour, not documentation alone.
ISO 22316 in practice (real-world examples)
🏛️ Public Sector Organisation
A UK public body uses ISO 22316 to strengthen its response to prolonged service disruption. Leadership workshops, governance reviews, and scenario planning improve decision-making during crises.
💼 Financial Services Firm
A regulated firm applies ISO 22316 alongside ISO 22301 to demonstrate operational resilience to regulators—linking business continuity, cyber security, and strategic risk into one coherent framework.
⚠️ Common mistakes when applying ISO 22316
Confusing Resilience with Business Continuity
Resilience is broader—it includes culture, leadership, and adaptability.
Limiting Ownership to Risk Teams
True resilience must be owned by senior leadership and embedded across the organisation.
Overcomplicating the Framework
ISO 22316 is principles-based and should be applied proportionately.
ISO 22316 and other ISO standards
ISO 22316 integrates naturally with:
Together, these standards form a strong foundation for an Integrated Management System (IMS) that supports both compliance and resilience.
Can ISO 22316 be certified in the UK?
ISO 22316 itself is a guidance standard, not a certifiable one. However, many UK organisations:
- Use it to assess and improve resilience maturity
- Integrate its principles into ISO 22301 or ISO 9001 systems
- Use it as evidence of good governance and leadership
Certification bodies and regulators increasingly recognise ISO 22316 as best practice for organisational resilience.
Who should NOT use ISO 22316?
If an organisation is only seeking a quick certificate or checklist solution, ISO 22316 may not meet expectations. The standard requires reflection, leadership engagement, and cultural change—not just documentation.
Frequently Asked Questions (FAQs)
Is ISO 22316 mandatory in the UK?
No. It is voluntary, but widely regarded as best practice for organisational resilience.
Is ISO 22316 the same as ISO 22301?
No. ISO 22301 focuses on business continuity plans. ISO 22316 focuses on strategic resilience capabilities.
Can SMEs use ISO 22316?
Yes. The principles are scalable and highly relevant to growing organisations.
Does ISO 22316 help with regulators?
Yes. It supports governance, risk management, and operational resilience expectations.
Ready to build genuine organisational resilience?
Certigence has been helping UK organisations strengthen resilience and achieve ISO certification for over 25 years with a 100% first-time success rate.