4C Strategies>Case Studies>Preparing a global manufacturer for ISO accreditation
Business Continuity Management, Cyber Security & IT Continuity

Preparing a global manufacturer for ISO accreditation


Background: In early 2019, an international manufacturing company employed 4C Strategies to identify gaps in its current Business Continuity Management System (BCMS) and make recommendations prior to seeking ISO 22301:2012 accreditation (the international Standard for a Business Continuity Management System).

Challenge: Although the company possessed extensive Health and Safety expertise and experience, there was less focus on business continuity. External help was sought to aid the company in obtaining ISO 22301 accreditation.

Solution: 4C Strategies was able to conduct a gap analysis using Exonaut®, focusing on a review of BCM documentation and information provided electronically and via interviews with relevant key individuals and subject matter experts.

Benefits: The results of the gap analysis provoked internal activity within the organisation to identify current-state compliance to the ISO 22301 standard. The findings were then used to inform subsequent decision-making in their BCMS readiness prior to seeking ISO 22301 accreditation.

Customer: An international manufacturer of semiconductor vacuum and abatement solutions

Selecting the right tools for Business Continuity Management

The key to the success of the project was the provision of Exonaut® and its capability as an integrated platform to manage the requirements of the different entities reviewed, including:

  • structured and efficient gap analysis and observation planning,
  • dynamic and flexible delivery options,
  • real-time evidence-based assessment and evaluation, irrespective of location (observations were taken remotely at the organisation’s sites and at 4C offices).

Design, delivery and evaluation

Each aspect of the gap analysis cycle, from design, development and delivery through to evaluation, was powered by Exonaut. The software’s capability to operate across multiple operating systems (Windows, Android, iOS) and devices enabled 4C evaluators to input observations in real-time and to monitor ISO 22301 compliance throughout the interview and document review process.

Asking the right questions about business continuity

The review utilised a standard question set, developed by 4C over a number of years. The questions were designed not only to determine compliance with the ISO standard, but also to cross-reference with the Business Continuity Institute (BCI)’s Good Practice Guidelines.

The question set was broken down into levels, with the first level establishing a theme or area, and the second level featuring a question designed to look at a specific part of that area or theme. There were six main themes or areas in the set:

  • Context or the organisation
  • Leadership
  • Planning
  • Support
  • Operations
  • Performance Evaluation

Read more about business continuity

Image illustrating organisational interdependencies in business continuity

What is Business Continuity Management?

Business Continuity Management (BCM) has moved up the agenda of organisations since the COVID-19 pandemic. What is Business Continuity Management and how do you make sure you get it right at your organisation?

Read more


Five things you should know about Business Continuity Management

In the spirit of Business Continuity Awareness Week, here are five business continuity considerations for every organisation.

Read more

A best-practice business continuity maturity model

A best-practice BCMS maturity model was used as a baseline for the comparison of relevant documentation, in addition to the scoring of interview responses. The maturity model required each question to be scored between one to six, in order to identify current levels of maturity by theme or area. In time, this data could be used as a benchmark to assess other areas of the business.


There were two methods used to conduct the review. The first of which was the facilitation of short interviews with identified key personnel and subject matter experts, to ascertain their perception and knowledge of current BCMS capability. The most relevant questions from the question set were pulled in to make a specific question set for each interview.

The second method took the form of a detailed review of current BCM documentation using a list provided by the organisation.

Throughout the two methods and processes, observations against each question were made, including a score against the maturity model, plus comments and recommendations.

Analysis and assessment

Once all required data had been captured, either through interviews or documentation review, a number of observations were made against each question. These were then used to provide assessments against a theme or area. Finally, all assessments and observations were gathered to provide an overarching assessment for the report. Data captured using Exonaut could then be used for benchmarking future reviews of other operational areas.


The Exonaut Observer (OBS) mobile app enabled 4C Strategies consultants to capture observations in a consistent format, linked to real-time assessments with identified overarching objectives. Consultants were equipped with smartphones and tablets to capture data and build a fully auditable evaluation set for real-time analysis and post-exercise reviews.


The evaluation process began by reviewing all observations that had been made through the course of the project against a particular objective. Exonaut then facilitated the gathering of those observations into a single assessment. The grades applied throughout the project were also reviewed with a final grade, at the objective assessment level.


Get in touch

Discover how you can build your risk, business continuity and crisis management capability with our expert services. Book a free consultation with one of our consultants to discuss your requirements.

Related Case Studies

Priority planning in an energy crisis with a National Energy Authority

Discover how 4C is supporting Styrel to map, prioritise and protect electricity-dependent critical societal functions.

Creating a standardised BCM methodology with Uniper

Read how 4C created and implemented an ISO22301 standardised Business Continuity Management methodology with energy provider Uniper

Ensuring Business and IT Continuity for BillerudKorsnäs

Discover how world-leading packaging producer BillerudKorsnäs protects critical assets with 4C's IT and Business Continuity expertise.

Message sent

Thank you
Your message has been received. We will get back to you as soon as possible.

Thank you!

You are now registered.

Download pack

Photo credits


Choose size
  • Original image
  • Large image (2900px)
  • Medium image (1920px)
  • Small image (1024px)

Get in touch

Book a demo

I agree to be contacted for the purpose indicated above, and to receive information about 4C Strategies’ products, services and events. To learn more about how 4C Strategies process data, please read our privacy statement.

Get in touch

I agree to be contacted for the purpose indicated above, and to receive information about 4C Strategies’ products, services and events. To learn more about how 4C Strategies process data, please read our privacy statement.