Continuity & Crisis Management

• NIS2
• Cyber Security Act
• ISO22301
• ISO31000
• ISO27001

The goal of continuity management and crisis preparedness is to create a more resilient organization with readiness to handle disruptions.

Organizations face increasing demands to demonstrate how they govern and lead in order to achieve objectives, meet requirements, and comply with legislation — with a strong focus on resilience and robustness.

The entire organization, including the digital supply chain, is affected. This includes organizational structure and responsibilities, processes, information, personal data, information systems, IT services, IT infrastructure, and external suppliers. Disruptions can shut down entire operations, expose sensitive information, and severely impact critical control systems — for example, in electricity and water supply, healthcare, or production processes.

Multiple types of legislation, regulations, and standards govern this work, including:

• ISO 22301 – Continuity
• ISO 31000 – Risk Management
• NIS Directive, Cybersecurity Act
• ISO 27001 – Cyber and Information Security
• ISO 9001 – Quality Management

Structured solutions with iFACTS for resilient continuity and crisis management processes

The iFACTS methodology is based on fundamental organizational structure, process orientation, and asset management — inspired by ISO standards, specifically ISO 22301 for continuity management. Typical workflows within continuity management include: documented supply chains, continuity requirements, impact analysis and calculation of RPO/RTO/MTD, prioritized recovery, recovery and continuity communication plans, exercises, analysis, and management reporting.

The iFACTS methodology and information model are designed to be comprehensive. Processes documented under quality management (ISO 9001) serve as the starting point for continuity and crisis preparedness. Similarly, the information assets documented under information security (ISO 27001) also serve as a foundation for continuity and crisis preparedness.

iFACTS AB is certified according to ISO 9001/27001 under a combined certification, where continuity management and crisis preparedness are central components.

NIS2 connected to continuity management

NIS2 will be applied in Sweden through the Cybersecurity Act (entering into force in 2026), where the Swedish Civil Contingencies Agency (MSB) will have a central coordinating role. MSB specifically states that ISO 27001 practices are recommended for implementation.

The iFACTS methodology and software support ISO 27001 all the way to certification, and thereby also compliance with the Cybersecurity Act. Below are some key examples of legal requirements from the Cybersecurity Act:

• Systematic and risk-based information security work
• Incident management
• Continuity management
• Supply chain governance