Managing Risks in the Cosmetic Industry


COVID-19 has been a wake-up call for all industries in terms of risk management and business continuity. In this article, we look at the cosmetics industry and consider how businesses can best prepare for adverse risk events.

The old certainties around which industries have designed risk management strategies have been severely challenged in recent months. The impact of COVID-19 means business leaders can no longer afford to ignore the prospect of global negative impact events. While the pandemic has profoundly affected the cosmetics industry, it must also be seen as an opportunity to learn. By looking at the way businesses have responded to COVID-19, we can help cosmetics manufacturers and brands ensure they are employing best practice in terms of risk management.

Defining Risk and Business Continuity

ISO has introduced a variety of standards that help us define both risk and business continuity. In separate documents, risk is defined as:

  • ISO/IEC 27031:23011, 3.14 – an organization’s ability to resist being affected by disruptions
  • ISO/Guide 73:2006, – an organization’s adaptive capacity in a complex and changing environment
  • ISO 13824:2020, 3.8 – the ability of a system to reduce the likelihood of failure, to absorb effects of such failure if it occurs, and to recover quickly after failure


Business continuity is defined in ISO 22301:3019, 3.3, as the capability of an organization to continue delivering products and services within acceptable time frames at predefined capacity during a disruption.

Things to Consider

Effective risk management must consider two factors:

  • Protect – resilience to the negative impact of the event
  • Sustain – the ability to bounce back quickly from the event’s impact

Risk management plans must take both factors into account. There needs to be a balance between protection and sustainability that gives the business the flexibility it needs to respond efficiently to the impact of the event.

For a plan to be effective it needs to be thorough and reliable. It needs to consider things such as:

  • What mistakes can and cannot be made
  • Organization’s long-term commitment
  • What is the big picture?
  • What hurdles must be overcome? – e.g. insufficient funding/staffing, regulatory climate, existing policies, competitive pressures of short-term goals


When doing this, businesses need to avoid the temptation to ignore current information because it may be painful. Companies that successfully navigate these difficult waters will often face these difficulties head-on and act accordingly.

Risk Mitigation

An effective mitigation strategy requires the identification and analysis of all possible risks to assets that could adversely affect the organizations ability to deliver high-value services. Assessments should be an ongoing process, with new risks being identified and previously identified risks being regularly reviewed. The end result must be that all risks are identified, and mitigation strategies are employed.

When assessing risk within the organization, it should not be forgotten that disruptions will have a cascading effect. In the case of the COVID-19 pandemic, the initial risk to health led to travel restrictions, lockdowns and homeworking, which then led to security concerns over remote working and reduced demand for consumer goods.

This simple example shows how one event can create multiple negative events. To encapsulate the complete organization, risk assessment must consider a wide variety of factors, including the availability of raw materials and packaging, the origins of raw materials, supply chain requirements, back-up suppliers (and their approval), increased cleaning and sanitation, and transportation shortages. These must all be considered alongside the more direct factors being impacted by COVID-19, such as the need to implement social distancing, supplies of PPE, illness and the requirements of workers.

Third-Party Certification

In a rapidly changing world, one area where there is certainty in the cosmetics industry is certification. Despite the knock-on effects of the pandemic, the owners of standards, such as ISO 22301, have worked hard to ensure continuity. In most cases, remote auditing has been allowed and, in many cases, SGS also has the ability to grant 6-month extensions to the current certification.

ISO 22301

Businesses with an effective business continuity plan (BCP) have responded best to the pandemic. While no industry has been unaffected, organizations with a business continuity management system in pace have generally been impacted less and have been able to return to normal quicker.

ISO 22301:2019 Security and resilience — Business continuity management systems — Requirements – provides an organization with a framework for effective business continuity. It provides a structure that will allow the business to respond most efficiently to a crisis.

Enabling a business continuity management system will allow an organization to identify, evaluate and control risks on a continuous basis. In essence, this is building resilience into the BCP. The advantage of ISO 22301 is that it not only considers predictable disruptions, such as labor union strikes, but also unpredictable disruptions, such as a pandemic. This is because it focuses on the impact of the disruption rather than the cause. In this way, it allows the organization to build a BCP that identifies activities that are essential for meeting business obligations.

Turning a Crisis into an Opportunity

One positive from lockdown is that it has given businesses a chance to evaluate where they are and where they want to be. ISO 22716:2007 Cosmetics — Good Manufacturing Practices (GMP) — Guidelines on Good Manufacturing Practices – provides guidelines for the production, control, storage and shipment of cosmetic products. A key component of achieving this standard for GMP is effective training.

SGS provides a variety of courses to help operators in the cosmetics industry undertake continuous training of their staff. During lockdown, much of this training has been performed virtually, using SGS’s range of online teaching systems. These include Adobe Connect, which allows the learner to take part in live training with an instructor.

While COVID-19 has undoubtedly been a shock the cosmetics industry, it is also an opportunity for businesses to assess their performance and introduce improvements. This can be both in the form of training for their staff and the creation of a more effective BCP.

Learn about SGS GMP Audit Services.



Your name

Your e-mail

Name receiver

E-mail address receiver

Your message




Sign up