Business Continuity, Disaster Recovery and ISO 22301
What is Business continuity management?
Business continuity management (BCM), is a type of risk management designed to address the threat of disruptions to business activities or processes.
It involves managing risks to ensure that mission-critical functions continue to provide an acceptable level of service, even in the event of a major disaster.
Effective business continuity can be attained through the implementation of a business continuity management system (BCMS).
ISO 22301 – the international business continuity standard
The international standard ISO 22301:2012 provides a best-practice framework for implementing a BCMS, enabling you to minimise business disruption and continue operating in the event of an incident. An ISO 22301-aligned BCMS will include disaster recovery and business continuity plans to help your organisation recover critical operations as quickly as possible.
Buy the standard
What is the purpose of business continuity management?
BCM involves planning for any potential disaster by identifying potential threats to an organisation and analysing their impact on its day-to-day operations.
Effective BCM ensures the business is able to provide a minimum acceptable service in the event of a disaster, and helps preserve corporate reputation, image and revenue.
A growing body of legislation requires businesses in essential areas to implement effective business continuity arrangements. Globally, corporate governance regulations require directors to “exercise reasonable care, skill and diligence” to mitigate risks facing the organisation.
Organisations operating in critical infrastructure industries will soon be required to implement incident response capabilities in line with the requirements of the Directive on security of network and information systems (NIS Directive). BCM provides best practice to effectively manage business interruptions and incidents, and to support organisations in meeting the Directive’s requirements.
The current cyber threat landscape has made business leaders more aware of the risks of cyber attacks and the importance of being able to respond to and recover from such attacks.
Effective BCM, based on international best-practice standards such as ISO 22301, can protect organisations from widespread business disruption in the event of a successful cyber attack.
Read about the benefits of effective BCM
What is the difference between business continuity and disaster recovery?
Although the terms ‘business continuity’ and ‘disaster recovery’ are often used interchangeably, they are two distinct – if overlapping – disciplines.
Disaster recovery plans are often relatively technical and focus on the recovery of specific operations, functions, sites, services or applications, and form part of a wider BCMS. A BCP might contain or refer to a number of disaster recovery plans.
In essence, business continuity is about working through the disruption, whereas disaster recovery is about resolving the disruption.
The business continuity management lifecycle
Effective BCM is centred around the stages of the BCM lifecycle, and involves identifying threats, performing a business impact analysis (BIA), designing and implementing a business continuity plan, compiling documentation, measuring and testing performance and conducting maintenance and continual improvement work.
Business continuity planning
Business continuity planning (BCP) involves the processes and procedures for the development, testing and maintenance of business continuity plans that will enable an organisation to continue operating during and after a disaster. BCP is an essential element of a BCMS.
Plans typically detail how to manage incidents that affect all the organisation’s business-critical processes and activities, from failure of a single server all the way through to complete loss of a major facility. BCP is a response to an enterprise-level risk assessment.
Best practice for BCP is set out in ISO/IEC 22301.
Disaster recovery planning
Disaster recovery planning (DRP) usually takes place within the BCP framework. Disaster recovery plans are often relatively technical and will focus on the recovery of specific operations, functions, sites, services or applications. A single business continuity plan might contain or refer to a number of disaster recovery plans. Best practice for disaster recovery is set out in ISO/IEC 22301.
Let’s get started on your BCM project
Let us share our expertise and support you on your journey to ISO 22301 compliance. Browse our range of bestselling products, services and simple solutions.
Speak to a BCM expert
Whatever the nature or size of your problem, we are here to help. Get in touch today using one of the contact methods below.