Business Continuity Management

What is Business continuity management?

Business continuity management (BCM), is a type of risk management designed to address the threat of disruptions to business activities or processes.

It involves managing risks to ensure that mission-critical functions continue to provide an acceptable level of service, even in the event of a major disaster.

Effective business continuity can be attained through the implementation of a business continuity management system (BCMS).

ISO 22301 – the international business continuity standard

The international standard ISO 22301:2012 provides a best-practice framework for implementing a BCMS, enabling you to minimise business disruption and continue operating in the event of an incident. An ISO 22301-aligned BCMS will include disaster recovery and business continuity plans to help your organisation recover critical operations as quickly as possible.

Buy the standard

What is the difference between business continuity and disaster recovery?

Although the terms ‘business continuity’ and ‘disaster recovery’ are often used interchangeably, they are two distinct – if overlapping – disciplines.

Disaster recovery plans are often relatively technical and focus on the recovery of specific operations, functions, sites, services or applications, and form part of a wider BCMS. A BCP might contain or refer to a number of disaster recovery plans.

In essence, business continuity is about working through the disruption, whereas disaster recovery is about resolving the disruption.

How BCM can help you meet your regulatory requirements

A growing body of legislation requires organisation to demonstrate a degree of organisational resilience; implementing business continuity measures is a good place to start.

Section 174 of the UK Companies Act 2006 requires directors to “exercise reasonable care, skill and diligence” when performing their duties, which includes mitigating risks to the organisation.

Organisations offering essential services need to implement incident response capabilities in line with the requirements of the NIS Regulations (Network and Information Systems Regulations 2018):

  • DSPs (digital service providers) within scope have the explicit requirement to put business continuity measures in place.
  • Although not an explicit requirement for OES (operators of essential services), we strongly encourage them to consider implementing BCM measures to provide a well-defined structure for building incident response measures and managing business interruptions effectively.
top
This website uses cookies. View our cookie policy
FREEE-LEARNING