Business Continuity, Disaster Recovery and ISO 22301

BCM (business continuity management) involves managing risks to ensure that your mission-critical functions continue to provide an acceptable level of service in the face of a major disaster. It is widely recognised as the most comprehensive approach to organisational resilience.

Speak to an expert

Please contact us for business continuity management advice or to speak to an expert.

Contact us

What is the purpose of business continuity management?

Effective BCM ensures that businesses can provide a minimum acceptable service in the event of a disaster. This is because BCM involves identifying potential threats in advance, analysing their impact and preparing for any disruptive event – allowing you to better safeguard your revenue and reputation.

Robust business continuity management is not only useful for preserving your reputation but also increasingly required by different regulations – corporate governance regulations worldwide stipulate that directors must exercise ‘reasonable care’ to mitigate organisational risks, and the NIS Directive (Directive on security of network and information systems) requires organisations operating in critical infrastructure industries to implement response capabilities.

As the cyber threat landscape evolves, the need for effective BCM based on international best-practice standards, such as ISO 22301, increases, as it helps organisations better protect themselves from prevalent business disruption following a successful cyber attack.

Read about the benefits of effective BCM >>>

The business continuity management lifecycle

Effective BCM is based on the BCM lifecycle: identifying threats, performing a business impact analysis, designing and implementing a business continuity plan, compiling documentation, measuring and testing performance, and conducting maintenance and continual improvement work.

Business continuity planning

BCP (business continuity planning) forms an essential component of a BCMS (business continuity management system), as it involves the processes and procedures for developing, testing and maintaining BCM. From failure of a single server to complete loss of a major facility, BCP details how to manage incidents affecting your business-critical processes and activities and is a response to an enterprise-level risk assessment.

Disaster recovery planning

Part and parcel of your BCP framework is your disaster recovery planning, which focuses on the recovery of specific operations/functions/applications, etc. and is typically technical. Best practice for disaster recovery is set out in ISO/IEC 22301.

Best practice for disaster recovery is set out in ISO/IEC 22301.

ISO 27031 – ICT continuity best practice

ISO 27031 provides recommendations specifically for ICT (information and communications technology) continuity management within the overall business continuity framework provided by ISO 22301.

ISO 27031 renders ISO 22301 relevant to ICT but can also be used on a standalone basis should an organisation wish to tackle ICT continuity management specifically.

Purchase the ISO 27031 standard here >>

Let’s get started on your business continuity management project

IT Governance has the widest range of affordable solutions that are easy to use and ready to deploy.

Speak to an expert

Please contact our team of experts for advice and guidance on our products and services.