Business Continuity & ISO 22301
What is BCM (business continuity management)?
BCM is a type of risk management designed to address the threat of disruptions to business activities or processes.
It involves making and validating BCPs (business continuity plans) to ensure you can respond to and recover from potential threats as effectively as possible.
What is the difference between business continuity and disaster recovery?
Although the terms ‘business continuity’ and ‘disaster recovery’ are often used interchangeably, they are two distinct – if overlapping – disciplines.
Disaster recovery plans are often relatively technical and focus on the recovery of specific operations, functions, sites, services or applications, and form part of a wider BCMS. A BCP might contain or refer to a number of disaster recovery plans.
In essence, business continuity is about working through the disruption, whereas disaster recovery is about resolving the disruption.
How BCM can help you meet your regulatory requirements
A growing body of legislation requires organisation to demonstrate a degree of organisational resilience; implementing business continuity measures is a good place to start.
Section 174 of the UK Companies Act 2006 requires directors to “exercise reasonable care, skill and diligence” when performing their duties, which includes mitigating risks to the organisation.
Organisations offering essential services need to implement incident response capabilities in line with the requirements of the NIS Regulations (Network and Information Systems Regulations 2018):
- DSPs (digital service providers) within scope have the explicit requirement to put business continuity measures in place.
- Although not an explicit requirement for OES (operators of essential services), we strongly encourage them to consider implementing BCM measures to provide a well-defined structure for building incident response measures and managing business interruptions effectively.
The international standard ISO 22301:2012 provides a best-practice framework for implementing an optimised BCMS (business continuity management system), enabling you to minimise business disruption and continue operating in the event of an incident.
An ISO 22301-aligned BCMS will include disaster recovery and business continuity plans to help your organisation recover critical operations as quickly as possible.
Learn more about BCM and ISO 22301 with our free green paper 'Business Continuity Management & ISO 22301 FAQ' >>
What is a BCMS?
A BCMS is a framework for organisations to update, control and deploy an effective BCM programme that helps them prepare for, respond to and recover from disruptive incidents. Implementing a BCMS includes the development of business continuity plans, taking into account organisational contingencies and capabilities, as well as the organisation’s individual business needs. ISO 22301 provides the specification for a best-practice BCMS.
A BCMS helps organisations cope with incidents affecting all business-critical processes and activities, from the failure of a single server to the complete loss of a major facility.
Disaster recovery and BCMS
Disaster recovery plans are often formed within the context of a BCMS. They are relatively technical and will focus on the recovery of specific operations, functions, sites, services or applications.
Disaster recovery plans are focused on returning an organisation back to ‘business as usual’ after a disruptive incident and achieving total recovery, where business continuity management is about making sure the organisation can continue to function during a disruption.
How IT Governance can help you
- We have helped more than 600 clients with management system implementation and certification projects around the world.
- We offer a wide range of BCM products and services, including books, and documentation toolkits to support your implementation journey.
- We take an integrated approach to compliance so we can align your BCMS with your needs for information security, quality management etc.
- Our advice is always pragmatic, and we work according to your budget, timeframe and organisational needs. No organisation or project is ever too big or small.
Speak to an expert
If you would like to know more about BCM or ISO 22301, or the products and services we can provide your organisation, please contact one of our experts.