Business Continuity Management
What is Business continuity management?
Business continuity management (BCM), is a type of risk management designed to address the threat of disruptions to business activities or processes.
It involves making and validating business continuity plans (BCPs) to ensure you can respond to and recover from potential threats as effectively as possible.
ISO/IEC 22301:2012 sets out the requirements for a business continuity management system (BCMS) and is considered the only credible framework for effective business continuity management in the world.
Continuing to provide an acceptable level of service throughout a disruptive incident helps preserve corporate reputation and, ultimately, revenue.
Demonstrating that you have effective business continuity measures in place can also improve your insurance premiums and provide new contract opportunities.
This can be best attained by implementing a business continuity management system (BCMS) aligned with the international standard ISO 22301:2012.
Purchase your copy of the ISO/IEC 22301:2012 Standard here
What is the difference between business continuity and disaster recovery?
Although the terms ‘business continuity’ and ‘disaster recovery’ are often used interchangeably, they are two distinct – if overlapping – disciplines.
Disaster recovery plans are often relatively technical and focus on the recovery of specific operations, functions, sites, services or applications, and form part of a wider BCMS. A BCP might contain or refer to several disaster recovery plans.
In essence, business continuity is about working through the disruption, whereas disaster recovery is about resolving the disruption.
- Based on analysis
- Regularly tested
- Requires regular review and management
- Awareness organisation-wide, embedded in the culture and deployed throughout the business
Business Continuity Plan
- Based on guesswork
- Can become outdated
- Lack of organisational awareness, deployed in a limited division of the organisation and not part of the culture
How BCM can help you meet your regulatory requirements
A growing body of legislation requires organisations to demonstrate a degree of organisational resilience; implementing business continuity measures is a good place to start.
Section 174 of the UK Companies Act 2006 requires directors to “exercise reasonable care, skill and diligence” when performing their duties, which includes mitigating risks to the organisation.
Organisations offering essential services need to implement incident response capabilities in line with the requirements of the NIS Regulations (Network and Information Systems Regulations 2018):
- DSPs (digital service providers) within scope have the explicit requirement to put business continuity measures in place.
- Although not an explicit requirement for OES (operators of essential services), we strongly encourage them to consider implementing BCM measures to provide a well-defined structure for building incident response measures and managing business interruptions effectively.