What is Business continuity management?
Business continuity management (BCM), is a type of risk management designed to address the threat of disruptions to business activities or processes.
It involves making and validating business continuity plans (BCPs) to ensure you can respond to and recover from potential threats as effectively as possible.
Find out how to create a BCP
Continuing to provide an acceptable level of service throughout a disruptive incident helps preserve corporate reputation and, ultimately, revenue.
Demonstrating that you have effective business continuity measures in place can also improve your insurance premiums and provide new contract opportunities.
This can be best attained by implementing a business continuity management system (BCMS) aligned with the international standard ISO 22301:2012.
Learn more about ISO 22301
ISO 22301 – the international business continuity standard
The international standard ISO 22301:2012 provides a best-practice framework for implementing a BCMS, enabling organisations to minimise business disruption and continue operating in the event of an incident. An ISO 22301-aligned BCMS will include disaster recovery and business continuity plans to help your organisation recover critical operations as quickly as possible.
Buy the standard
What is the difference between business continuity and disaster recovery?
Although the terms ‘business continuity’ and ‘disaster recovery’ are often used interchangeably, they are two distinct – if overlapping – disciplines.
Disaster recovery plans are often relatively technical and focus on the recovery of specific operations, functions, sites, services or applications, and form part of a wider BCMS. A BCP might contain or refer to several disaster recovery plans.
In essence, business continuity is about working through the disruption, whereas disaster recovery is about resolving the disruption.
Learn more about the difference between business continuity and disaster recovery
How BCM can help you meet your regulatory requirements
A growing body of legislation requires organisations to demonstrate a degree of organisational resilience; implementing business continuity measures is a good place to start.
Section 174 of the UK Companies Act 2006 requires directors to “exercise reasonable care, skill and diligence” when performing their duties, which includes mitigating risks to the organisation.
Organisations offering essential services need to implement incident response capabilities in line with the requirements of the NIS Regulations (Network and Information Systems Regulations 2018):
- DSPs (digital service providers) within scope have the explicit requirement to put business continuity measures in place.
- Although not an explicit requirement for OES (operators of essential services), we strongly encourage them to consider implementing BCM measures to provide a well-defined structure for building incident response measures and managing business interruptions effectively.
Find out how BCM can help you comply with the NIS Regulations
Let’s get started on your BCM project
Let us share our expertise and support you on your journey to ISO 22301 compliance. Browse our range of bestselling products, services and simple solutions.