Governance

GOV012

Business continuity management

Enhance your organisation’s resilience and strengthen your security measures with a business continuity management programme.  

GOV3 - Prepare for business continuity

Maintain a business continuity management programme, so that your organisation’s critical functions can continue to the fullest extent possible during a disruption. Ensure you plan for continuity of the resources that support your critical functions.

Business continuity is the capability of an organisation to continue delivery of products or services at acceptable pre-defined levels following a disruptive incident (ISO 22301: 2012).

A disruption is anything that interrupts your business as usual operations. Disruptions can occur at any time, for any reason, and their impact varies.

Causes of disruptions include natural events such as earthquakes or severe weather, loss of a key resource such as a power failure or supply chain disruption, and security threats such as cyber-attacks.


Why managing business continuity is important

A programme for managing business continuity helps you to manage the impact of disruptions, regardless of cause. A successful programme includes:

  • continual planning and improvement
  • carrying out activities to ensure you’re prepared for disruptive incidents
  • embedding business continuity into your organisation’s culture and practice.

 Business continuity management follows an ongoing cycle to:

  • confirm the scope and approach of your programme
  • identify and prioritise critical functions
  • consider the resources and requirements needed to maintain critical functions
  • identify and apply solutions to ensure you can meet the requirements you’ve identified
  • document plans for business continuity and processes for responding to incidents
  • confirm that your plans and processes work through regular exercises and reviews.


How business continuity planning strengthens your security

The information you gather for your organisation’s business continuity programme strengthens your physical and information security programmes by identifying what you need to protect.

When people from other protective disciplines in your organisation are involved with identifying potential threats and proactive measures, you can work together to improve your organisation’s resilience.

  • Set the scope of your business continuity programme
  • Identify your critical functions and their requirements
  • Develop plans to maintain your critical functions
  • Set up teams to manage business continuity in a disruption
  • Maintain your business continuity programme
  • Legal requirements, ISO standards, and best practice for business continuity management
     

Page last modified: 31/10/2018