Book A Demo Today

What is business continuity management?

Published on September 05, 2018

What is Business Continuity Management? How is it different from a Business Continuity Management System?

Business Continuity Management (BCM) is a key business strategy which proactively prepares organisations and their staff to cope, should the worst happen. The “worst-case scenario” can vary from enterprise to enterprise, but the Business Continuity lifecycle allows organisations to identify threats, analyse impacts to business operations and provides a framework for building organisational resilience with the capability for an effective response.

Contrary to popular belief, BCM is not just about ‘having a plan’. It is about organisations establishing, maintaining and improving an effective, iterative system which allows them to respond effectively, should disaster strike. It has the ability to safeguard the interests of an organisations key stakeholders, reputation, brand and value-creating activities.

The Business Continuity Management System (BCMS) is the part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves Business Continuity. ISO 22301 describes an effective Business Continuity Management System as emphasizing the importance of:

  • Understanding the organisation’s needs and the necessity for establishing Business Continuity Management Policy and objectives,
  • Implementing and operating controls and measures for managing an organisation’s overall capability to manage disruptive incidents,
  • Monitoring and reviewing the performance and effectiveness of the BCMS, and
  • Continual improvement based on objective measurement.

What is BCM all about?

If you were to ask most operational managers, ‘what is BCM all about?’, they will usually reply, ‘it is about what we do if the building is destroyed’.

However, most BCM professionals see this as too narrow a scope.

BCM is much wider, it is about examining operational, financial and reputational impacts, as well as physical risks. In addition to those already mentions, it has now grown to encompass a range of risks such as:

  • Interruption risks
  • Personnel risks
  • Legal/regulatory/compliance risks
  • Third party risks
  • Supply chain risks
  • Service provision risks
  • Technical risks
  • Reputational/Brand risks
  • Political and Societal risks
  • Environmental risks