Continuity2 Business Continuity Software - - What is business continuity management?

Request A Demo Today

What is business continuity management?

Posted on February 23, 2018

What exactly is Business Continuity Management? What do the standards say? What risks does BCM capture?

Business continuity management (BCM) is a key business strategy in proactively preparing organisations and their staff to cope, should the worst happen. What that worst-case scenario is varies from enterprise to enterprise, but the business continuity lifecycle allows organisations to identify the threats it faces, analyse the impacts to business operations that those threats, if realised, might cause, and provides a framework for building organisational resilience with the capability for an effective response.

Contrary to popular belief, BCM is not just about ‘having a plan’, it is also about organisations establishing, maintaining and improving an effective, iterative system which allows them to respond effectively, should disaster strike.

ISO 22301 describes a business continuity management system as emphasizing the importance of:

  • Understanding continuity and preparedness needs, as well as the necessity for establishing business continuity management policy and objectives.
  • Implementing and operating controls and measures for managing an organization’s overall continuity risks.
  • Monitoring and reviewing the performance and effectiveness of the business continuity management system.
  • Continual improvement based on objective measurements.

Ask most operational managers, ‘what is BCM all about?’, and they will usually reply, ‘it is about what we do if the building is destroyed’. However, most BCM professionals will see this as too narrow a view, because BCM is much wider, examining operational, financial and reputational impacts, as well as building-related risks. It has now grown to encompass a range of organisational or company risks, such as:

  • physical risks, such as fire
  • interruption risks
  • personnel risks
  • legal/regulatory compliance risks
  • contractual/supplier risks
  • production/service risks
  • process, organisational and departmental specific risks
  • technical risks
  • marketing risks
  • reputational/brand risks
  • political and social risks
  • environmental risks
  • financial risks