Business Continuity Management
Government organizations are legally obligated to protect their operations from disruption. The International Standards Organization (ISO) has established standards for business continuity.
Your CEO is responsible for ensuring your organization has appropriate business continuity management arrangements in place.
Requirements for business continuity
Every organization must have preparations in place to handle disruptions to their business. They must:
- Take action to ensure they can operate to the fullest extent (even if at a reduced level) during and after an emergency
- Carry out business continuity planning activities to:
- Fulfill your response and recovery roles
- Minimize risks of business disruption
- Put plans and strategies in place for maintaining critical business processes.
ISO Standards
The ISO 22301:2019 Security and resilience — Business continuity management systems — Requirements (opens in a new tab) standard outlines the requirements for these webpages.
Supporting standards cover specific components of the business continuity management programme, including:
- ISO22300:2018 - Security and resilience -- Vocabulary
- ISO 22313:2012 BCMS — Guidance
- ISO 22316:2017 Organisational resilience — principles and attributes
- ISO 22317:2015 BCMS — Guidelines for business impact analysis
- ISO 22318:2015 BCMS — Guidelines for supply chain continuity
- ISO 22330:2018 BCMS — Guidelines for people aspects of business continuity
- ISO 22331 (under development) BCMS — Guidelines for business continuity strategy
- ISO 22398:2013 — Guidelines for exercises.
Guidelines
The Business Continuity Institute (BCI) publishes Good Practice Guidelines (opens in a new tab) available to members. The lite edition of the guidelines is freely accessible to download.