business continuity planning methodology pdf

Business Continuity Planning

• Living reference work entry
• First Online: 20 November 2019
• Cite this living reference work entry

• Markus Will 7 &
• Jana Brauweiler 7  

Part of the book series: Encyclopedia of the UN Sustainable Development Goals ((ENUNSDG))

166 Accesses

Adverse conditions ; Business continuity and resiliency planning (BCRP) ; Business continuity management (BCM) ; Crisis management ; Disaster ; Disaster recovery planning ; Disruption ; Emergency ; Hazards ; Incidents

Definitions

Business continuity planning supports an organization to continuing its operations after an incident or under adverse conditions, such as a natural disaster, disease pandemics, terrorist attacks, serious accidents, external hacker or other IT attacks, disruption of supply chains, and/or other abrupt and unexpected changes in business environment. Hence, business continuity is the organizational capability to continue delivery of products and services even under the aforementioned adverse conditions within an acceptable time frame. Business continuity planning means to identify critical core processes of the organization, to analyze business impacts, and to find backup processes and response strategies in the event of disruption. For this reason, business...

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Barnes P (2007) Business impact analysis. In: Hiles A (ed) The definitive handbook of business continuity management, 3rd edn. Wiley, Chichester, pp 145–161

Google Scholar  

Barnes P (2011) Business impact analysis. In: Hiles A (ed) The definitive handbook of business continuity management, vol 3. Wiley, Chichester, pp S 166–S 182

Bauman S, Rössig v (2018) Business Continuity Management – unverzichtbares Element eines angemessenen Risikomanagements. In: Hunziker S, Meissner JO (eds) Ganzheitliches Chancen- und Risikomanagement. Interdisziplinäre und praxisnahe Konzepte. Springer Gabler, Wiesbaden. Springer Fachmedien Wiesbaden GmbH 2018

Business Continuity Institute BCI (2002) Good practice guidelines. Business Continuity Institute, Caversham

Business Continuity Institute BCI (2010) Good practice guidelines 2010. Business Continuity Institute, Caversham

Business Continuity Institute BCI (2013) Good practice guidelines 2013. Business Continuity Institute, Caversham

Cabinet Office – Government of Japan (2012) Business continuity guidelines —strategies and responses for surviving critical incidents, 3rd edn

Cornish M (2011) Business continuity management methodology. In: Hiles A (ed) The definitive handbook of business continuity management, vol 3. Wiley, Chichester, pp S 121–S 136

DoHS (2013) Supplemental tool: executing a critical infrastructure risk management approach. Department of Homeland Security National Critical Infrastructure Priorizitation Program (NCIPP)

Hiles A (2007) The Definitive handbook of business continuity management, 2nd edn. Chichester, West Sussex, United Kingdom: Wiley

HSE (2001) Reducing risks, protecting people, HSE’s decision-making process. HSE Information Services, Norwich

HSE (2019) Risk management_ ALARP at a glance. http://www.hse.gov.uk/risk/theory/alarpglance.htm (2019-07-28)

IEC (2019) IEC/ISO risk management – risk assessment techniques. International Standardization Organization, International Electrotechnical Commission

ISO (2018) ISO 22300 – Security and resilience – vocabulary. International Standardization Organization

ISO (2019a) ISO/DIS 22301 – Security and resilience – Business continuity management systems – Requirements. International Standardization Organization

ISO (2019b) ISO/DIS 22313 – Security and resilience –Business continuity management systems – Guidance. International Standardization Organization

Kirvan PF (2011) International standards and legislation in business continuity. In: Hiles A (ed.) The definitive handbook of business continuity management, 3rd Wiley, Chichester, pg. 736–745

Lagadec P (1982) Major technological risk. Pergamon, Oxford

Mahr WH (2009) BCM-Standards: ja, aber welche? IT-Security 1(9):36–38

ONR (2014) Risk Management for Organizations and Systems — part 3: guidelines for emergency. In: Crisis and business continuity management — implementation of ISO 31000

Perrow C (1984) Normal accidents: living with high-risk technologies. Princeton University Press

Reason J (1990) Human error. Cambridge University Press, Cambridge

Book   Google Scholar  

Thiel C, Thiel C (2010) Business Continuity Management für KMU DuD – Datenschutz und Datensicherheit:6/2010

Article   Google Scholar  

Von Rössing R (2005) Betriebliches Kontinuitätsmanagement. mitp-Verlag, Bonn

Download references

Author information

Authors and affiliations.

University of Applied Sciences, Zittau/Görlitz, Germany

Markus Will & Jana Brauweiler

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Markus Will .

Editor information

Editors and affiliations.

European School of Sustainability, Hamburg University of Applied Sciences, Hamburg, Hamburg, Germany

Walter Leal Filho

Center for Neuroscience & Cell Biology, University of Coimbra, Coimbra, Portugal

Anabela Marisa Azul

Faculty of Engineering and Architecture, Passo Fundo University Faculty of Engineering and Architecture, Passo Fundo, Brazil

Luciana Brandli

Istinye University, Istanbul, Turkey

Pinar Gökcin Özuyar

International Centre for Thriving, University of Chester, Chester, UK

Section Editor information

OsloMet -Oslo Metropolitan University, Oslo, Norway

Astrid Skjerven

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this entry

Cite this entry.

Will, M., Brauweiler, J. (2020). Business Continuity Planning. In: Leal Filho, W., Azul, A., Brandli, L., Özuyar, P., Wall, T. (eds) Sustainable Cities and Communities. Encyclopedia of the UN Sustainable Development Goals. Springer, Cham. https://doi.org/10.1007/978-3-319-71061-7_2-1

Download citation

DOI : https://doi.org/10.1007/978-3-319-71061-7_2-1

Received : 02 August 2019

Accepted : 30 August 2019

Published : 20 November 2019

Publisher Name : Springer, Cham

Print ISBN : 978-3-319-71061-7

Online ISBN : 978-3-319-71061-7

eBook Packages : Springer Reference Earth and Environm. Science Reference Module Physical and Materials Science Reference Module Earth and Environmental Sciences

• Publish with us

Policies and ethics

• Find a journal
• Track your research

ISO 22301 Business Continuity Simplified: Fortify Your Business Against Disruption

By Andy Marker | June 22, 2020 (updated September 15, 2022)

• Share on Facebook
• Share on LinkedIn

Link copied

In this article, you’ll find expert tips and implementation guides, and you'll learn how ISO 22301 can buffer your business against disasters. 

Included on this page, you’ll find an International Standards Organization (ISO) 22301 audit checklist template , a simplified ISO 22301 cheat-sheet , and an ISO 22301 self-assessment checklist , as well as examples of ISO 22301 in action and an ISO 22301 quick-start guide .

What Is ISO 22301?

ISO 22301 is a global standard for business continuity planning requirements to help organizations protect themselves against disruptions. The most current version is 22301:2019, Security and resilience - Business continuity management systems - Requirements.

The requirements in ISO 22301 address disruptive incidents that can be natural or human-made, widespread or local, intentional or unintentional, such as a snowstorm, a broken water main, an epidemic, a data breach, or a phishing attack. Large or small, for- and nonprofit organizations alike can use ISO 22301.

The Business Manager’s Quick-Start Guide to ISO 22301

The ISO 22301 standard can provide benefits for your business continuity planning, even if your organization chooses not to pursue certification, or the review process that confirms your business continuity system meets all ISO 22301 requirements. 

"Certification is nice, but not required,” says Mart Rovers of InterProm. “First, seek compliance. That way, you know that your business continuity management practices are in better shape." You can start to create a solid business continuity plan with just a few simple steps, which you can also download as this ISO 22301 Quick-Start Guide .

• Check If You Already Have Continuity Plans: Find out if your organization already has business continuity plans. Search through your document management system and ask management or long-time employees. Organizations sometimes create and quickly forget about resources, or store responses locally in an informal system.  As Andrew Nichols of the Michigan Manufacturing Technology Center suggests, if your organization already implements other ISO standards, such as ISO 9001 or ISO 27000, you can leverage some of the common requirement elements for your 22301 plan.
• Identify Missing Components: Conduct a gap analysis of existing policies and processes to see what business continuity resources you need. According to Mart Rovers, one way to conduct a self-assessment is to copy into a spreadsheet each phrase of the ISO 22301 standard that contains the word "shall." Then, determine gaps between your company and the standard. "Use the standard as your guide to establishing a coherent set of practices to address business continuity management for your organization," says Rovers. You can also use Smartsheet's ISO 22301 Self-Assessment Checklist and ISO 22301 Simplified Cheatsheet for your gap analysis.
• Keep It Simple: Having binders full of perfectly formatted procedures won’t help in an emergency. Create easy-to-follow guidelines and checklists and, more importantly, build "muscle memory" in your employees through training and drills. That way, in a panic, people understand what to do without having to be told.
• Make Your Plan a Living Document: Ticking off items on an audit checklist doesn't mean you’re prepared. Frequently read, revise, and practice your plan to keep it relevant and to train new staff.

• Communicate Your Plan to Staff and Other Stakeholders: Even the most well-written plan is useless if the people who can benefit from it don't know about it. Inform everyone covered by the plan that it exists, including your supply chain and other outside stakeholders.

ISO 22301 Requirements

The ISO 22301 standard offers a framework for planning, testing, and monitoring a business continuity management system (BCMS). The ISO 22301 document contains 10 sections, which introduce the standard and definitions, as well as actionable requirements of the standard. 

As with other ISO requirement documents, ISO 22301 describes only what organizations must do to reach minimum proficiency — it does not prescribe how to achieve these standards. Each organization must consider its distinct conditions and obligations to find the best way to follow the requirements.

Here is an overview of the clauses in ISO 22301 that impact an organization most: 

• Clause 4, Context: Your organization must understand what it is, what it does, and what outputs and processes it must sustain. You must also determine who has a stake in the continuity of your operations — in other words, the interested parties. For example, customers have a stake in your organization continuing to function.
• Clause 5, Leadership: Few organizational initiatives thrive without the sustained support and championship of top management. Management must commit to a business continuity plan and make available any resources — human, financial, or otherwise — to ensure its success. 
• Clause 6, Planning: To plan for sustainability, you must understand what disruptions could potentially occur and how these incidents affect the business — in other words, potential risks and their impact. Set measurable business continuity objectives to guarantee the minimum viable products or services, as well as compliance with any legal or regulatory requirements. 
• Clause 7, Support: No program can advance without resources and support. Decide what personnel, roles, and teams you need for threat response and how you can best enhance their effectiveness. Create internal and external communication procedures for reference, and communicate the continuity plan to all necessary parties before and during a crisis. Establish a document management system for key continuity documents, such as procedures.
• Clause 8, Operation: Conduct your risk assessment and business impact analysis , and plan your disruption recovery approach. Implement the recovery plan with detailed procedures, and test it regularly to verify that it works. Make sure people can find the procedures (and other documents) they need, and revise your plan as necessary.
• Clause 9, Evaluation: Establish a process to regularly measure and assess your continuity policies and procedures and their execution. Review and revise your plan and documents to ensure they are effective and relevant
• Clause 10, Improvement: Seek continual improvement in all functional and operational areas, including through periodic management reviews. Improvements in day-to-day activities help bolster the organization in times of disruption. When processes veer from the standard or fail to conform with ISO and quality management standards, implement corrective action.

Key Definitions Related to ISO 22301

Some of the following key terms and concepts originate with ISO, some with ISO 22301, and some with business continuity and risk management:

• Context: The purpose and character of the organization and the environment in which it operates. This includes internal and external influences that shape the business continuity management system.
• Disruptive Incident: A disruptive incident is an event that stops or slows the everyday work of an organization. Examples of disruptive incidents include earthquakes, internet stoppages, broken fans in a data center, or food poisoning in a cafeteria. 
• Interested Parties: Interested parties are stakeholders in the successful operation and outcomes of your business continuity plan. They can include customers, employees, suppliers, or regulatory officials.
• Leadership: In ISO 22301, leadership refers to top management or the person or people who run the organization and champion the business continuity effort. 
• Maximum Acceptable Outage (MAO): The length of time an activity or process can be unavailable or ineffective before the health and survival of the organization are threatened. 
• Minimum Business Continuity Objective (MBCO) : The lowest level of products or services that is acceptable for a business to offer during a disruption.
• Recovery Timeframe Objectives (RTO): This refers to the prioritization of key activities and the timing that makes those activities operational.

Benefits of ISO 22301 and Business Continuity Management System

If teams are already overwhelmed with their workload, they may not like to think about disasters. Furthermore, organizations might think that ISO standards include difficult jargon and that pursuing a continuity plan adds unnecessary work. However, management systems practitioners suggest that continuity preparations produce substantial gains.

“I think it's a truism that many organizations can benefit from the principles and some of the practices of resiliency and contingency planning,” says Andrew Nichols, Quality Program Manager at the Michigan Manufacturing Technology Center .

As an example of the benefits that risk analysis and preparation can yield, Nichols relates his experience of visiting a small northeastern town during a widespread winter power outage. The whole town was closed, with the exception of one restaurant that had a generator. 

“They had a line of people out the door every mealtime because nowhere else was capable,” Nichols remembers. “Somebody had the foresight to think about the loss of power. And that organization cleaned up financially because they were able to provide what the customers needed.” 

Consider these specific benefits to using ISO 22301 business continuity planning:

• Protect against and recover from disruptive incidents.
• Identify and control current and future threats.
• Improve your risk management planning efforts.
• Prevent large-scale damage.
• Become proactive in preventing problems and recovering from incidents, rather than reactive to damage and disruption.
• Reduce downtime and increase recovery time.
• Keep important activities running during disruption.
• Deliver quality products consistently. 
• Provide dependable service. 
• Prove you’re a reputable supplier.
• Prove your resilience to all stakeholders.

Experts also assert that ISO 22301 can be a simple and effective continuity tool. “All these ISO standards, they’re like hidden gems because of how fast they can get you up to speed without having to reinvent the wheel,” says Mart Rovers, President of IT consulting firm InterProm . 

“I cannot emphasize enough how within reach this standard is. Anytime people hear the word ‘ISO,’ they think, ‘Oh, that's for large organizations. Oh, that's way too formal. It's too much. It's overkill.’ I understand where this is coming from because the word ‘standard’ itself is scary for many organizations. However, the size of organization really doesn't matter. The things you should be doing in ISO 22301, you can do at a smaller scale,” says Rovers. 

Some also hesitate at the thought of certification. Both Nichols and Rovers stress that certification is not necessary for every enterprise. Although certification may be a condition of doing business for some companies, those who don’t need certification can still gain advantages from following ISO 22301. 

In weighing the pros and cons of ISO certification, Rovers suggests buying a copy of ISO 22301 , and then copying and pasting each sentence that contains the word “shall” into a spreadsheet (these sentences represent the requirements you must follow). From the spreadsheet, consider whether full ISO adoption and certification are too complicated for your organization. Regardless of your decision, you can always use the spreadsheet to conduct a self-audit.

ISO 22301 in Action

The following image provides a small sample of the possible outcomes to business continuity management.

How a Management System Helps Business Continuity

For those familiar with other ISO standards, the management system component of ISO 22301 might be a new concept. Rovers describes management systems as follows: 

“The best way to explain a management system is to imagine opening up an old watch. It has these spinning wheels, these gears. In the case of an ISO standard, you're looking at a number of requirements to put that watch together with all these spinning wheels. That watch is a coherent system. You take out one of those gears, and then the watch fails. 

“A management system for continuity follows the same idea — every requirement that the standard asks for represents one of those gears. And every requirement serves a distinct purpose (otherwise, it would not be a requirement). If you don't meet a particular requirement, the watch, so to speak, may not function as it could or should. These ISO requirements are not just there to keep you busy.”

ISO 22301 and PDCA

Each segment of the PDCA (plan-do-check-act) cycle for continuous improvement corresponds to at least one ISO 22301 clause. Organizations can use ISO 22301 to test continuity procedures, review outcomes, and implement updates or fix problems in a continuous cycle that leads to an increasingly resilient business continuity system.

ISO 22301 and Maturity Models

A maturity model measures an organization’s ability to pursue continuous improvement in key areas. ISO 22301 does not have a maturity model.

As Rovers explains, “It was never the intent of ISO 22301 to be a maturity model. You either meet all the requirements of the standard, or you don’t. You could say that by not meeting the requirements of the standard, you’re not mature. Or better said, your business continuity management practices are not mature.”

BCM Lifecycle ISO 22301

The business continuity management (BCM) lifecycle represents industry best practices and some of the core requirements of ISO 22301. These practices offer a solid foundation for resilience, while offering flexibility to adapt to changes in the organization. 

Guided by leadership, these are the key activities for the lifecycle:

• Conduct a business impact analysis and risk assessment.
• Establish a business continuity strategy.
• Establish and implement business continuity procedures.
• Exercise and test the procedures regularly before a disruption occurs.

ISO 22301 Audit Checklist Template (Excel)

Use this detailed checklist to determine if your business continuity plan aligns with ISO 22301 standards. You can use the template whether you’re applying for certification or simply pursuing a continuity management plan. 

Download ISO 22301 Audit Checklist Template

Excel  | Smartsheet

ISO 22301 Self-Assessment Checklist

This self-assessment checklist is divided into sections that correspond to clauses in ISO 22301. Use it to confirm whether your business continuity system meets the requirements for leadership, planning, support, operation, performance evaluation, and continual improvement.

Download ISO 22301 Self-Assessment Checklist Template

Excel | Word |  PDF

ISO 22301 Implementation Guide

This guide states the essential information from ISO 22301 in plain English. For best results, read it with the full standard, which is currently available for free online to support the COVID-19 response. 

Download ISO 22301 Implementation Guide Template

Excel | Word | PDF

ISO 22301 Simplified Cheat-Sheet

Use this simplified cheat-sheet to understand the basic elements of creating a business continuity plan. The template walks you through the process of determining critical aspects of your organization, writing the recovery plan, and exercising the plan to ensure proficiency. 

Download ISO 22301 Simplified Cheat-Sheet Template

ISO 22301 Business Continuity Policy Template

A business continuity policy describes the processes and procedures an organization needs in order to function well daily, including in times of disruption and crisis. This policy template includes space for BCMS objectives, a leadership description, a policy outline, and any certification details.

Download ISO 22301 Business Continuity Policy Template

ISO 22301 Business Continuity Template

Use this template to create a business continuity plan. Describe the results of your risk analysis and business impact analysis, detail your disaster recovery and continuity procedures, and list key contacts and important assets. 

Download ISO 22301 Business Continuity Template

Word |  PDF

ISO 22301 Business Continuity Sample

The Community Nonprofit Center of New York made available this business continuity template to support the response to coronavirus. Find space to detail responses to minimal and critical emergencies, a risk matrix template, and lists for information about insurance, critical assets, and responses to disruptive events.

For other most useful free, downloadable business continuity plan (BCP) templates please read our  "Free Business Continuity Plan Templates"  article.

Disaster Recovery Plan Templates

After you perform a risk analysis and business impact analysis, consider writing a disaster recovery plan. Disaster recovery plan templates , available in different formats, provide an easy-to-use structure for documenting continuity plans. Download templates specialized for IT, payroll, small businesses, and more.

To learn about the difference between recovery plans and continuity plans, visit our "Business Continuity and Disaster Recovery: Their Differences and How They Work Together" article.

ISO 22301 Versus ISO 27301

ISO 27301 provides requirements that organizations use to ensure their information and communications technology (ICT) continuity, security, and readiness to survive a disruption. The standard is often staged with ISO 22301 because both are based on similar management system approaches.

The full name of this standard is ISO 27301 - Information Technology - Security Techniques . Originally published in 2011, it is soon to be revised.

“Both [ISO 27301 and ISO 22301] ask for top management involvement and commitment, both ask that you have the right resources, that you have documentation management, that you do performance evaluations, and that you make improvements,” explains Rovers. 

They differ in the focus of the risk assessment: ISO 27001 addresses security, whereas ISO 22301 addresses business continuity. “Each area has different risks, but the approach to the risk management assessment and mitigation follows the same steps. There's enormous overlap.”

IT security continuity has significant relevance in the remote work environment. For example, while using your work laptop at home or signed into the work network, what happens when someone innocently plugs in a thumb drive that infects your laptop and corrupts the network? Both ISO 22301 and ISO 27001 work together to prevent such incidents and mitigate problems that occur.

For additional resources, visit " Free ISO 27001 Checklists and Templates ."

General Requirements Across Management System Standards

Some ISO requirements are commonly stated across the management system standards, which include ISO 22301; ISO 9001 , Quality Management; ISO 20000, IT Service Management; and ISO 27001, Information Security. Examples of common requirements include establishing objectives for the business continuity management system as appropriate to the organization, obtaining management’s commitment to supporting the system, implementing a documentation management system, conducting internal audits, and pursuing continual improvement. This functional overlap enables organizations to undertake combined audits for these standards.

Historical Foundations of ISO 22301

The concept of business continuity was borne out of the IT boom of the 1980s and 1990s. Public and private organizations realized the need to ensure continuity of service and key supplies and to mitigate the effects of disruptive events. The first formal standard reflecting these concerns was the United Kingdom’s British Standard (also known as BS) 25999, which introduced the management system concept to the business continuity discipline. 

In 2012, the global standards body ISO released ISO 22301:2012 as the first international standard for business continuity. Based on the contributions and comments of continuity professionals from assorted industries in over 60 countries, ISO 22301 superseded BS 25999. 

ISO’s consensus-based standards, such as 22301, cover practices and industries ranging from quality management, IT service, and food safety to environmental safety and information security. ISO standards aim to increase the quality and safety of many products and services, including most common household items, appliances, and cars. Although large enterprises and manufacturers usually follow ISO requirements and guidelines, organizations of all sizes and types can benefit from ISO principles. 

For ISO 22301, the standard provides a consistent BCMS framework and a universal language among organizations for communicating about continuity and aligning processes.

When they get certified in ISO 22301 and other ISO standards, organizations can demonstrate to management, legislators, regulators, customers, and other stakeholders that they follow good practices. For ISO certification, organizations need third-party verification that they comply with all requirements of a standard. 

“Certification shows you have some level of competence,” explains Rovers. “It shows you take the standard seriously. For organizations buying your goods or services, it can be a compelling reason to choose you.”

Guidance Documents for ISO 22301

For in-depth discussions of aspects of the 22301 standard, ISO offers a series of guidance documents. To those considering pursuing ISO 22301 certification, these documents provide additional insight:

• ISO 22313 - Security and resilience — Business continuity management systems — Guidance on the use of ISO 22301
• ISO 22316 - Security and resilience — Organizational resilience — Principles and attributes
• ISO 22317 - Societal security — Business continuity management systems — Guidelines for business impact analysis (BIA)
• ISO 22318 - Societal security — Business continuity management systems — Guidelines for supply chain continuity
• ISO 22330 - Security and resilience — Business continuity management systems — Guidelines for people aspects of business continuity
• ISO 22331 - Security and resilience — Business continuity management systems — Guidelines for business continuity strategy

What Is the Latest Version of ISO 22301?

The requirement document ISO 22301:2019, Security and resilience - Business continuity management systems - Requirements , was released on October 31, 2019. The update from the original 2012 version reflects changes in management system approaches and clarifies specifications around clause 8.

Build Powerful, Automated Business Processes and Workflows with Smartsheet

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. 

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time.  Try Smartsheet for free, today.

Any articles, templates, or information provided by Smartsheet on the website are for reference only. While we strive to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, templates, or related graphics contained on the website. Any reliance you place on such information is therefore strictly at your own risk. 

These templates are provided as samples only. These templates are in no way meant as legal or compliance advice. Users of these templates must determine what information is necessary and needed to accomplish their objectives.

Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.

Academia.edu no longer supports Internet Explorer.

To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to  upgrade your browser .

Enter the email address you signed up with and we'll email you a reset link.

• We're Hiring!
• Help Center

Business Continuity Management Planning Methodology

This paper explains the concept of business continuity management (BCM) with the specific focus on the BCM planning process and methodology. Before entering into the maintenance phase of any BCM program, the Organization BCM Coordinator needs to ensure that the project phases of the BCM planning methodology are succinctly implemented to meet the organization’s BCM objectives. This paper is an update of an earlier paper written in 1996 incorporating the author’s subsequent experiences and implementation while he is working in the financial regulatory environment. This BCM methodology is aligned with the BCM standard ISO 22301. The intent in the following dialog is to explain the BCM planning process in greater details. Goh, M. H. (2015). Business Continuity Management Planning Methodology. International Journal of Disaster Recovery and Business Continuity, 6, 9–16. Retrieved from http://dx.doi.org/10.14257/ijdrbc.2015.6.02

Related Papers

Information Management & Computer Security

Moh-Heng Goh

Business continuity is both a management and an asset protection issue. The ability to maintain business continuity, or to regain it in a timely manner is the asset the plan protects. An organization such as Standard Chartered Bank that plans ahead for disaster is investing in its continuity and it is now in a better position to recover and resume operation. That is just good business sense by the management.

Wolfgang Boehmer

A new model is presented for evaluating the perfor-mance of a Business Continuity Management System according to BS 25999. Performance is based fundamentally on the system's Business Continuity Plans and Disaster Recovery Plans. Typi-cally, the performance of these plans is inadequately evaluated using a number of specific exercises at various intervals and, in many cases, with a variety of targets. Consequently, it is difficult for companies to give ex-ante statements of their survival in the case of a disaster. Two key performance indicators are presented that allow the performance of a Business Continuity Management System to be evaluated according to BS 25999. Using these key performance indicators, the probability of survival can be estimated before extreme events occur. However, the two key performance indica-tors compete and their use invokes a trade-off: an alignment in favor of one key performance indicator is necessarily done at the expense of the other. A key performa...

Purpose-The purpose of this paper is to present a multi-usable business continuity planning methodology. It comprises business continuity planning on the organizational and departmental levels. Design/methodology/approach-The methodology has been developed, tested and confirmed in three comprehensive cases. Senior management, IT managers and employees in the three case organizations have participated in this action research effort during the development, implementation or training on business continuity plans and planning. Findings-The methodology has been tested and confirmed, and is suitable for explaining business continuity planning to senior managements and employees in both public and private sector organizations. Practical implications-The methodology description can be used for explaining the issues to senior managements and forms the foundation for a business continuity plan, which is part of an organization's IT-and information security program. It may also be used to explain business continuity planning to other staff in an organization. The methodology can also be used to model business continuity planning, as a basis for training planning, and as support in different training contexts to achieve individual and organizational learning on business continuity plans and activities. Originality/value-The methodology of using a staircase or capability maturity model is a commonly used concept and can be adapted to any organization.

Vesela Radovic

In today's economic environment, organizations are more threatened by consequences caused by natural and anthropogenic factors. In order to protect organizations from these consequences, there was a need to develop a comprehensive, integrated approach to crisis and business continuity management. The development of information technology is one of the main generators for rapid and stable development of these systems. In the preparation of the desired goal of this paper the authors have included: view of development (evolution) from the initial system of crisis management to the modern concept of BCCM (Business Crisis and Continuity Management) as a comprehensive system of support to companies in crisis situations. This concept provides them with business continuity in emergency situations. This study emphasizes the importance of information technology to provide significant support to the business system, with special emphasis on the protection of information systems indigenous ...

International Journal for Research in Applied Science & Engineering Technology (IJRASET)

IJRASET Publication

Organizations frequently misjudge the significance of a business continuity plan. Nobody at any point sees its importance-until disaster strikes. By then, at that point, it's past the point of no return. Any unplanned interference of typical business processes can create gigantic obstacles and exorbitant difficulties. Operations endure. Income might experience much more. Unplanned interferences take many structures. It tends to be something as basic as a blackout. It may very well be a significant tropical storm. At last, a disaster can be whatever disturbs ordinary business operations. No matter what the reason, unplanned means startling. With a business continuity plan set up, you position yourself to limit the effect and damage of a surprising occasion. A business continuity plan enables an association to keep up with fundamental processes previously, during, and after a disaster. Business continuity varies from disaster recovery in its comprehensive way to deal with the business. In this paper, we have reviewed the business continuity planning implemented in banking sector along with a comparative analysis of major Indian Banks has been implemented and studied based on risk and impact analysis.

Proceedings of the Proceedings of the 1st International Conference on Business, Law And Pedagogy, ICBLP 2019, 13-15 February 2019, Sidoarjo, Indonesia

silmie vidiya fani

Proc. NIA / ISACA Joint Seminar on Information Systems Business Continuity Planning

Rolf von Roessing

Business continuity planning and management (BCP/BCM) is a multidisciplinary subject influenced by several laws, industry standards, and other fields of research. From an insurance point of view, BCP/BCM presents a complementary subject area which suggests further convergence between the two fields. The paper examines this context of BCP and presents an integration approach. The corresponding presentation is designed to provide practical guidance on BCP integration with other business processes.

International Journal of Computer Theory and Engineering

Dheeraj Kumar

martin nemzow

Business continuity planning (BCP) is an organization’s preparation process to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions even under extraordinary circumstances. These activities include many daily tasks such as customer/member correspondence, trading activities, project management, system backups, change control, and help desk operations. Effective BCP develops a roadmap for maintaining service levels, consistency and recoverability for these daily activities. BCP can sometimes be conflated with disaster recovery; however, disaster recovery is a subset of BCP as not all business disruptions would be categorized as disasters. This module is applicable in the examinations of Fannie Mae, Freddie Mac, the Federal Home Loan Banks (FHLBanks) (collectively, the regulated entities); and the Office of Finance.

PAPG/SPE Pakistan Section Annual Technical Conference and Exhibition

Naeem Subhani

Business Continuity (BC) is happen to be a new term for Pakistan's E&P Industry. On the other hand, Crisis management (CM) is commonly coined term which is well understood in our circles. Both the terms converge for a bigger perspective. BC process ensures a resilient and secure business environment capable of enabling a quick and effective response to a crisis. At first, Health, Safety & Environment (HSE) professionals were asked to fabricate emergency response plans to protect staff and facilities in case of any unforeseen circumstances. These plans would highlight risks associated with current scenario and describe ways to protect organization and employees from any imminent threat. Long term impacts assessment and recovery plans were not the target. The modern age BC plans go beyond orthodox emergency and evacuation techniques. These plans are designed to the nature of operations and include all the aspects of the business. Professionals who have been given this task are exp...

RELATED PAPERS

hayati fahmi

Valeriu Rosu

Mehran Karimi

World Development

Guido Cortez , Leonith Hinojosa

D. Shawcross

Graça Bressan

Tony Woodall

Hematologia

Agnieszka Giza

vanderlei costa

Rafdian Rasyid

Advances in Pervasive Computing, …

Joseph Paradiso

The Astrophysical Journal

Sergei M Kopeikin

International Journal of Sustainable Development and Planning

Marcello Guido

Transactions of the Royal Historical Society

Robert Jan van Pelt

ARMANDO RENE BAUTISTA LOPEZ

Polyglot: Jurnal Ilmiah

Herman Purba

Chemistry, Technology and Application of Substances

Orest Hevus

Anastasia Suvorova

Annals of Medical Research

beyza özdemir

The Astrophysical Journal Supplement Series

C. Nitschelm

Hidrológiai Közlöny

Janos Bogardi

Physical Review B

Jozef Strecka

Journal of Biotechnology

Chandrakant Karigar

UNC毕业证书 北卡教堂山分校学位证

Alyna Chien

RELATED TOPICS

•   We're Hiring!
•   Help Center
• Find new research papers in:
• Health Sciences
• Earth Sciences
• Cognitive Science
• Mathematics
• Computer Science
• Academia ©2024

FBI says Chinese hackers preparing to attack US infrastructure

• Medium Text

Sign up here.

Reporting by Christopher Bing; Editing by Richard Chang

Our Standards: The Thomson Reuters Trust Principles. New Tab , opens new tab

Thomson Reuters

Award-winning reporter covering the intersection between technology and national security with a focus on how the evolving cybersecurity landscape affects government and business.

Chinese spies hacked the laptop of Els Van Hoof, the chairperson of the Belgian parliament's Foreign Affairs Committee in federal Parliament, back in 2021, she told public broadcaster VRT on Thursday.

Rubrik , the cybersecurity software startup that counts Microsoft among its investors, on Wednesday priced its initial public offering at $32 per share, above its indicated price range.

Technology Chevron

Reddit back up after brief outage affected thousands globally

Reddit said on Thursday it has fixed an issue that had left tens of thousands of users across the globe without access to the social media platform for more than half an hour.