BCM (Business Continuity Management)

BCM (Business Continuity Management) is the systematic process for ensuring business operations during disruptions, crises, and disasters. The goal is to restore critical business processes within defined timeframes.

ISO 27001 Annex A control A.5.30 (ICT Readiness for Business Continuity) requires that IT continuity is embedded in the organization’s BCM. The international standard for BCM is ISO 22301. A BCM program typically includes: Business Impact Analysis (BIA) to identify critical processes and their maximum tolerable period of disruption (MTPD), development of continuity plans, regular tests and exercises, and a crisis organization with clear roles. BCM extends beyond IT disaster recovery to include personnel, suppliers, and facilities.