Let’s start with the formal definition: A business continuity management system is an holistic management process that identifies potential threats to an organisation and the impacts to business operations those threats, if realized, might cause, and which provide a framework for building organisational resilience with the capability of an effective response that safeguard the interests of its key stakeholders, reputation, brand and value-creating activities. (ISO 22301, clause 3.4)
In essence the business continuity management system enables you to establish policies and objectives and allows you to implement them. The management system includes organisational structure, policies, planning activities, responsibilities, practices, procedures, processes and resources.
Business continuity proactively improves an organization’s resilience against the disruption of its ability to achieve its key objectives. It’s a rehearsed method of restoring an organisation’s ability to supply its key products and services after a disruption.
The business continuity management system is part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity.
The business continuity management system is the overall management system while the business continuity plan consists of the documented procedures that guide organizations to respond, recover, resume and restore operations to a pre-defined level of operation following a disruptive incident.
The business continuity plan typically covers resources, services and activities required to ensure the continuity of critical business functions. The key components of a business continuity management system include the following:
People with defined responsibilities Management processes relating to:
Implementation and operation
Documentation providing auditable evidence
Any business continuity management processes relevant to the organization.
The business continuity management system requires an understanding of the organization’s needs and the necessity for establishing business continuity management policy and objectives.
It also requires implementing and operating controls and measures for managing an organization’s overall capability to manage disruptive incidents.
There also needs to be monitoring and reviewing the performance and effectiveness of the business continuity management system and continual improvement based on objective measurement.