Business Continuity refers to an organisation’s ability to maintain operations and continue delivering its essential products or services at an acceptable predefined level during and after a major disruption. It is a proactive planning process that aims to minimise the impact of a disaster or incident, such as a natural disaster, cyberattack, or supply chain failure.
Key Components & Examples
- Business Impact Analysis (BIA): The process of identifying an organisation’s most critical activities and the resources (e.g., information, systems, people) needed to support them. A BIA helps determine the maximum tolerable downtime (MTD) for each activity.
- Business Continuity Plan (BCP): A documented strategy and set of procedures that details how an organisation will respond to a disruption. It includes recovery objectives and specific steps to resume critical operations within the defined timeframes.
- Disaster Recovery (DR): A specific part of the BCP that focuses on the recovery of the technology infrastructure, such as IT systems, networks, and data, after a disaster.
ISO 27001 Context
While a comprehensive topic in its own right (with a dedicated standard, ISO 22301), ISO 27001 requires organisations to integrate information security into their business continuity plans. This is primarily addressed in ISO 27001 Annex A 5.29 Information Security During Disruption, which focuses on maintaining information security during a disruption to protect the confidentiality, integrity, and availability of information assets.
