It provides a capability for an effective response that safeguards the interests of its major stakeholders and reputation at an operational level. BCM comprises the policies and procedures to be executed to ensure that an organization's critical functions continue to be carried out, even in the event of a disruption or crisis.
The process involves identifying potential threats and their probability of occurrence, highlighting CBFs, and developing recovery strategies and procedures to ensure that products and services continue to be delivered to consumers.
The CBFs required for the organization to continue operating must be determined beforehand so that the relevant BCM personnel can devote time, effort, and resources to ensuring that these critical functions are prioritized and recovered when a disruption occurs.
Within the standard BCM Team, one finds that multiple personnel with their respective roles and responsibilities are involved within most organizations. Here are some relevant parties key to a BCM Program’s success.
Responsible for the entirety of an organization’s BCM program.
Responsible for the direction and guidance of the holistic development of the organization’s BCM program. The Committee is also responsible for making strategic recovery and continuity planning decisions in a crisis.
Directly responsible for the overall coordination of the BCM program.
Directly responsible for their own individual business unit’s BCM. Develops detailed procedures for their respective departments.
Understanding how these key appointment holders are mobilized to handle a cyber security incident is essential.
| Overview | BCM Team | Key Concepts | Characteristics | Back To: CIR Concepts |
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 2 Cyber Security, BCM and Relevant Concepts 2.4 Business Continuity Management (BCM)
Note: This version was the draft 2nd Edition, which will be updated in 2025. The numeric in the square bracket [X-X] refers to the actual chapter and section in the 1st Edition.
| Business Continuity Management | Crisis Management | Crisis Communication | IT Disaster Recovery | ISO22301 BCMS Auditor | Operational Resilience | Operational Resilience Audit |
| BCM-300 | CM-300 | CC-300 | DRP-300 | BCM-8030 | OR-300 | ORA-300 |
| BCM-5000 | CM-5000 | CC-5000 | DRP-5000 | BCM-8530 | OR-5000 | ORA-5000 |