Business continuity: Why do you need it? [CISMP]

Value of business continuity management

Business continuity management and disaster recovery are about an organisation being prepared for business disruption and taking the necessary actions to get the business operational as soon as possible after an incident occurs.

Disaster recovery planning primarily looks at the recovery of IT, how you can restore the networks, systems, applications, and data that are going to be necessary for the business to be run.

Business continuity management is focused more on the products, services, and customer-facing elements of our business. So, how can you continue to provide critical services, even in an interrupted or crippled state? This is all about continuity of critical business functions, so that if something goes wrong, you can reduce the overall impact of that business interruption.

You’ll start by looking at the value of business continuity management to an organisation before looking at the business continuity management process. Then, you’ll investigate the impact of business disruption on an organisation, including how long disruption should be tolerated before looking in detail at the implementation process and implementation planning.

You’ll conclude by reviewing the plan-do-check-act cycle to ensure plans are robust and continually reviewed.

Business continuity management

A business continuity plan will ensure that your organisation continues in the event of a disaster.

To put this in the context of information security, what would happen if your primary workplace was compromised, would you know where your information was backed-up and how to access it?

This is why creating and understanding your business continuity plan is essential to protect your organisation’s information and profits.

As with disaster recovery, the planning itself will revolve around your organisation’s people, premises, processes, and procedures. However, unlike disaster recovery, the emphasis here is on the recovery of business and workgroup functions, like working groups and customer-facing areas.

Hand preventing wooden block from knocking over the next wooden block in the chain.

Business continuity management is valuable to an organisation because:

  • It reduces exposure to business risk. This is where risk management and business continuity management are part of the same business practice. However, risks are not all equal. Some critically affect the business operation and others result in operational inconvenience. For example, if a natural disaster damages the building your company works in, it could obviously result in a loss of business continuity. However, a storm in a different geographical location could cause a temporary loss of communication.
  • It increases the resilience of the organisation, by identifying the areas where it can improve and be better placed to resist the effects of a major incident. For example, if loss of power is a risk to an organisation, a sufficient amount of backup generators can be installed to restore power.
  • It identifies and mitigates the risks related to failures in the supply chain. Many manufacturing organisations are reliant on suppliers and problems can soon filter through the chain. For example, when a memory chip plant in Japan was damaged by the Kobe earthquake, PC manufacturers were facing a shortage of components within weeks.
  • It helps manage the risks of failures by key service providers. Having a robust business continuity management programme allows organisations to gain competitive advantage over less proactive rivals.

Although BCM is often used in planning and preparation for high-impact, low-probability events like earthquakes and pandemics, it can also be used for managing day-to-day incidents. On their own, some incidents may not be significant, but can become serious if they’re allowed to accumulate over time.

What’s next?

As you’ve seen, business continuity is all about keeping things running smoothly no matter what. If you ignore business continuity, the disruption could be disastrous for your organisation.

In the next step, you’ll focus on the steps required to get your plan in motion!


This Course will begin by helping you understand the difference between business continuity and disaster recovery. From here, there will be more focus on the value that business continuity brings, before you are introduced to the critical steps for implementing your own plan. Finally, you’ll learn how to assess the impact of business disruption, including how long it can be tolerated for.

About the Author
Learning Paths

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.