ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

This standard speaks into  the structure and requirements for implementing and maintaining a business continuity management system (BCMS) that develops business continuity within an organisation experience disruption.

A BCMS emphasises the importance of:

• understanding the organisation’s needs and the necessity for establishing business continuity policies and objectives;

• operating and maintaining processes, capabilities and response structures for ensuring the organisation will survive disruptions;

• monitoring and reviewing the performance and effectiveness of the BCMS;

• continual improvement based on qualitative and quantitative measures.

The purpose of a BCMS is to prepare for, provide and maintain controls and capabilities for managing an organisation’s overall ability to continue to operate during disruptions.

• supporting its strategic objectives

• creating a competitive advantage

• protecting and enhancing its reputation and credibility

• reducing legal and financial exposure

• reducing direct and indirect costs of disruptions

• protecting life, property and the environment

• providing confidence in the organisation’s ability to succeed

• improving its capability to remain effective during disruptions

• addressing operational vulnerabilities

The management process of BCMS are categorised by the following:

• policy

• planning

• implementation and operation

• performance assessment

• management review

• continual improvement

The outcomes of maintaining a BCMS are shaped by the organisation’s legal, regulatory, organisational and industry requirements, products and services provided, processes employed, size and structure of the organisation, and the requirements of its interested parties.