A framework for business continuity management

An enterprise is exposed to risks—such as acts of terrorism, natural disasters and utility failure—which may disrupt operations, disaffect customers and compromise business credibility and revenue streams. Risk can also be introduced to an enterprise through changes—such as automation, down-sizing, process re-engineering or outsourcing of processes and services—each of which may also bring changes in the type of risk. This paper proposes a framework for the design, implementation and monitoring of a business continuity management programme within the context of an information strategy.