What is Continuity Management?
Continuity Management (or Business Continuity Management, BCM) is the set of measures, plans and processes that enables an
organisation to continue or recover critical processes after a disruption.
This covers more than ICT outages: it also addresses fire, cyber incidents, power failures, pandemics or physical damage.
Continuity management ensures that an organisation is prepared for the unexpected — with minimal impact on services, safety and reputation.
🧠 Why is continuity management important?
| Objective | Explanation |
|---|---|
| Recovery within an acceptable time | Ensuring that vital processes are quickly available again |
| Protecting reputation | Avoiding uncertainty, chaos or loss of trust |
| Compliance and audits | BIO, ISO 22301, IEC 62443, legislation such as the Dutch Wbni |
| Increasing resilience | Making processes and systems robust against outages or attacks |
🧱 Building blocks of continuity management
| Component | Description |
|---|---|
| Business Impact Analysis (BIA) | Analysis of which processes are critical and how quickly they must be recovered |
| Risk assessment | What could threaten continuity? See also risk management |
| Business Continuity Plan (BCP) | Concrete plans and scenarios for recovery |
| Drills and testing | Tabletop tests, technical failover tests, crisis simulations |
| Policy and ownership | Governance around who decides, who acts, who communicates |
| Alignment with Incident Response Plan | IT or OT incidents may trigger activation of continuity plans |
🔄 Relationship to other plans
| Plan | Relationship to continuity management |
|---|---|
| Risk management | Continuity management addresses risks with high impact |
| Security policy | Embeds BCM principles, recovery objectives, roles and responsibilities |
| Incident Response Plan | Focuses on the immediate handling of an incident; BCM focuses on broader continuation |
| Crisis communication plan | Part of BCM: communication during a disruption is critical |
| Cyber insurance | Provides additional financial cover for recovery costs and damage |
🏭 BCM in an OT context
In Operational Technology (OT), disruption can have direct consequences for physical processes:
| OT situation | Continuity measure |
|---|---|
| SCADA outage | Redundancy, fallback control or manual procedures |
| Sabotage or cyber attack on PLCs | Recovery from a verified backup, segmentation, restricted access |
| Energy/water failures | Emergency provisions, fail-safe design, detection and alarming |
| Supplier outage | Second source, supply-chain SLAs, local stock |
In OT the emphasis is on availability and safety, ahead of confidentiality.
🔐 Recovery objectives
| Recovery objective | Explanation |
|---|---|
| RTO (Recovery Time Objective) | How quickly must something be available again? |
| RPO (Recovery Point Objective) | How much data loss is acceptable (in time)? |
| MTPD (Maximum Tolerable Period of Disruption) | The absolute limit of downtime without irreparable damage |
These objectives are typically determined during the Business Impact Analysis.
✅ Best practices
- Embed BCM into policy and the annual cycle
- Test plans annually (or more often in vital sectors)
- Link BCM across both IT and OT — silos are a risk
- Make BCM part of tender requirements and contracts
- Set up communication processes (internal and external)
📌 In summary
Continuity management ensures that your organisation keeps running — even when things go wrong.
In modern, digital and OT-driven environments, preparation is not a luxury but a necessity.