Business Continuity encompasses the plans, processes, and procedures that enable an organization to continue critical operations during and after a disruptive event. Unlike disaster recovery which focuses on IT systems, business continuity addresses the entire organization including people, facilities, communications, and supply chains.
A business continuity program includes business impact analysis to identify critical processes, continuity strategies for maintaining operations, plan development and documentation, testing through exercises, and ongoing maintenance as the organization changes.
CISSP Relevance
Domain 1 (Security and Risk Management) covers business continuity planning as part of organizational resilience. The exam tests understanding of BIA, recovery strategies, plan components, and testing types (tabletop, walkthrough, simulation, parallel, full interruption). Know how business continuity differs from and integrates with disaster recovery.
ISO 22301 provides the framework at ISO 22301 Business Continuity Management.
Related terms: Disaster Recovery, Business Impact Analysis