scope:

This International Standard for business continuity specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to prepare for, respond to and recover from disruption. The requirements specified in this International Standard are generic and intended to be applicable to all organizations (or parts thereof), regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity. It is not the intent of this International Standard to imply uniformity in the structure of a Business Continuity Managament System (BCMS), but for an organization to design a BCMS that is appropriate to its needs and that meets its stakeholders' requirements. These needs are shaped by regulatory, organizational and industry requirements, the products and services, the processes employed, the size and structure of the organization, and the requirements of its stakeholders. This International Standard is applicable to all types and sizes of organizations that wish to: a) establish, implement, maintain and improve a BCMS; b) assure conformance with stated BCMS policy; c) demonstrate conformance to others; d) seek certification/registration of its BCMS system by an accredited third party certification body; or e) make a self-determination and self-declaration of conformance with this International Standard. This International Standard can be used to assess an organization's ability to meet its own continuity needs and obligations.