Continuity management: drawing up and implementing a BCP

Numerous natural disasters (Hurricane Irma, heatwave in June 2017, flooding in the Var in 2010), technological accidents (Brétigny-sur-Orge rail accident, crash of flight 9525 Germanwings) as well as corporate crises (Toyota, Volkswagen, Ikea) have demonstrated the occurrence of incidents and are likely to affect all sectors, both public and private. Organizations must now engage in a comprehensive and systematic process of prevention, protection, preparedness, mitigation and response, continuity and recovery. When continuity plans are put in place, companies face up to turbulence and react, as they did at Aéroports de Paris when Terminal 2E collapsed, or again in 2005 with the Leclerc chopped steak crisis.

The security of vital facilities and activities, or critical infrastructures (a concept that emerged in the United States after September 11, 2001), has become a constant concern for public authorities since the major technological accidents and natural disasters that marked the 20th century and the beginning of the 21st century. Security has become a major concern since the events of September 11, 2001. Nuclear activities, which by their very nature carry potential risks in terms of contamination and irradiation, have from the outset been the subject of safety studies designed to ensure the absence of catastrophic consequences in the event of failure during normal operation.

To help organizations minimize the risks associated with disruptions, in 2012 ISO officially launched ISO 22301, "Societal security – Business continuity management systems – Requirements". This is the first international standard for business continuity management (BCM). It replaces the current British standard BS-25999.

The aim of business continuity is to cope with a crisis, and to ensure that one or more departments continue to operate smoothly.