Business Continuity Management Committee

  Get BSI Newsletters - quick sign-up here

What is BCM/1?

BCM/1 is the committee that develops BSI standards and documents in the area of business continuity and contributes to European, US and International activities. The official remit is to cover:

  • Standardization in the area of business continuity management, aimed at increasing continuity and incident management capabilities through technical, human, organizational, operational, and management approaches as well as through interoperability and awareness amongst all interested parties and stakeholders. This standardization includes the disciplines of information and communications technology, insofar as that relates to continuity of operations of an organization
  • National standardization that provides protection from and response to risks of unintentionally, intentionally, and naturally caused crises and disasters that disrupt and have consequences on an organization.

BCM/1 has 40 members, many of whom represent specific constituencies or organizations. Others have been co-opted for their particular technical expertise. Participants come from all sectors of the UK economy, including private, public and not-for-profit organizations. 

Documents produced to date

BS 25999-1:2006Business continuity management. Code of practice


BS 25999-2:2007
Business continuity management. Specification


BS 25777:2008
Information and communications technology continuity management. Code of practice
(this has now been superseded by ISO 27031)


PD 25666
Business continuity management. Guidance on exercising and testing for continuity and contingency programmes


PD 25111
Business continuity management. Guidance on human aspects of business continuity



Documents in production (either from BCM/1 or with strong input):


PD 25888
Business continuity management. Guidance on organization recovery following disruptive incidents

QS 2011

PD 25222
Business continuity management. Guidance on supply chain continuity

 Q4 2011

ISO 22301
Continuity management systems –Requirements

Q2 2011

ISO 22313
Continuity management systems – Guidance
 Q4 2012

NB Participants who have the necessary expertise are commonly very busy in their normal work positions. Thus, the time available to work on the development of BSI standards may sometimes be limited, delaying the production of drafts and the review and commenting on new proposals.

How do committee outputs fit together?

BS 25999 Parts 1 and 2 are the core of the current Business Continuity suite, with
PD 25111, PD 25666, PD 25222, PD 25888 and ISO 27031 providing additional guidance.

There is also close proximity to PAS 200 Crisis Management – Guidance and good practice, ISO 31000 Risk management - Principles and guidelines and ISO 27001 Information security management systems - Requirements.

International Standardization

There are currently two international standards in development in the area of continuity (ISO 22301, ISO 22313.  The expectation is that when these are published they will replace 25999-1 and 25999-2.

Frequently Asked Questions

  • How do the BCM documents fit with Risk Management International Standard ISO 31000?
    ISO 31000 came out in late 2009, after BS 25999. Since the release of ISO 31000 it is generally accepted to be the common framework for risk management. Future ISO Continuity standards and documents will broadly compliment ISO 31000.

  • How do the BCM documents fit with PAS 200 on Crisis Management?
    When BS 25999 was written it was assumed that a Crisis was incorporated into the term ‘incident’. PAS 200 takes the assumption that a crisis is distinct from an incident and providers specific insight into dealing with an incident.


  • How do the BCM documents fit with the area of Organizational Resilience?
    Organizational Resilience is an emerging term. The current perspective is that BCM is part of Organizational Resilience, and the term Organizational Resilience also incorporates other disciplines.

  • How do the BCM documents fit with ISO 27001 on Information Security, given that this has a section on continuity?
    ISO 27001 does have a section on continuity, but this is purely from an Information Security perspective. This section does not cover the full breadth of Business Continuity Management. ISO 27031 (scope previously BS 25777) aims to bridge the gap between Business Continuity and Information Security. 

  • How do I get more information about being involved with the committee?
    Email the committee secretariat to get involved directly in the commitee. 
    Learn more about BSI Committees.

  • What types of Business Continuity documents are available from BSI?
    4 types of Business Continuity standards and standards-like documents are available from BSI:
     - British Standards (BS 25999, etc)
     - Publically Available Specifications (PAS 2015, etc)
     - Published Documents (PD 25666, etc)
     - Forthcoming International Standards (ISO 22301, etc).
    More details on these types of documents are available under Product Definitions.

  • More generally, how can I suggest new ideas for standards?
    Visit the standards proposal site.


  • BS 25999-1
    (translations also available in French, Spanish & German)

  • BS 25999-2
    (translations also available in French, Spanish & German)

Please contact Tim McGarr for further questions.

 Your basket
Your basket is empty