The Business Continuity Institute Good Practice Guidelines 2018 Edition

The world’s leading institute for business continuity and resilience, The Business Continuity Institute (BCI), has finalised the highly anticipated Good Practice Guidelines (GPG) 2018 edition. The guidance is for professionals who are initiating a new business continuity programme or those who are reviewing or revising an existing one.

The 2018 edition features both new design and content. Appearance-wise, the BCM Lifecycle has moved from a separate stand-alone cycle of activities, to become a series of inter-connected cogs. The management disciplines are shown as separate but closely linked cogs to represent the relationship between the disciplines. The importance of collaboration between these disciplines is emphasised throughout the guidelines.

The Policy and Programme Management Professional Practice has been revised to show how business continuity has become more established, with programmes being embedded in more organisations. The Embedding Professional Practice has also changed to cover the integration of business continuity into business as usual activities using a collaborative approach to improve organisational resilience. It deals with the importance of understanding and influencing organisational culture, with greater emphasis being placed on an organisation-wide approach. It includes adapting to change, and engaging with individuals and groups more effectively.

The Analysis Professional Practice has been subject to the greatest change to bring it into alignment with ISO/TS 22317:2015; the international standard for Business Impact Analysis (BIA) guidance. While different BIA methods exist, the GPG 2018 edition provides guidance for professionals to apply and adapt these methods as appropriate to the organisations they work in. Combined with a risk and threat assessment, the BIA remains the most effective method to analyse the organisation and to determine the business continuity requirements that will support a more informed response to disruption.

The Design Professional Practice is the BCM Lifecycle stage where solutions are identified and selected to determine how continuity can be achieved during a disruption. The move away from the strategic, tactical and operation-levels in the GPG 2018 edition has led to a more organisation-wide approach to designing business continuity solutions. The Incident Response Structure has moved from this stage of the BCM Lifecycle to the Policy and Programme Management stage when roles and responsibilities are assigned, whilst the detail of response structure development has been brought into the Implementation stage when the business continuity plans are developed.

The renamed Response Structure section has now become part of the Implementation stage. This Professional Practice retains the strategic, tactical, and operational-levels for response structure and plan development, however, the GPG 2018 edition recommends that the organisation should develop a flexible approach that is closely aligned to the existing management structure, and can deal with many different types of disruption.

The activities of exercising, maintenance and review remain key to the Validation stage of the business continuity programme. The names of the different types of exercises have been amended and guidance is provided for the development programme and the planning and delivery of exercises.

A management review is recommended in the GPG 2018 edition as an additional type of review. It provides opportunities for senior management to understand the performance of the business continuity programme and to ensure that is remains aligned to the overall objectives of the organisation. Regular review of the business continuity programme is essential for continual improvement.

For more information and to get a copy of the GPG 2018 edition, visit