Business Continuity

Run a structured BIA across your process inventory. Score each process on criticality using configurable dimensions: financial impact, regulatory impact, reputational impact, and operational dependency. Acuna calculates a composite criticality score that drives prioritisation for RTO/RPO assignment and resource allocation. Results feed directly into management dashboards so committees see a data-driven priority list, not department lobbying.

Record Recovery Time Objective (RTO), Recovery Point Objective (RPO), and Maximum Tolerable Period of Disruption (MTPD) for every process. Each target is linked to the owning business unit and responsible individual. Targets surface in resilience reports and are compared against actual recovery capabilities during exercises. When a target is missed in a test, the gap is visible to auditors without manual reconciliation.

Define impact scenarios: loss of premises, IT outage, key supplier failure, cyber incident, pandemic, and map them to affected processes. Each scenario shows which critical processes would be disrupted, what the cascading impact looks like, and which recovery plans apply. This is the bridge between a theoretical BCP and a practical operational response.

Link processes to the assets, systems, people, and suppliers they depend on. Acuna visualises dependency chains so you can identify single points of failure (SPOFs) before they cause outages. When a critical asset or supplier is flagged, every dependent process surfaces automatically, giving resilience teams and auditors a connected view instead of isolated spreadsheet tabs.

Structure recovery strategies and crisis playbooks alongside the same process inventory used for ISO 22301 or internal resilience testing. Each plan references its target processes, required resources, activation criteria, and responsible teams. Plans are versioned so you can show auditors the evolution from one review cycle to the next.

Schedule and track continuity exercises: tabletop, walkthrough, simulation, or full failover. Record exercise objectives, participants, observations, and gaps. Link findings back to specific processes and recovery plans so follow-up actions close the loop. Exercise history provides the evidence trail ISO 22301 auditors look for.

Purpose-built dashboards show BIA coverage, criticality distribution, RTO/RPO compliance, exercise completion rates, and open gaps. Export reports for resilience committees, board presentations, and regulatory submissions. The data comes from live process records, not a static slide deck updated once a year.

Business continuity data connects to the rest of Acuna: processes link to controls in Implement, risks in Enterprise Risk, suppliers in Supplier Shield, and evidence in Assure. A single process record is the source of truth across modules, no duplicate inventories, no reconciliation spreadsheets.

Acuna scores each process across configurable impact dimensions: financial, regulatory, reputational, and operational. Each dimension is rated on a consistent scale, and a composite criticality score is calculated automatically. The score drives prioritisation: processes with the highest criticality get RTO/RPO targets first, and resilience committees see a ranked list instead of subjective department rankings.

Yes. You create impact scenarios (e.g. data centre outage, key supplier failure, pandemic) and map them to processes. Acuna shows which critical processes each scenario would disrupt, the expected cascading impact, and which recovery plans apply, giving you a concrete view of your exposure for each threat type.

RTO defines how quickly a process must be restored, RPO defines how much data loss is acceptable, and MTPD defines the absolute maximum time a process can be unavailable before the impact becomes unacceptable. Acuna records all three per process and flags inconsistencies, for example, an RPO that exceeds the MTPD.

Yes. By mapping processes to their asset, system, people, and supplier dependencies, Acuna highlights where a single dependency failure would take down one or more critical processes. SPOFs are flagged in the dependency view and can be linked to mitigation actions or risk treatment plans.

Create exercise records with type (tabletop, walkthrough, simulation, full failover), objectives, participants, and scheduled dates. After the exercise, record observations, gaps, and follow-up actions. Findings link back to specific processes and recovery plans, and the exercise history provides the evidence trail auditors expect under ISO 22301.

Yes. Processes can be linked to suppliers, and when a supplier is flagged as critical or high-risk in Supplier Shield, every dependent process surfaces in the continuity view. This cross-module connection is how you show SPOFs that span both internal systems and critical third parties.

The module is designed with ISO 22301 requirements in mind: structured BIA, documented recovery strategies, exercise tracking with evidence, and management review reporting. You can map your BCM programme to ISO 22301 clauses in Comply and use the evidence from Business Continuity to demonstrate conformance during certification audits.

Dashboards show BIA coverage percentage, criticality score distribution, RTO/RPO target compliance, exercise completion rates, and open gap counts. Reports can be exported for resilience committees and board presentations. The data is live, it reflects the current state of your process inventory, not a snapshot from the last annual review.