This document specifies the structure and requirements for implementing and maintaining an effective business continuity management system (BCMS). An organization should develop business continuity that is appropriate to the magnitude and type of impact that it may or may not accept following a disruption. The outcomes of maintaining a BCMS are shaped by the organization s legal, regulatory, organizational and industry requirements, products and services provided, processes employed, size and structure of the organization, and the requirements of its interested parties. A BCMS emphasizes the importance of: understanding the organization's needs and the necessity for establishing business continuity policies and objectives; operating and maintaining processes, capabilities and response structures for ensuring the organization will survive disruptions; monitoring and reviewing the performance and effectiveness of the BCMS; continual improvement based on qualitative and quantitative measures. A BCMS, like any other management system, includes the following components: a) a policy; b) competent people with defined responsibilities; c) management processes relating to: -policy; -planning; -implementation and operation; -performance assessment; -management review; -continual improvement; d) documented information supporting operational control and enabling performance evaluation.