Native ISO 22301 §8.4.4 plans, phased recovery, and a §8.5 activation log that captures every invocation. The BCM platform built to be invoked, not just authored.
The lifecycle is mapped to every framework GCC regulators audit against
BCMStack covers the full ISO 22301 / SAMA BCM Framework lifecycle in one workspace. Every stage feeds the next — and the audit log threads through all six.
BCM policy, charter, committee & programme management.
SAMA §5Risk assessment + Business Impact Analysis with configurable matrix.
ISO 22301 §8.2Continuity strategies, recovery options, IT-DR architecture choices.
ISO 22301 §8.3BCPs, DRPs, recovery activities, communications & supplier playbooks.
ISO 22301 §8.4ISO 22398 exercises, awareness & training, internal audit.
SAMA §8Improvement actions, management review, SAMA regulatory submissions.
SAMA §11Watch the 3-minute walkthrough: tenant provisioning, BCM committee setup, BIA wizard, BCP authoring, crisis-mode activation, AAR sign-off and the SAMA submission pack — all from one workspace, one audit log.
Each stage of the BCM lifecycle has the right module, the right approval flow, and the right SAMA / ISO clause mapped behind it. Below is what each pair of stages looks like inside the platform.
Stand up your BCM Committee, charter and policy in week one. Then run the analysis layer: a configurable BIA impact matrix per tenant — categories × timeframes × per-cell severity — feeding a polymorphic risk register that links to processes, applications, vendors, locations and the organisation as a whole.
Choose a continuity strategy (active-active, warm standby, manual workaround), then author the BCPs and DRPs that operationalise it. Recovery steps, communications, scope links to BIA processes and a 5-tab execution surface that's actually usable mid-crisis — not a PDF nobody opens.
ISO 22398-aligned exercises with MSEL injects and structured evaluator observations. Every observation links to an owner, a due date and an improvement action that survives the audit cycle — and rolls up into the SAMA annual test programme submission, due January.
Honest, technical, side-by-side comparisons against the platforms most often shortlisted in KSA and GCC RFPs.
Schema-per-tenant, native §8.4.4 fields, 50-60% cheaper.
Without paying Salesforce twice.
BCM-first, not GRC-with-BCM-bolted-on.
BCM, not all of GRC. Deep, not wide.
Moving off SharePoint + Excel? See BCMStack vs spreadsheets →
Every lifecycle stage produces a regulator-facing artefact. BCMStack generates preliminary and final continuity reports with review and approval workflows in a configurable format. Real-time audit-trail history and regulator-ready submission packs — Word, PowerPoint, Excel and PDF.
Our support team will do everything to make you feel comfortable with our platform and our services. Ask them.
Used by BCM teams across KSA banks, Qatar telcos and UAE government entities. We never share your email.