Field guides for BCM teams in regulated industries.
Written by practitioners for practitioners — clause-level walk-throughs of ISO 22301, the SAMA BCM Framework, BIA methodology and crisis-management playbooks. No fluff, no vendor-neutral hedging; every guide reflects what we've seen work inside KSA and GCC continuity programmes.
Pillar guides
Start with a cornerstone topic.
Each pillar is a 2,000-3,000 word reference. Cluster articles hang off each one.
Business Impact Analysis: A Practitioner's Guide to BIA Methodology
Every credible BCM programme rests on a defensible BIA. This pillar covers the impact matrix, criticality ratings, RTO/RPO/MTPD, dependency mapping, and the cadence that keeps a BIA from going stale.
Read the guideCrisis Management Playbook: From First Alert to Post-Incident Review
A pillar guide on running a credible crisis-management programme: command structure, activation criteria, communications, the recovery handshake, and the post-incident lifecycle that auditors actually look at.
Read the guideISO 22301:2019 Implementation Guide — From Clause 4 to Certificate
A practitioner's walk-through of ISO 22301:2019: every clause explained, the certification path, the gaps auditors find most often, and how to operationalise the standard.
Read the guideThe SAMA BCM Framework: A Practitioner's Guide for KSA Banks and Fintechs
Every SAMA-licensed entity needs a defensible BCM programme. This guide walks through the five SAMA pillars, the documents auditors sample first, and how SAMA aligns with — and diverges from — ISO 22301.
Read the guidePillar · Business Impact Analysis
More on Business Impact Analysis
Business Impact Analysis Template: What Every BIA Record Needs
A working BIA template covering the impact matrix, dependency taxonomy, recovery objectives and review-cycle metadata. Use it as the starting point for your own BIA programme.
Read articleRTO vs MTPD vs MBCO vs RPO: Recovery Objectives Without the Confusion
Four acronyms, four different things. The most-confused vocabulary in BCM, explained with the operational distinctions that matter to planners, auditors and regulators.
Read articleBIA Dependency Mapping Without Losing Your Weekend
Dependency mapping is the half of the BIA that exposes the gaps. A practical method for mapping applications, vendors, locations, roles and data feeds without turning the BIA into a six-week exercise.
Read articlePillar · Crisis Management
More on Crisis Management Playbook
BCM vs Disaster Recovery: The Distinction That Actually Matters
BCM and DR are often used interchangeably — incorrectly. Understanding the distinction is the difference between a programme that recovers IT systems and one that keeps the business running.
Read articleWriting Crisis Activation Criteria That Hold Up at 3 a.m.
Vague activation criteria are the single biggest cause of delayed crisis response. A practical method for writing threshold-based criteria that a duty manager can apply under stress.
Read articleAfter-Action Reports That Drive Real Improvement
AAR theatre — written, filed, ignored — is the most common failure mode after a real incident or exercise. A working AAR template that produces improvement actions teams actually close.
Read articleThe Crisis Communications Playbook: Five Audiences, Five Approval Chains
Most crises are won or lost on the comms surface. A playbook covering the five audiences every comms function must manage during an incident, with pre-approved templates and explicit approval chains.
Read articlePillar · ISO 22301
More on ISO 22301
ISO 22301 §8.4.4 Fields, Explained Line by Line
The sub-clause that decides whether your BCPs survive audit. A practical walk-through of each §8.4.4 field, with examples and the common ways teams get them wrong.
Read articleISO 22301 Stage 1 vs Stage 2 Audit: What Each Auditor Actually Does
Stage 1 is documentation. Stage 2 is operational. Knowing the difference — and what each auditor will ask for — is the difference between a clean certification and an avoidable major finding.
Read articleISO 22301 §9.3 Management Review: A Template That Survives Audit
Management review is one of the most under-invested clauses in ISO 22301 — and one of the most-sampled. A practical template covering required inputs, decision capture and outputs.
Read articleThe BCM Lifecycle Explained: From Policy to Continual Improvement
The BCM lifecycle is the operating rhythm of every BCMS — the cycle that keeps plans, BIAs, exercises and reviews in motion together. A practical walk-through of the six phases.
Read articlePillar · SAMA BCM
More on The SAMA BCM Framework
Chartering a SAMA-Grade BCM Committee
SAMA expects a documented BCM committee with banking-sector composition and real decision rights. A working template for the charter — composition, mandate, cadence and decision authority.
Read articleWhat SAMA Examiners Ask First: The Opening Meeting Script
The first 60 minutes of a SAMA BCM examination set the tone for everything that follows. A walk-through of the typical opening questions and the artefacts to have ready.
Read articleHow to Implement ISO 22301 in Saudi Arabia
ISO 22301 is the international BCM standard. SAMA expects something that looks a lot like it, with KSA-specific additions. This article maps the overlap and explains how to run one programme that covers both.
Read articleLatest
Recently published.
The Crisis Communications Playbook: Five Audiences, Five Approval Chains
Most crises are won or lost on the comms surface. A playbook covering the five audiences every comms function must manage during an incident, with pre-approved templates and explicit approval chains.
Read articleHow to Implement ISO 22301 in Saudi Arabia
ISO 22301 is the international BCM standard. SAMA expects something that looks a lot like it, with KSA-specific additions. This article maps the overlap and explains how to run one programme that covers both.
Read articleAfter-Action Reports That Drive Real Improvement
AAR theatre — written, filed, ignored — is the most common failure mode after a real incident or exercise. A working AAR template that produces improvement actions teams actually close.
Read article