Business Continuity
Impact analysis, recovery targets, and operational resilience
Business Continuity in Acuna goes beyond a static BCP document. It connects process criticality scoring, recovery targets, dependency mapping, impact scenarios, and asset relationships in one operational view, so resilience committees, auditors, and operations all work from the same data. Whether you are implementing ISO 22301, meeting DORA operational resilience requirements, or running your own internal continuity programme, the module gives you a structured, auditable foundation.
Interactive demo
See how it works.
Capabilities
What Business Continuity does.
FAQ
Common questions about Business Continuity.
Acuna scores each process across configurable impact dimensions: financial, regulatory, reputational, and operational. Each dimension is rated on a consistent scale, and a composite criticality score is calculated automatically. The score drives prioritisation: processes with the highest criticality get RTO/RPO targets first, and resilience committees see a ranked list instead of subjective department rankings.
Yes. You create impact scenarios (e.g. data centre outage, key supplier failure, pandemic) and map them to processes. Acuna shows which critical processes each scenario would disrupt, the expected cascading impact, and which recovery plans apply, giving you a concrete view of your exposure for each threat type.
RTO defines how quickly a process must be restored, RPO defines how much data loss is acceptable, and MTPD defines the absolute maximum time a process can be unavailable before the impact becomes unacceptable. Acuna records all three per process and flags inconsistencies, for example, an RPO that exceeds the MTPD.
Yes. By mapping processes to their asset, system, people, and supplier dependencies, Acuna highlights where a single dependency failure would take down one or more critical processes. SPOFs are flagged in the dependency view and can be linked to mitigation actions or risk treatment plans.
Create exercise records with type (tabletop, walkthrough, simulation, full failover), objectives, participants, and scheduled dates. After the exercise, record observations, gaps, and follow-up actions. Findings link back to specific processes and recovery plans, and the exercise history provides the evidence trail auditors expect under ISO 22301.
Yes. Processes can be linked to suppliers, and when a supplier is flagged as critical or high-risk in Supplier Shield, every dependent process surfaces in the continuity view. This cross-module connection is how you show SPOFs that span both internal systems and critical third parties.
The module is designed with ISO 22301 requirements in mind: structured BIA, documented recovery strategies, exercise tracking with evidence, and management review reporting. You can map your BCM programme to ISO 22301 clauses in Comply and use the evidence from Business Continuity to demonstrate conformance during certification audits.
Dashboards show BIA coverage percentage, criticality score distribution, RTO/RPO target compliance, exercise completion rates, and open gap counts. Reports can be exported for resilience committees and board presentations. The data is live, it reflects the current state of your process inventory, not a snapshot from the last annual review.
Related answers