Business Continuity Management is the development of viable strategies, plans and actions which provide protection or alternative means of operations for critical business functions for an enterprise that if interrupted might cause damage to or loss to an organization. Best practice requires that an organization develop address business continuity management from three basic core elements:

• Crisis Management is a defined process that enables an organization to effectively respond to an event – in preparation for the resumption of business operations
• Business Continuity Planning involves the recovery of critical business functions and processes that support the delivery of core services
• IT Disaster Recovery addresses the recovery of critical IT assets that support the above critical business functions and processes.

 Legal Issues & Precedents
A body of legal precedents has been identified that can hold organizations, public and private, responsible for addressing business continuity and disaster recovery. Standards of care are required of all organizations. Not addressing business continuity from an established best practices approach violates that fiduciary standard of care. Contingency Planning and Research, Inc. has categorized the applicable statues into four basic categories:

• Contingency Planning Statues – Apply to the development of plans to ensure recoverability of critical systems
• Liability Statues – Establishment of levels of liability under “Prudent Man Laws” 
•  Life/Safety Statues – Ensuring the protection of employees in the workplace
• Risk Reduction Statues – Stipulate areas of risk management required to reduce and/or mitigate the effects of a major business disruption
• Vital Records Management Statues – Specifications for safeguarding, retention and destruction of vital records
  

Although certain legal issues and precedents pertain to certain industries, with the now adopted best practices approach to business continuity management, it is projected that the above statues will cross industry lines when the time comes to defend an organization from damages caused by the failure to meet a standard of care in protecting the organizations stakeholders.