nexalign

Glossary term

BCM

Also: Business Continuity Management

Discipline for maintaining critical business processes during disruptions. Standards: ISO 22301, BSI Standard 200-4. Mandatory under BAIT/VAIT and DORA Art. 11 in the financial sector.

BCM includes Business Impact Analysis (BIA), risk assessment, continuity strategies, BCM plans, tests, training, continual improvement. Auditable via ISO 22301 certification or BSI 200-4 audit.

Metrics: Recovery Time Objective (RTO, max acceptable downtime) and Recovery Point Objective (RPO, max acceptable data loss). Critical processes typically have RTO < 4h and RPO < 1h.

DORA Art. 11 requires a business continuity policy with backup strategy, recovery plans and regular testing. NIS2 Art. 21 (c) explicitly requires business continuity and crisis management.

Related terms

RTO / RPO

Two core BCM metrics. RTO = maximum downtime by which a process must be back online. RPO = maximum t

DORA

EU regulation on digital operational resilience in the financial sector. Directly applicable since 1

NIS2

EU directive on network and information security. Replaces NIS1, widens scope to around 30,000 Germa

BAIT

BaFin circular that concretises IT requirements for credit institutions. Specifies MaRisk AT 7.2 for

BSI C5

Cloud audit catalogue of the German BSI that defines minimum security baseline and transparency duti

AI Act Conformity Assessment

Procedure to demonstrate that a high-risk AI system complies with the EU AI Act before being placed

AI Act Risk Categories

Four-tier classification under the EU AI Act: prohibited (Art. 5), high-risk (Annex I/III), limited

Audit-ready decision

A decision whose record is structured, evidence-backed and stakeholder-signed to a level that a thir

← All termsBook a demo →