This article provides an overview and summary of the COBIT 5 process Manage Continuity, which is part of the Management – Run (Deliver, Service, Support) domain.

The purpose of this COBIT 5 process is to implement a plan to enable the organisation and IT to respond to incidents and disruptions and continue operations of critical organisation processes and required IT services by maintaining availability of information and systems in the event of a significant event/disaster.

The following sub-governance processes are further supported by a list of control activities:

  1. Define the organisation continuity policy, objectives and scope. Define organisation continuity policy and scope aligned with organisation and stakeholder objectives.
  2. Maintain a continuity strategy. Evaluate organisation continuity management options and choose a cost-effective and viable continuity strategy.
  3. Develop and implement an organisation continuity response. Develop an organisation continuity plan (BCP) based on the strategy objectives.
  4. Exercise, test and review the BCP. Test the continuity arrangements on a regular basis to validate the recovery plans and procedures.
  5. Review, maintain and improve the continuity plan. Conduct a management review of the continuity capability at regular intervals to ensure its continued suitability and  effectiveness.
  6. Conduct continuity plan training. Provide all concerned resources with regular training sessions.
  7. Manage backup arrangements. Maintain availability of organisation mission critical information and services.
  8. Conduct post-resumption review. Assess the performance of the BCP following the successful restoration of organisation processes and services after a disruption.

For more information please contact Morland-Austin at