Proceedings of the International scientific and practical conference ―Oxford 2026: Science and Education Today‖ (March 9-11, 2026) / Publisher website: www.naukainfo.com. - Oxford, United Kingdom, 2026. - 239 p.

9 Main results and discussion This thesis proposes to treat BCM implementation as a program composed of four tightly coupled project streams aligned with the BCM lifecycle and resilience strategy: (1) diagnostic stream (BIA, dependency mapping, and scenario stress testing), (2) capability stream (process redesign, alternate operating modes, supply continuity, and workforce measures), (3) ICT readiness stream (cloud and infrastructure resilience, cyber recovery, data integrity, and third-party continuity), and (4) validation stream (exercises, audits, continuous controls monitoring, and improvement). The program is governed by resilience policy and prioritization principles consistent with ISO 22336 [9], and operationally anchored in ISO 22301 requirements [1] and guidance [2]. A key innovation is the introduction of ―Continuity-by-Delivery‖: continuity requirements are decomposed into project deliverables with explicit acceptance criteria (RTO/RPO targets, maximum tolerable downtime, manual fallback cycle time, supplier switching lead time), and each deliverable must be validated through exercises and telemetry rather than documentation alone. This directly addresses the implementation gap identified across standards-focused approaches [1–5]. Digital technologies play a structuring role in the proposed model. ISO/IEC 27031:2025 emphasizes ICT readiness and explicitly includes dependencies on external services such as cloud platforms [6]; building on this, the thesis positions ICT continuity not as an IT-only plan but as an engineering and governance system where recovery is designed, tested, and monitored. For example, recovery mechanisms (infrastructure-as-code, backup immutability, segmented access control, and automated failover) are treated as projects with measurable outcomes, while operational dashboards provide continuous visibility into readiness (backup freshness, restore test success rate, privileged access anomalies, and incident response cycle time). The evidence that technology-driven controls improve continuity outcomes in practice supports this direction [10]. Furthermore, NIST SP 800-34 provides a disciplined structure for contingency planning [7], which can be modernized within the proposed approach by adding continuous validation practices