Proceedings of the International scientific and practical conference ―Oxford 2026: Science and Education Today‖ (March 9-11, 2026) / Publisher website: www.naukainfo.com. - Oxford, United Kingdom, 2026. - 239 p.

7 stacks. In such contexts, BCM should be treated not as a static plan, but as an implemented capability with measurable performance outcomes (recovery time objectives, service availability, supply continuity, and decision latency). ISO 22301 frames BCM as a management system built on leadership commitment, planning, support, operational controls, performance evaluation, and improvement [1]. However, many organizations still translate this lifecycle into documents rather than executed change. The practical bottleneck is implementation: converting standards- based requirements into funded initiatives, cross-functional delivery, technology- enabled recovery mechanisms, and repeatable exercises that produce learning and improvement. Therefore, the research problem addressed in this thesis is how to implement business continuity projects as a coherent, digitally enabled program that supports enterprise development during prolonged turbulence. Literature review In work [1], ISO 22301 institutionalizes BCM as a management system, but it is intentionally non-prescriptive regarding how organizations should structure continuity initiatives as programs and projects, which often results in fragmented implementations. In work [2], ISO 22313 provides guidance on using ISO 22301 and clarifies process expectations, yet it still leaves open the question of how to prioritize and govern continuity initiatives as a portfolio under resource constraints typical of crises. In work [3], ISO/TS 22317 formalizes business impact analysis (BIA) guidance, strengthening methodological rigor for identifying critical activities and dependencies; nevertheless, BIA outputs are frequently not translated into executable project backlogs (e.g., technology recovery, supplier continuity, and workforce contingency), which reduces their operational value. In work [4], ISO/TS 22331 focuses on continuity strategy determination and selection; however, it does not resolve the implementation gap between selected strategies and delivered capabilities (architecture, tooling, training, and drills) that make strategies workable in real incidents. In work [5], ISO/TS 22332 offers guidance for developing continuity plans and procedures, but empirical practice shows that plans without systematic testing, telemetry, and governance degrade quickly in fast-changing environments. In work