This study allowed understanding the organizational effort and the fulfillment of the normative and legal framework, in particular the set of recommendations (Recommendations) on Business Continuity Management issued by the Bank of Portugal (BdP), Securities Market Commission (CMVM) and Portuguese Insurance Institute (ISP). These recommendations were disclosed to bank entities (through Circular Letter 75/2010/DSB of 3 December of BdP) and entities of the insurance sector (through Circular Letter 11/2010 of 11 November of ISP).

UTAD and APDSI and Infosistema are grateful for the participation of all respondents.

Main conclusions

The results confirm that most organizations (52) claim to have implemented all the prudential requirements of the circular letter.

The complexity of implementation of Business Continuity Management is presented (to 34% of organizations) as the main obstacle to the development of actions that contribute to the resilience of the institution. The lack of resources is the main barrier to the development of Business Continuity Management of 23% of organizations.

Nevertheless, all institutions claimed to have already approached the subject and 62% have an integrated process in the Organization for Business Continuity management.

Since the function of Business Continuity Management is or should be, an essential business function for Organizations, it is important to attribute responsibilities at the Management level and ensure Business Continuity.

In this context, 20% of the Administrations of institutions show concerns and attribute responsibilities to the CEO for the Management of the Business Continuity program.

At the operational level, 67% of the institutions clearly-allocated responsibilities in case of an incident.