This is a much tighter, more concise document with some long overdue improvements:
- Overall language and terminology has been modernized
- Business Continuity Management (BCM) vs. Business Continuity Planning (BCP)
- Cloud services and virtualization are things!
- The governance section lays out board and management roles more clearly
- Risk Management takes center stage
- Pointers on how to align BCM practices and Risk appetite
- BCP/DR Testing -- clear distinctions between DR testing for information systems and tabletop/BCP exercises
- Event Management and Incident Response are addressed separately and in detail
- Appendix J is rolled up into the main body of the document under the Resilience section -- includes Third Party and Cyber resilience
