QUALITY MANAGEMENT 43 QUALITY access to success Vol. 18, No. 161/December 2017 1. Introduction By recognizing the positive gains of having effective management systems in place in conformity with the ISO standards, more and more companies decide to implement an integrated management system. This implies determining ob- jectives of the management system in accordance with the organization’s needs, ensuring a strong management commit- ment, supporting the management system by good documen- tation,monitoringandreviewingit,conductingregularinternalor external audits and management review, and gaining benefits through continual improvement. Organizations are increasingly exposedtothreatsofdisruptiveevents,suchassystemfailures, staff loss, or natural disasters, and they need to protect their business and reduce the losses due to disruptions. Therefore, business continuity management (BCM) provides a methodo- logy which allows for integration of the recovery process within the preventive framework of the risk assessment (Zeng and Zio, 2017). A BCM system can be considered jointly with other management systems. However, most companies now realize that it is not sufficient to implement a generic, “one size fits all” business continuity plan. For an effective response, such a plan must be customized to specific needs of the business, and its afferent potential risks and threats (Sahebjamniaa et al., 2015; Torabi et al., 2016). Taking into consideration the severe potential disruptions that might happen (e.g., natural disasters, environmental accidents, technology failures and terrorist attacks), organiza- tions of all sizes and types should now engage in a com- prehensive and systematic process of prevention, protection, preparedness, mitigation, response for business continuity and recovery (Tucker, 2015). Also, they must proactively adopt measures to reduce the likelihood of a disruption, not only minimize the consequences of the disruption (Faertesa, 2015). In this respect, ISO 22301 “Societal security – Business continuity management systems – Requirements”, an inter- national standard for Business Continuity Management System (BCMS),hasbeendevelopedtohelporganizationsminimizethe riskofsuchdisruptions.ABCMSisaboutidentifyingthoseparts of the organization that it can’t afford to lose – such as information, technology, premises, people, supplies – and planning how to maintain these, if an incident occurs. Any inci- dent, large or small, whether it is natural, accidental or de- liberate, can cause major disruption to the organization. Therefore, business continuity plans are critical to the continuous operation of the business (Babaa et al., 2014). Delayscouldcausetotheorganizationlossofvaluablebusiness to its competitors, or loss of its customers’ confidence. Despite this knowledge, according to the ISO survey 2015, only 613 ISO 22301 certificates were issued in Europe in 2014 and 813 in 2015 (Figure 1). United Kingdom dominates by far the ranking with 411 ISO 22301 certificates issued in 2015 (and the trend line is increasing faster than in the other countries), followed by Netherland (n=78), Turkey (n=56), Poland (n=54) and Spain (n=51). In Romania, in 2015, 22 ISO 22301 certificates have been issued relative to 21 certificates in 2014 How Prepared are Small and Medium Sized Companies for Business Continuity Management? Carmen PĂUNESCU The Bucharest University of Economic Studies, Bucharest, Romania E-mail: carmen.paunescu@ase.ro Abstract The necessity of adoption of a business continuity management system is now well recognized by organizations all over the world. Businesses are increasingly subject to incidents and disruptions, which can severely impact their growth and performance. Even so, companies tend to prepare only the plans for response due to their financial constraints and lack of experiences. The development of well-established business continuity plans that take into consideration the potential interruption risks and threats to an organization and their associated impacts to business operations, as well as that promote proactive management and preparedness to respond to disruption should be a key goal for each organization. This paper proposes a framework for developing and implementing a business continuity management system, in conformity with the international standard ISO 22301, for efficient and effective resuming and recovering of critical operations after being disrupted. Particularly, the paper analyzes the extent to which companies of small and medium size operating in the capital of Romania are prepared for and consider implementation of a business continuity management system. For this purpose, 48 questionnaires completed by companies through face-to-face interviews have been analyzed and further interpreted in the paper. Results indicate that the companies investigated are aware of what a business continuity management means and take into consideration to some extend its development and adoption. Thus, while 65% of the companies researched identify the variety of risks or threats that could cause their business interruption, only 46% actually asses those risks or threats. Also, only 25% of the companies investigated exercise their whole business continuity plans. Keywords: business continuity management system, ISO 22301, business continuity planning, risk assessment, small and medium companies, Romania.