The resources that are involved in business continuity to continue critical operations at an acceptable level are premises, information, technology, and supplies. These are the four types of resources that are defined by ISO 22301, the international standard for business continuity management systems (BCMS). According to ISO 22301, a resource is anything that can be used to achieve an objective1. The standard specifies the following types of resources and their definitions2:
Premises: The physical location where an organization operates or stores its assets.
Information: The data and knowledge that are necessary for an organization to function or provide its products and services.
Technology: The equipment, software, and systems that are used to process, store, transmit, or receive information, or to support the delivery of products and services.
Supplies: The materials, goods, or services that are required for an organization to operate or produce its products and services.
These resources are essential for business continuity because they enable an organization to perform its critical activities, which are the activities that have to be performed to deliver the key products and services that meet the minimum acceptable level of service and the needs of the interested parties3. Therefore, an organization needs to identify, prioritize, protect, and restore these resources in the event of a disruption, as part of its BCMS.
The other options are not correct because they are not types of resources that are involved in business continuity to continue critical operations at an acceptable level, according to ISO 22301. Data is a subset of information, and it is not a separate type of resource. Knowledge is also a part of information, and it is not a distinct type of resource.
References: 1: ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, 3.33 2: ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, 3.34-3.37 3: ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, 3.7 : ISO 22301 Auditing eBook, Chapter 2.2.2 : ISO 22301 Auditing eBook, Chapter 2.2.3 : ISO 22301 Auditing eBook, Chapter 2.2.4
