BCM

Business Continuity Management

AI driven business continuity maturity, assessed against SAMA and ISO 22301. Yani reads your policies and evidence, scores every control, and produces a structured, audit ready maturity assessment.

Book a demo See how it works

SAMA and ISO 22301 coverage
Control by control maturity scoring
Grounded in your evidence
Audit ready maturity reports

Yani BCM maturity assessment workspace with SAMA control categories — The BCM maturity assessment, organised by framework and control domain.

The challenge

Proving business continuity readiness is slow and manual

Regulators such as SAMA mandate robust business continuity, and ISO 22301 sets the bar, but assessing dozens of controls against scattered policies and evidence by hand is slow, subjective, and hard to defend.

Dozens of controls to evidence across SAMA and ISO 22301.

Subjective maturity scoring that varies by assessor.

Evidence buried across policies, plans and procedures.

Gaps surface late, often only during a regulatory review.

How it works

From policy documents to a maturity rating in four steps

Upload policies and evidence

Bring in BCM policies, BIA, BCP, DRP and supporting documents.

AI maps to controls

Yani indexes content and maps it to SAMA and ISO 22301 control requirements.

Score maturity

Each control is assigned a maturity level with supporting rationale and references.

Report and close gaps

Generate a structured maturity assessment and a clear list of gaps to remediate.

Capabilities

A complete business continuity maturity engine

Multi framework

Assess against SAMA BCM and ISO 22301 from the same evidence base.

Maturity scoring

Structured maturity levels for every control, applied consistently.

Evidence references

Each score is backed by citations to your source documents.

Gap identification

Surface missing or weak controls before regulators do.

Drill down detail

Expand any clause to its controls and subcontrols.

Enterprise security

Role based access and on premise, cloud or hybrid deployment.

SAMA BCM control domains from governance to crisis management — Full SAMA BCM coverage. Governance, strategy, BIA, BCP, DRP, cyber resilience and crisis management.

BCM strategy controls each scored with a structured and formalized maturity level — Control by control maturity scoring with rationale.

Detailed BCM control view with design assessment and evidence references — Drill into any control for design, evidence and references.

Frameworks

SAMA and ISO 22301, side by side

Assess the same evidence base against multiple standards. Yani indexes your documents once and evaluates every clause, control and subcontrol.

ISO 22301 clauses 4 to 10 with control and subcontrol counts — ISO 22301 clauses, with controls and subcontrols.

ISO 22301 Clause 4 expanded into its subcontrols — Expand any clause down to its subcontrols.

Grounded in your evidence

Built on your own documents

Upload policies, plans, procedures and audit reports. Yani assesses maturity only on what you provide, so every rating is traceable and defensible.

Uploaded BCM evidence documents marked ready for assessment — Policies, risk registers, audit reports and more, ingested and ready for assessment.

Outcomes

What resilience teams gain

2 frameworks

SAMA and ISO 22301

Every control

Scored and evidenced

Days to hours

Faster assessments

Audit ready

Structured outputs

Who it's for

Built for resilience and compliance teams

Banks and financial institutions

Meet SAMA business continuity mandates with defensible, evidence based maturity.

Risk and resilience teams

Benchmark continuity maturity and prioritise gaps across the organisation.

Internal audit and compliance

Validate BCM controls against SAMA and ISO 22301 with traceable evidence.

FAQ

Common questions

Which frameworks does Yani assess against?

BCM supports the SAMA Business Continuity Management framework and ISO 22301, assessed from the same uploaded evidence base. Additional frameworks can be added.

How is maturity scored?

Each control is assigned a structured maturity level based only on your uploaded evidence, with rationale and references so every rating is traceable and defensible.

Is our data secure and where does it live?

Role based access and on premise, cloud or hybrid deployment keep sensitive continuity documentation inside your environment.

Can it identify gaps, not just score?

Yes. Yani highlights missing or weak controls and the evidence needed to close them, so you can remediate before a regulatory review.

More products

Explore the rest of the Yani suite

Assess your business continuity maturity

Book a 30 minute walkthrough on your own SAMA or ISO 22301 framework.

Book a demo