Implementing a Business Continuity Management System to meet the requirements of the Act on the Resilience of Critical Infrastructure Entities

This master’s thesis examines the potential of using a Business Continuity Management System (BCMS) as a tool for meeting selected requirements of Act No. 266/2025 Coll., on the Resilience of Critical Infrastructure Entities. The main objective is to propose a methodological framework for the implementation of BCMS in a selected organisation from the pharmaceutical sector and to assess its applicability from the perspective of regulatory requirements imposed on critical infrastructure entities. The theoretical part is based on an analysis of scholarly literature, legal regulations, the explanatory memorandum, and the standards ČSN EN ISO 22301 and ČSN EN ISO 22313. The practical part is developed as a design-oriented applied case study of an anonymised organisation operating in pharmaceutical distribution. The core of the thesis lies in the proposal of a methodological procedure for BCMS implementation, with a focus on the planning phase of the PDCA cycle. Subsequently, a comparative analysis is conducted between the proposed BCMS outputs and the applicable requirements of the Act on the Resilience of Critical Infrastructure Entities. The results show that BCMS can serve as a suitable methodological and process framework for meeting a substantial part of the Act’s requirements, particularly in risk assessment, the resilience plan, resilience measures, and exercises. At the same time, however, the thesis shows that some administrative, notification, and personnel-related obligations must be addressed beyond the scope of the standards. The contribution of the thesis lies in the proposal of a practically applicable framework and an indicative implementation roadmap for organisations operating in a regulated sector.