Continuity Listings

The continuity listings published on this site index service providers, consultants, and technology vendors operating within the business continuity, disaster recovery, and resilience planning sector across the United States. Entries are organized to support service seekers, procurement officers, and compliance researchers who need structured access to providers aligned with recognized federal and industry standards. The scope of these listings reflects the regulatory environment established by frameworks including NIST SP 800-34 Rev. 1, FEMA Continuity Guidance Circular, and ISO 22301:2019. For background on how this directory is structured and governed, see the Directory Purpose and Scope reference page.

Geographic distribution

Listed providers operate across all 50 states, with the highest concentrations in states that host large federal contractor populations and regulated critical infrastructure operators. Virginia, Maryland, Texas, California, and Illinois account for a disproportionate share of entries due to their proximity to federal agency procurement hubs and the density of FISMA-regulated entities in those jurisdictions.

Listings are classified at 3 geographic levels:

1. National — providers with demonstrated multi-state delivery capacity and at least one federally documented engagement or recognized certification
2. Regional — providers serving defined multi-state areas (e.g., Mid-Atlantic, Southeast, Pacific Northwest) without full national coverage
3. State/Local — providers whose documented service scope is bounded to a single state or metropolitan area, including those serving state, local, tribal, and territorial (SLTT) entities as defined under Presidential Policy Directive 21 (PPD-21)

Federal agencies and contractors subject to FISMA (44 U.S.C. § 3551 et seq.) frequently require providers that can demonstrate alignment with NIST controls applicable to the specific agency's authorization boundary, which in practice limits viable vendors geographically to those with existing FedRAMP-authorized infrastructure or cleared personnel in accessible locations.

Entries are not weighted by geographic tier. A state-level provider serving a single SLTT municipality is listed under the same structural schema as a national firm, with tier clearly indicated in the entry header.

How to read an entry

Each listing entry follows a standardized structure to allow rapid comparison across providers. The fields below appear in consistent order for every record:

1. Provider name — Legal business name as registered, not a trade or marketing variant
2. Geographic tier — National, Regional, or State/Local (see above)
3. Service classification — Primary category drawn from the 4 recognized plan types: Business Continuity Plan (BCP), Disaster Recovery Plan (DRP), Continuity of Operations Plan (COOP), or Crisis Communications Plan (CCP), as delineated in NIST SP 800-34 Rev. 1
4. Sector focus — Industry vertical(s) served (e.g., healthcare, financial services, federal civilian, defense industrial base)
5. Credential indicators — Active certifications held by listed personnel, such as Certified Business Continuity Professional (CBCP) from DRI International, or Associate Business Continuity Professional (ABCP) for emerging practitioners
6. Standards alignment — Documented alignment with one or more of: NIST SP 800-34, ISO 22301:2019, NFPA 1600, or FEMA Continuity Guidance Circular
7. Verification status — One of 3 statuses: Verified, Pending, or Unverified (detailed in the Verification Status section below)

A provider may carry more than one service classification. A firm offering both DRP design and full BCP development will show both codes. The primary classification is listed first and reflects the provider's documented core practice, not a self-reported preference.

For guidance on navigating entries relative to a specific procurement need, the How to Use This Continuity Resource page describes the filtering logic applied across the directory.

What listings include and exclude

Included:

• Consulting firms and independent practitioners offering continuity planning, gap assessment, plan testing (tabletop exercises, functional exercises, full-scale drills), and program management
• Managed service providers (MSPs) and cloud vendors offering DR-as-a-service aligned to documented RTO/RPO specifications
• Software vendors whose products are specifically scoped to continuity planning, BCP management, or crisis notification — not general IT infrastructure tools
• Academic and nonprofit organizations that provide continuity planning services to public-sector clients under grant or contract

Excluded:

• General IT staffing agencies without documented continuity-specific practice areas
• Insurance brokers or risk transfer intermediaries, even those marketing business interruption products
• Legal firms offering regulatory compliance counsel only, without operational continuity deliverables
• Vendors whose sole continuity-adjacent product is a data backup appliance or endpoint security tool not integrated into a documented recovery framework

The exclusion of general IT staffing and backup-only vendors reflects the classification standard maintained under ISO 22301:2019, which defines business continuity management as a holistic, process-based discipline — not a single technology function. A provider must demonstrate engagement across at least 2 phases of the plan lifecycle (assessment, design, implementation, testing, or maintenance) to qualify for inclusion.

Verification status

Listings carry one of 3 verification statuses assigned through a structured review process:

• Verified — The provider's stated credentials, certifications, and standards alignment have been confirmed against named public records, certification body registries (e.g., DRI International's credential verification portal), or publicly available federal contract award data accessible through SAM.gov
• Pending — Documentation has been submitted and is under active review; the entry appears in the directory with this status flag prominently displayed
• Unverified — The entry is derived from publicly available business registration or procurement data but no credential or alignment confirmation has been completed

Verification does not constitute endorsement, and a Verified status reflects document review only — not performance assessment or client outcome evaluation. Credential verification for CBCP and ABCP designations relies on DRI International's published registry. Federal contract history is cross-referenced against SAM.gov award records where provider names allow unambiguous matching.

The Continuity Listings index is reviewed on a rolling basis; providers whose certifications lapse or whose SAM.gov registrations expire are downgraded to Unverified status pending updated documentation.