Business Continuity Management (BCM) must be embedded within an organization's culture and practices to be effective. This integration occurs at two primary levels. At the Management level, leadership provides commitment, sets policy, allocates resources, and ensures the Business Continuity Management System (BCMS) aligns with strategic objectives, as mandated by ISO 22301's clauses on Leadership (Clause 5) and Planning (Clause 6). At the Operations level, business continuity is built into the day-to-day activities, procedures, and processes. This includes conducting business impact analyses, developing continuity plans, and training staff, as detailed in ISO 22301's clause on Operation (Clause 8).

B. Structural: BCMS influences organizational structure (e.g., roles and responsibilities), but "structural" is not a primary level of activity for integration itself.

D. Processes: While BC is integrated into individual processes, "Operations" is the broader, more encompassing term used in ISO 22301 (Clause 8) to describe this level of activity.

1. ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements.

Clause 5, "Leadership": This section details the requirements for top management's involvement, including establishing the business continuity policy and objectives, ensuring the integration of BCMS requirements into the organization’s business processes, and providing necessary resources. This directly supports option A (Management).

Clause 8, "Operation": This section specifies the need to plan, implement, and control the processes needed to meet BCMS requirements. This includes the business impact analysis, risk assessment, business continuity strategy, and establishing and implementing business continuity procedures. This directly supports option C (Operations).

2. Herbane, B. (2019). Rethinking business continuity management. Continuity & Resilience Review, 1(1), 38-51. https://doi.org/10.1108/CRR-09-2019-002

Section: "The strategic and operational dimensions of BCM" (pp. 42-44): The paper discusses how BCM has evolved to be both a strategic management function, concerned with organizational resilience and governance, and an operational function, focused on the tactical implementation of plans and procedures to respond to disruptions. This distinction supports the integration at both management and operational levels.

3. Wobbe, T. (2015). Implementing an ISO 22301 Business Continuity Management System. IT Governance Publishing.

Chapter 3, "Leadership and Commitment" and Chapter 7, "BCMS Operation": This official guide explicitly structures its implementation advice around the clauses of the ISO 22301 standard, dedicating distinct chapters to the strategic leadership aspects (Management) and the tactical implementation aspects (Operations), reinforcing that integration occurs at these two distinct levels.