Prepared in case of emergency

Implementation of a Business Continuity Management System

Ensure the continuous smooth operation of your business.

Talk to our experts

 

500+ customers place their trust in us – from startups to large companies

 

Your goal

You want to prepare yourself with business continuity management (BCM) against business interruptions caused by IT failures or harmonise BCM, emergency management and risk prevention.

 

Our service

We work together with you to establish a suitable business continuity management system that helps you to avoid interruptions to business operations due to IT failures.

 

The result

You have adequately secured your core processes against business interruptions and thus reduced cybersecurity risks, for example caused by professional ransomware attacks.

The steps to your BCM system

1. Basics

What do we need to secure?

Define the basics

First of all, it is necessary to define and create the necessary framework conditions for the Business Continuity Management System:

  • Determining the sites, business areas and processes that are to be brought into scope in the short, medium and long term.
  • Define the responsibility for establishing the system, conducting the assessments and auditing the implementation of measures.
  • Developing the methodology for the assessments - in particular time stages, criticality classes, calculation logic and thresholds.
  • Selecting the tools for documenting the assessments, for consolidation and subsequent reviews, as well as for controlling the implementation of measures and tracking tasks.
  • Development of the necessary guidelines, instructions and support to achieve reproducible and traceable results.
2. Processes

Which business processes are critical?

Evaluate business processes

The assessment of the criticality of business processes identifies the impact that the interruption of a business process has on the company. The focus is not so much on the importance of the business processes, for example their strategic significance, but rather on the effects on the operational business.

For the evaluation, the foreseeable consequences of a failure with a duration of a few minutes, hours, days up to weeks are assessed and based on this an overall criticality is determined.

In particular, the following aspects of impact are considered:

  • Impact on business operations (other business processes, products, customers, ...).
  • Financial impact (direct and indirect damage).
  • Legal consequences (violation of laws, contracts, regulatory obligations, ...).
  • Impact on image / reputation (trust of stakeholders, existing target groups, new target groups / interested parties, ...).
3. Resources

How do I avoid standstill?

Evaluate resources

Business processes depend directly on the proper "operation" of the required resources, also called supporting assets. The failure of a resource can lead to a more or less significant impairment of one or more business processes or even to a complete standstill.

An assessment of which resources have a significant impact on (critical) business processes identifies the elements that are really important from an availability perspective.

Relevant resources include:

  • Buildings / areas and rooms.
  • Infrastructure (e.g. power supply, water, internet / communication connections).
  • IT systems (hardware, software, cloud services, ...).
  • Personnel (specialists, minimum number of employees, ...).
  • Service providers / suppliers (e.g. logistics companies, suppliers, processors).
  • Information (specific know-how, order documents, ...).
4. Prevention

How to avoid the disruption

Preventive measures

Resources that have been identified as particularly critical, meaning that their failure can have a significant impact on business operations, must be protected as good as possible against disruptions and failures.

This can be achieved - depending on the resource - in the form of redundantly designed components / systems, with the help of maintenance measures, with sufficient resources or numerous other preventive measures.

A targeted and comprehensive consideration of preventive measures already taken and comparison of (further) possible measures is the focus of this phase in BCM. After all, decisions have to be made and action taken, if necessary, before a disruption and thus a possible interruption of business operations occurs.

5. Reaction

How to react in the event of a disruption

Reactive measures

In addition to preventing outages through preventive measures, reactive measures for critical resources should be prepared as part of BCM.

If there is an outage, there is usually no time to calmly look for alternative solutions, discuss options for emergency operation, or even for developing a coordinated plan for restarting operations.

That is why it is important, in 'times of peace', meaning before a serious disruption has occurred, to

  • think about options for action depending on realistic scenarios,
  • document important contacts / specialised persons and related contact details,
  • develop communication strategies for internal and external supporters,
  • describe recovery procedures for IT systems or instructions for replacing necessary resources, and
  • consider options for solutions based on the experience of other companies.
6. Review

Practicing the disruption case

Review measures

The approach and measures in the context of BCM are as dynamic as the business operations and the associated processes and resources.
Accordingly, a professional approach requires a regular review, at least annually, and adjustment as needed if relevant changes are identified.

In addition to reviewing the methodology and approach, the business processes in particular must be checked for completeness and correctness and in respect of criticality assessment. Afterwards, the (critical) resources relevant to the business processes must be validated and new ones added, obsolete ones removed and, if necessary, the assessments readjusted.

In addition, this theoretical preparatory work for an emergency situation should also be verified in the context of tests and exercises in order to find gaps before Day X and to achieve a certain routine.

 

Do you want help to help yourself?

We are particularly dedicated to the transfer of knowledge during our coaching sessions, so that you can operate your BCM system independently and continuously develop it after we have completed our work. Are you looking for this kind of support?

Yes, let's talk

What is BCM all about?


Business continuity management is about ensuring that critical business processes run smoothly. To achieve this, it is important that resources that are urgently needed for these business processes function as intended, i.e. that they are implemented as resilient as possible and / or that workarounds and alternative options are available.

In order to achieve this goal, it makes sense to evaluate the processes and associated resources, focusing on the essential elements. For these elements, it is important to check the measures already in place to reduce outages and to prepare measures to keep unavoidable outages as short or as low as possible.

Other services on Business Continuity Management

ISMS Policy Templates Preview

Individual ISMS & BCMS guidelines, ISO 27001 & NIS2-compliant - up-to-date, tested & tailored to your company. Discover the latest templates now!

Read more
Emergency & crisis organization preview

Customize crisis management: Be confidently prepared for emergencies with clear organization, defined processes and suitable equipment.

Read more
Emergency & crisis team drill preview

Test the effectiveness of your measures with an emergency & crisis team exercise. Prepare your organization, processes and equipment specifically for an emergency.

Read more