Putting Zero Trust 2.0 into practice in five steps (InfoGuard Cyber Security Newsletter)

Ensuring business continuity: The central role of BCMS in crisis management

Business Continuity Management (BCM) is rapidly gaining in importance in the modern corporate landscape. Attention to business continuity is increasing in the wake of ever-growing challenges such as technical failures, natural disasters, human error and the accumulation of cyber attacks. In view of such risks, the need for emergency plans and catalogues of measures is obvious: If the worst comes to the worst, they enable immediate and strategic action to be taken, failures to be avoided and normal operations to be resumed. We analyse which BCM processes, guidelines and responsibilities should be implemented in the business processes so that your company can successfully overcome any challenge.

Has your company ever been affected by an emergency? Then you will know what it feels like when the world seems to stand still for a moment. Whether chaos then breaks out or the responsible departments and employees react in a coordinated and effective manner depends on a well thought-out Business Continuity Management system – a BCMS – that is integrated into the business processes.

BCM – from a stand-in to a key role on the stage of international standards

Business Continuity Management is anything but an isolated concept. BCM is to be understood as an integral part of various international standards and guidelines. All common standards such as ISO/IEC 27001, NIST CSF 1.1/2.0, CIS Controls, FINMA, NIS2 and numerous other standards refer to this. These standards provide organisations with a framework to ensure the continuity of business processes and minimise the impact of potential disruptions.

There are also specific standards that deal exclusively with Business Continuity Management (BCM):

  1. ISO 22301:2019  – Maintaining security and resilience in organisations
  2. ISO 22313:2020  – Guidance on the use of ISO 22301
  3. BSI Standard 200-4  – Securing business continuity

These standards provide the framework within which BCM is implemented. But what does it take for a successful BCMS to meet the requirements of these global standards?

To answer this question, we take a detailed look at the key components of a BCM system.

The 5 key components for a successful BCM system

Like any other management system, a BCMS must be clearly structured and comprise a number of key components.

The following five components form the basis of an effective BCMS and ensure that your organisation remains functional in any crisis:

  1. Company's own BCM guideline: This sets out the basic principles and objectives for Business Continuity Management.
  2. Organisational roles with defined and documented BCM responsibilities: Clearly defined roles and areas of responsibility ensure that all relevant stakeholders are aware of and fulfil the tasks required to ensure business continuity.
  3. Implementing a BCM process that relates to the following areas:
    a.    Politics
    b.    Planning
    c.    Implementation and operation
    d.    Performance assessment
    e.    Management review and improvement
  4. Documentation for verifiable evidence: The BCMS documentation includes all relevant guidelines, procedures, plans and reports that are important for implementation and operation of the BCM.
  5. All Business Continuity Management (BCM) processes relevant to the organisation: This includes specific measures and plans for dealing with various types of disruptions or crises

4 compelling reasons to prioritise business continuity

A successful BCMS involves more than just preparing for emergencies – it is your guarantee of survival. It enables a rapid response to disruptions – while strengthening the resilience and efficiency of your organisation.

Let's take a look at the four most important advantages at:

Aspects to prioritise in the BCMS Resulting benefits
Understanding organisational needs and setting guidelines and targets for operational continuity:
A clear understanding of business processes and the potential impact of disruptions is critical to setting appropriate business continuity goals and strategies.
Implementation and operation of measures to deal with disruptive incidents in an organisation: This includes setting up precautions to minimise the impact of disruptions and enable business-critical functions to be restored quickly.
Monitoring and reviewing the performance and effectiveness of the BCMS: Regular reviews and assessments help to ensure that BCM is effective and meets the organisation's current requirements.
Continuous improvement based on objective measurement: By analysing key performance indicators and feedback, continuous improvements are identified and implemented to enhance the resilience and efficiency of the BCMS.

Table 1: Four reasons to prioritise business continuity

Relaxed crisis management: The 8 core competences of your BCMS

By implementing guidelines, roles and responsibilities, a well thought-out BCMS ensures that companies function reliably and maintain business continuity – even in the event of a crisis.

Eight core competences of your BCMS at a glance:

  1. BCM guidelines and strategy: FINMA's guidelines concern the approval and reporting of BCM strategies and implementations as well as the review of operational risks and testing activities.
  2. Roles and responsibilities: A clear allocation of roles and responsibilities is crucial for effective BCM.
  3. Business Impact Analysis (BIA): The BIA identifies critical processes and resources along with their impact on the company in the event of a failure.
  4. Defining RTO and RPO: The definition of Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) is crucial for determining recovery times and data loss limits.
  5. Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP): Defining and regularly updating these plans is essential in order to be able to react quickly and efficiently in an emergency.
  6. Crisis management and communication: A clear communication strategy and crisis organisation ensure an effective response in crisis situations.
  7. Tests and improvement measures: Regular testing of various scenarios and continuous evaluation and improvement of BCM measures are essential to ensure effectiveness.
  8. BCM criteria and test plans: The definition of clear criteria and detailed test plans facilitates implementation and review of the BCM.

The systematic integration of these implementation activities into business practices ensures that the organisation remains resilient to disruption – enabling it to maintain business continuity even in turbulent times.

BCM is therefore not just an option – it’s a necessity for companies that strive for long-term success, reliability and resilience.

A BCMS – a valuable investment in the longevity of your company

Establish a robust BCMS that suits your organisation at an early stage. After all, a well-structured and effective BCMS is crucial for ensuring continuous business operations, minimising disruptions and preventing existential crises in the event of an emergency.

Even if setting up a reliable BCMS requires some initial effort, it will pay off in the long term and ensure the future viability of your company. You can also reduce the initial outlay by seeking support in setting up your own BCMS. We will be happy to advise you and work with you to develop a robust BCMS that is optimised for your company.

Contact us at for a detailed consultation and customised concept.

Contact us now!

 

<< >>

Cyber Security

Markus Limacher
About the author / Markus Limacher

InfoGuard AG - Markus Limacher, Head of Security Consulting, Mitglied des Kaders

More articles from Markus Limacher


Related articles
CISO perspective: Proactive Cyber SCRM to protect your business continuity
CISO perspective: Proactive Cyber SCRM to protect your business continuity

In an increasingly digitally networked world, companies are more reliant than ever on a broad network of [...]
Cyber Resilience Act: Final Regulation is About to be Passed
Cyber Resilience Act: Final Regulation is About to be Passed

The Cyber Resilience Act (CRA) is the name of the new EU Regulation aimed at strengthening the cyber security [...]
The clock is ticking: stricter NIS2 guidelines from October 2024
The clock is ticking: stricter NIS2 guidelines from October 2024

The EU adopted the NIS2 Directive on cyber security in December 2022. The EU member states have until 17 [...]

Exciting articles, the latest news and tips & tricks from our experts on all aspects of Cyber Security & Defence.

Blog update subscription
Social Media
Neuer Call-to-Action