Emergencies and crises that strike companies unprepared can quickly threaten the continuation or even the existence of such companies.

Glass manufacturers are a good example: The equipment used in glass manufacturing is extremely expensive and can be irreparably damaged by a single outage. An existence-threatening scenario and highly relevant due to last year's energy crisis.

This is where BCM, or Business Continuity Management, comes into play. The goal of BCM is to ensure that a business remains as operational as possible during an emergency through preventive measures.

After all, no matter how long a company has been around or how established it is, unforeseen events such as natural disasters, power outages, cyber attacks or even pandemics can occur at any time. The COVID pandemic is a prime example: supply shortages, staff shortages, and a lack of infrastructure for mobile working caught many companies off guard and accumulated to major economic damage.

In this article, we look at BCM: What is it? What does it do? How does it work? Plus, we'll show you how BCM and emergency management relate.

What exactly is Business Continuity Management (BCM)?

Business continuity management describes a management system and is part of information security.

The objective of BCM is to prevent or limit outages and disruptions to business operations through preventive or prepared reactive measures. As a result, the company has better chances to maintain operational continuity, critical business processes and the ability to act in case of an emergency.

To do this, it is first necessary to determine which business processes are critical, assess the associated risks and then derive appropriate preventive measures.

But that's not enough: When an emergency occurs, it must also be professionally managed (= response).

This is where emergency management comes into play: crisis or emergency management describes the response to non-preventable incidents with significant financial or legal consequences for business operations, reputation or the physical well-being of people.

Learn more about emergency and crisis management here.

How does BCM work?

BCM is usually a management responsibility and is often set up as part of an ISMS (Information Security Management System). Nevertheless, it's important to note that BCM is a holistic concept that must also be supported and implemented by employees. More on this later.

When creating a BCM system, it is common to proceed in several phases, starting with the identification of critical business processes and assets, evaluating them in the context of risk management, and then deriving preventive and reactive measures.

Here's an overview of how to build a BCM step-by-step.

Identify processes

Get an overview of your process landscape

Which business processes exist at all? The first step is to get an overview of all business processes.

BIA of processes

Identify critical processes

As part of a "Business Impact Analysis" (BIA) an assessment is made of how critical a failure would be for the respective business processes. The result is an overview of all the critical business processes.

BIA of assets

Understand important interdependencies

In this step, only the critical business processes and their dependencies are considered. Specifically, this is about which "assets" need to be available to enable a certain critical process. Assets can be, for example, personnel, systems or facilities.

Emergency plans & awareness

Prepare for a crisis situation

Now considering the critical assets and business processes: How can the company prevent various failure scenarios (power outage, cyber attack, etc.) or respond to them in the inevitable emergency? Education and training on BCM and cyber security is an important aspect of prevention.

Regular validation

Check if your BCM is up-to-date

BCM is as dynamic as everyday business. Therefore, the critical business processes and their risk assessment, as well as the measures should be regularly reviewed and adjusted if necessary.

Demo and consultation? Pricing? References?

Get a demo account and let's talk about your needs in a web meeting. We'll show you how to effectively train your workforce on BCM.

How do businesses benefit from BCM?

An effective BCM has many advantages.

First of all, there are some mandatory regulations that require a BCM. Especially in the area of critical infrastructure. In addition, BCM is a must for companies seeking certain certifications such as ISO 27001.

Even beyond regulations and certification BCM is a rewarding practice, because a well thought-out BCM will protect critical business processes and ensure continuity of operations in the event of an emergency. And this can make or break the existence of a company, if we recall the initial example of a glass manufacturer.

A functioning BCM not only serves the company's own operations, but also its customers, who depend on a functioning operation. This applies in particular to operators of critical infrastructure such as power plants or waterworks, but also to software providers, without whose software a company cannot accept payments or make reservations, for example.

BCM & Emergency Management: Tips for Management & Employees

Managers and crisis teams are responsible for preventing failures (= BCM). Yet in the event of an emergency they must also manage the response in a way that limits damage as much as possible (= emergency and crisis management). No easy task - but possible if well prepared.

Tips for crisis teams & management:

Develop emergency plans: Responsible parties can create action plans in the event of an emergency and brief all responsible parties on a regular basis.
Emergency simulations: Theory is good, practice is better! Regular emergency & crises drills help test the team's responses, identify weaknesses and improve the effectiveness of emergency plans.
Emergency communication plans: A clearly structured communication plan ensures that relevant information is passed on quickly and reliably to the right people through the right channels in an emergency.
Cyber security training for employees: Well-trained employees know how to act in case of emergency in order to minimize damage and not endanger the security of those involved by acting recklessly. Additionally, they are less likely to be targeted by cyber attacks that could result in emergencies in the first place.

Tips for employees:

Even though managers and crisis teams bear a great responsibility for business continuity: In an emergency, it's often onto each individual. That's why we a IS-FOX have created an e-learning that teaches all employees in an easy-to-understand way, what BCM is and what it is important for.

Employees also learn, how they can support in case of an emergency and in preparing for a possible emergency:

Knowing where to find information: Employees need access to the most important emergency contact data.
Not leaving mobile work devices at the office: Especially if emergency information is only accessible via these devices.
Participate in training and education: Training on BCM should be offered and required.
Report incidents: Employees should always report an incident or suspected incident in a timely manner.
Follow instructions from the crisis team: In an emergency, employees should remain calm and follow the crisis team - avoiding unnecessary chaos.
No uncoordinated communication: A crisis situation should never be communicated to third parties (e.g. the press) in an uncoordinated way. It is better to leave communication to the professionals.

Our conclusion

By implementing a BCM professionally and conscientiously, and by communicating and training employess and managers regularly, companies are well prepared for a wide range of incidents and emergency situations. We can help you to make the topic of BCM easy and understandable for everyone involved. Feel free to contact us at any time with questions or for a demo access.

Request free demo

BCM: Business continuity management definition & concept