Business Continuity Management (BCM): Definition & Benefits

What is BCM and how can companies prepare for an emergenc

Emergencies and crises that strike companies unprepared can quickly threaten the continuation or even the existence of the affected companies.

Glass manufacturers are a good example: The equipment used to manufacture glass is extremely expensive and can be irreparably damaged by a single outage. An existence-threatening scenario and highly relevant due to last year's energy crisis.

This is where BCM, or Business Continuity Management, comes into play. The goal of BCM is to ensure that a business remains as operational as possible during an emergency through preventive measures.

After all, no matter how long a company has been around or how established it is, unforeseen events such as natural disasters, power outages, cyber attacks or even pandemics can occur at any time. The Corona pandemic is the best example: supply shortages, staff shortages, and a lack of infrastructure for mobile working caught many companies off guard and accumulated major damage.

In this article, we look at BCM: What is it? What does it do? How does it work? Plus, here's how BCM and emergency management relate.

What exactly is Business Continuity Management (BCM)?

Business continuity management describes a management system and is part of information security.

The objective of BCM is to prevent or limit outages and disruptions to business operations through preventive or prepared reactive measures. As a result, the company has better chances to maintain operational continuity, the ability to act and critical business processes as well as possible in the event of an emergency.

To do this, it is first necessary to determine which business processes are critical in the first place, how the associated risks are to be assessed, and which preventive measures can be derived.

Equal Treatment Act

But that is not enough: When an emergency occurs, it must also be managed (= response).

This is where emergency management comes into play: crisis or emergency management describes the response to non-preventable incidents with significant financial or legal consequences for business operations, reputation or life/limb of people.

Learn more about emergency and crisis management here.

How does BCM work?

BCM is usually a management responsibility and is often set up as part of an ISMS (Information Security Management System). Nevertheless, it is important to note that BCM is a holistic concept that must also be supported by the employees. More on this later.

When creating a BCM management system, it is common to proceed in several phases, starting with the identification of critical business processes and assets, evaluating them in the context of risk management, and then deriving preventive and reactive measures.

Here we show you step-by-step how to build a BCM.

Build a BCM System step-by-step

Identify business processes

Which business processes exist at all? The first step is to get an overview of all business processes.

Identify business processes

Getting an overview over your process landscape
< >

Business Impact Analyse (BIA) of business processes

As part of a business impact analysis, an assessment is made of how critical a failure would be for the respective business processes. The result is an overview of the critical business processes.

Business Impact Analyse (BIA) of business processes

Which processes are critical?
< >

Business Impact Analyse (BIA) of Assets

Here, only the critical business processes and their dependencies are considered. Specifically, this is about which "assets" need to be available to enable a certain critical process. Assets can be, for example, personnel, systems or facilities.

Business Impact Analyse (BIA) of Assets

Understanding interdependencies
< >

Preparation of emergency plans & awareness

Now it's about the critical assets and business processes: How can the company prevent various failure scenarios (power outage, cyber attack, etc.), or respond to them in the inevitable emergency? Education and training on BCM and Cyber Security is also an important aspect of prevention.

Preparation of emergency plans & awareness

Prepared for the crisis case
< >

Regular validation of the measures

BCM is as dynamic as everyday business. Therefore, the critical business processes and their risk assessment, as well as the measures should be regularly reviewed and adjusted if necessary.

Regular validation of the measures

Is our BCM up-to-date?
< >

Demo and Consulting? Prices? Use Cases?

Get a demo account and let us talk about your needs in a web meeting. We'll show you how to train your workforce on BCM.
Contact us

Which benefits does BCM offer to businesses?

An effective BCM has many advantages.

On the one hand, there are partly mandatory regulations that provide for BCM. Especially in the area of critical infrastructures. In addition, BCM is a must for companies seeking certain certifications such as ISO 27001.

Beyond that, however, BCM is rewarding even without regulations and certification, because a well thought-out BCM can protect critical business processes and ensure continuity of operations in the event of an emergency. And this can make or break the existence of a company, if we recall the initial example of the glass manufactory.

Beyond that, however, a functioning BCM serves not only the company's own operations, but also its customers, who in case of doubt depend on a functioning operation. This applies in particular to operators of critical infrastructures such as power and water generators, but also to software providers, for example, without whose software a company cannot accept payments or make reservations, for example.

BCM and Emergency Management: Tips for Management & Employees

Managers and crisis teams are responsible for preventing failures (=BCM), but in the event of an emergency they must also manage them in a way that limits damage as much as possible (= emergency and crisis management). No easy task - but not impossible.


Tips for crisis teams & management:


  • Develop emergency plans: Responsible parties can create action plans in the event of an emergency and brief all responsible parties on a regular basis.
  • Emergency simulations: Theory is good, practice is better! Regular emergency & crises drills help test the team's responses, identify weaknesses and improve the effectiveness of emergency plans.
  • Emergency communication plans: A clearly structured communication plan ensures that relevant information is passed on quickly and reliably to the right people through the right channels in an emergency.
  • Cyber security training for employees: Well-trained employees know how to act in an emergency in order to minimize damage and not endanger the security of all involved by acting recklessly. Additionally, they are less likely to be a target of cyber attacks that could result in emergencies. 


Tips for employees: 


Even though managers and crisis teams bear a great responsibility for business continuity: In an emergency, it depends on each individual. That's why we at IS-FOX have created an e-learning that explains to all employees in an easy-to-understand way what BCM is and what it is important for.

We also show how employees can support in an emergency, but also in preparing for a possible emergency:

  • Knowing where to find information: Employees need access to the most important contact data (in an emergency).
  • Not leaving mobile work devices at he office: Especially if emergency information is only accessible via these devices.
  • Participate in training and education: Training on BCM should be offered and completed.
  • Report incidents: Employees should be sure to report an incident or suspected incident in a timely manner.
  • Follow instructions from the crisis team: In an emergency, employees should remain calm and follow the crisis team - avoiding unnecessary chaos.
  • No uncoordinated communication: A crisis situation should never be communicated uncoordinated to third parties (e.g., the press). It is better to leave communication to the professionals.

Our conclusion

By implementing BCM professionally and conscientiously, and by communicating and training regularly, companies are well prepared for a wide range of incidents and emergency situations. We can help you to make the topic of BCM easy and understandable for your employees as well.

Feel free to contact us at any time with questions or for a demo access.