Business continuity management plays an important role in companies: With its combination of contingency planning and contingency management, it ensures that companies do not have to cease business operations in the event of an emergency or at least can resume them quickly. But how exactly is this business continuity management implemented? And what helps with the implementation? You can find answers to this in the following article.
Definition: what is business continuity management?
In order to define the concept of business continuity management, it must first be clarified what an emergency within a company actually is: An emergency arises when a disruption to business operations continues for a long period of time and a solution cannot be found immediately. In turn, business operations are disrupted if one or more operationally necessary resources fail.
This means that if a fault becomes an emergency, business operations are severely restricted or even completely paralyzed. The consequence of this is that services cannot be maintained, and this condition can have a significant impact on sales and thus the overall annual result.
This is where the emergency management comes into play. It defines a structured and regulated sequence of measures in an emergency. This enables companies to maintain critical business processes or to restore them quickly in the event of a crisis. It also reduces the risk of new emergencies. The emergency management therefore consists of two parts, contingency planning and contingency management. IT is the business area that has the greatest potential for disruptions or emergencies, for example due to long-term server failures or cyber attacks. Therefore, emergency and crisis management is usually part of the IT security strategy.
“The stronger the service, the smaller the crisis.” Sabine Hübner
Which regulations apply in emergency management?
Similar to quality management, so-called standards also exist in emergency management, which define the process and the measures. These are primarily:
- BSI Standard 100-4: Emergency Management
- ISO 22301: 2020-06: Business Continuity Management System
- ISO 27001: 2013-10: Information technology - Security procedures - Information security management systems.
The best-known set of rules is the BSI Standard 100-4, which was developed by the Federal Office for Information Security. This shows a systematic way to introduce emergency management in the company. Despite the focus on IT, it describes a holistic, operational approach to how emergency management can be introduced in the company (so-called business continuity). The steps to be taken lead from the initiation of the business continuity management through the conception and definition of the measures to exercises, tests and continuous improvement. The individual tasks are explained in detail so that implementation is relatively easy.
Similar to the BSI standard, the internationally valid ISO 22301 also specifies measures through which the planning, establishment, implementation, monitoring and continuous improvement of business continuity management can be implemented. It also aims to minimize the likelihood of an emergency and to resume business operations as quickly as possible in the event of an emergency. The difference to the BSI Standard 100-4 is that the company cannot be certified according to this. If a company is striving to introduce a certified business continuity management system, ISO 22301 is more of a help.
What is ISO 27001 for? The answer is simple: ISO 27001 was specially developed for business continuity management within IT, so in contrast to the other two approaches, it does not deal with the holistic approach. Companies can be certified according to this standard in IT emergency management.
Regardless of which set of measures the company opts for, what they all have in common is that the implementation of an emergency and crisis management requires some organizational effort from those responsible. If you want help with this, you should get support from suitable tools. Special software helps to easily structure and document the individual steps within management. In addition, they can keep an eye on legal requirements and report them if these are disregarded.
Emergency management in practice
As already mentioned, the organizational effort in emergency management is very high. Those responsible must
- Analyze risks, costs and benefits and develop strategies
- Develop emergency preparedness concepts and recovery plans
- Manage crisis communication
- Record measures in the emergency manual
- Plan and carry out exercises, tests, training courses and audits
- Document everything
- Continuously improve processes (CIP).
EcholoN offers suitable software here. It helps identify and analyze risks, create emergency plans and the associated emergency manual, carry out tests and training, and precisely document all findings and results.It works in accordance with the law and guidelines and warns if processes do not meet the requirements.
The respective contact persons and responsible persons are recorded in the software, which improves communication and defines clear structures in an emergency. If companies want to be certified beyond this, this is easily possible with the tool. Thanks to the integrated knowledge database, it guides you through all the steps that have to be mastered, right up to the certificate.
As always, the EcholoN staff is happy to be there for you if you have any questions about the software or general business continuity management. Just write us an email or give us a call - non-binding and uncomplicated.