Select Page

What is Business Continuity Management (BCM)?

No matter how healthy a company is or how long it has been in business, unforeseen events such as natural disasters, power outages, fires, or even cyber attacks can disrupt business processes. The key tasks of Business Continuity Management are to minimize the resulting damage as far as possible, to identify potential sources of risk in advance, and to prepare a company for such crises.


01

A definition of Business Continuity Management (BCM)

Business Continuity Management (BCM) is an integrated management process with the aim of identifying serious risks for an organization at an early stage and taking measures against them. This means that in order to ensure the survival of a company, appropriate preventive measures must be taken, which both increase the reliability of business processes and enable a fast and focused response in a crisis. BCM comprises the planned and organized procedure to sustainably improve the resilience of an institution’s (time-) critical business processes, to respond appropriately to incidents of damage, and to be able to resume business activities as quickly as possible in the event of an actual failure.

02

How does BCM work?

Companies that have established a Business Continuity Management System ideally can stay calm and relaxed during a crisis: Among other things, such a system defines specific plans for resuming normal operations in the shortest possible time after a disruption. In this way, financial and structural damage can often be significantly reduced and existential threats to the company avoided. In addition to concrete measures and processes, such a system also includes strategic planning, in particular to minimize a company’s IT risks over the long term. In any case, it is essential that BCM is understood as an integrated concept that affects almost all levels of a company—every workplace that is linked to IT in any way must be included and taken into account. BCM measures can be proactive, strategic, or reactive.

03

What are the benefits of BCM?

In times of Industry 4.0, a fully networked world, and the omnipresent influence of the World Wide Web, we are used to having access to the many benefits of these systems at all times, both privately and for business. Many people are unaware that in crisis situations, such as the recent corona pandemic, IT processes can fail, making a company vulnerable. But when it does happen and such a crisis occurs, the aggravation and at times despair is immense. This makes it all the more important for companies to respond to such difficult situations in the best possible way—or better still, to ward them off beforehand. Business Continuity Management, if properly established and implemented, is considered a valuable tool to optimally prepare against unavoidable and unforeseen threats. Failures due to disruptions and the associated loss of revenue or sales can be minimized in many cases, and interruptions of especially critical and essential business processes (such as the maintenance of supply or production chains) can be noticeably reduced. The more established the BCM system is, the more successful its implementation will be in an emergency.

In addition, more and more companies and service providers are aware of the importance of BCM and see it as a prerequisite for cooperation in certain areas. Companies that have implemented Business Continuity Management use just this fact to strengthen their negotiating position vis-à-vis service providers from the financial sector, for example, or to sustainably increase the trust of prospective business partners and customers in their business.

04

What benefits can BCM provide to your company?

Healthy, successful companies are not only defined by growing sales figures or an annually growing number of employees. Management that recognizes crises as such early enough and even anticipates them to a certain extent can efficiently train and prepare itself, the company, and its employees for them. Especially in an emergency, it is essential that decisions are not made hastily and impulsively, but on the basis of facts. As abstruse as it may sound, this is especially true when personal fates are involved and the emotional strain is great.

05

How does your company proceed with implementation?

A Business Continuity Management System (BCMS) consists of a total of six elements, all of which are interlinked and must be taken into account when implementing it in the company:

BCM Policy & Governance:

The objective of a BCM policy is to set the framework for Business Continuity Management, to clearly define the necessary functions, tasks, and responsibilities (governance). In this way, everyone knows what to do should a crisis occur.

Business Impact Analysis:

It all starts with a comprehensive analysis of all significant risks and business processes by means of a BIA—this identifies individual business processes using precisely specified internal evaluation criteria and classifies them by criticality factor. The complete failure of a business process is assumed and it is determined when this failure becomes critical for the company as a whole. It is then decided whether these business processes are “critical enough” to be safeguarded via an contingency plan.

Contingency Plan:

This can primarily be answered by asking the question “What is needed to get the business process up and running again as usual?” The resources required for the five phases of the “restart” are identified; these phases are named as follows: immediate measures, restart emergency operation, emergency operation, restoration of normal operation, and post-processing. Based on a classic cost-benefit analysis, contingency plans are then developed for the individual process phases to be safeguarded. These are highly individual and must be repeatedly reassessed and redefined from company to company.

Crisis Management:

As previously mentioned, in the event of a crisis preventive measures are needed in order to be able to survive as a company. This includes the definition of roles and responsibilities in the event of a crisis as well as the implementation of alert and crisis communication channels to control and monitor a crisis. Functioning, non-hierarchical internal crisis communication in particular is indispensable!

Tests and Exercises:

In order to check the effectiveness of individual and interdisciplinary measures and contingency plans, regular tests and contingency exercises must be planned and carried out; similar to internal audits.

Continuous Improvement:

The results obtained through regular reviews are incorporated into the existing management system in order to continuously improve it.

What future developments and trends can companies expect?

The (information technology) world is constantly changing. What a few years ago was considered ludicrous and impossible has now become part of everyday life. The growing importance of systems such as cloud computing, the virtually automated outsourcing of more and more work to external service providers, the numerous opportunities offered by Industry 4.0 and social media, but also negative risk factors such as the increase in cyber attacks and political terrorism, not to mention environmental disasters—all these phenomena mean that companies and their management have to deal with risk management more intensively than ever before. It is becoming more and more essential to invest in IT and IT security, to protect oneself, and to keep an eye on all eventualities. A well-functioning, well-established BCM can help to remedy precisely this situation and help companies to prepare themselves.

07

What do companies have to take into account when introducing BCM?

At the beginning it is important to deal with the ISO standard on which the BCM system is based: ISO 22301, which is internationally recognized and initially creates an important, fundamental understanding of Business Continuity Management and provides a theoretical framework that can be useful during implementation.

In any case, a comprehensive business impact analysis of all possible risks and business processes and a highly individual risk evaluation must be carried out as part of the risk assessment.

Then it is important to clearly define who is to assume which tasks in the event of a crisis (keyword: clarify responsibilities!). Comprehensive contingency plans are drawn up for risks that have already been identified; these plans are extensively tested in advance—naturally with the involvement of both internal and external partners within the affected business processes. And, last but not least: the new knowledge gained as a result of the regular audits is integrated to the best of our knowledge and belief into the existing BCM.

08

What BCM-related services does Myra offer your company?

As a German technology manufacturer, Myra Security offers a secure, certified Security-as-a-Service platform with comprehensive solutions for companies that would like to implement a custom BCM system. Both the Myra Content Delivery Network (a product that delivers static and dynamic data and web content at lightning speed without overloading your server) and Myra DDoS Protection, which reliably filters out malicious traffic on web applications, websites, DNS servers, and IT infrastructure, are ideally suited to take a comprehensive approach to Business Continuity Management.

09

What you need to know about Business Continuity Management

Business Continuity Management is a comprehensive process that identifies potential threats and minimizes their impact on IT processes. Myra Security’s solutions can be of great benefit to you in this regard—and, of course, are in compliance with all relevant standards and guidelines.

If you are interested in futher informations, we are willing to send you our product sheet for free

How Myra DDoS Protection can reliably secure your website or web application against all DDoS attack vectors:

  • How is the protection activated in case of attack?
  • What are the advantages of Myra protection solution?
  • What are the features of Myra DDoS Protection for web applications?

New Field