It is hardly possible to be fully prepared for all crises. The Corona pandemic clearly demonstrated this. Nevertheless, it is important to deal with these and other, mostly unforeseeable dangers. Even as an SME. Risks lurk everywhere – just look at the current situation with a war in Europe, the energy crisis, or natural disasters. Threats are also steadily increasing in the area of cybersecurity.
How does the business prevail during a crisis? CEOs in particular must deal with this at an early stage, because in the worst case it can lead to bankruptcy or personal liability. To counteract this, organizations should implement a system of business continuity management (BCM). Below you will learn exactly what this means and how to implement it.
Business Continuity Management – what does it mean?
Business continuity is a plan of action or strategy that includes processes to maintain IT operations in crisis situations or to ensure all necessary processes after a system failure. In this context, protection is needed above all, but also the establishment of alternative processes, thus ensuring that companies continue to exist economically even in the face of threats and that economic activity is safeguarded. To some extent, it is similar to risk management and emergency response. We have already reported on these topics in previous blog articles. A business continuity management system goes beyond these concepts: it is a long-term development of strategies, actions, and plans designed primarily to ensure the smooth continuity of business operations. The German term Betriebliches Kontinuitätsmanagement (business continuity management) also makes this clear.
What should you prepare for?
As already explained in the introduction, there are many unpredictable risks and catastrophes. Nevertheless, there are common aspects that SMEs and large organizations can and should prepare for. These are for example:
- Hardware failure
- Software failure
- Network failure
- Power outage
- IT process failure
- Building breakdown
- Hacker attack
- Malicious software (e.g., malware)
- Natural disasters of any kind (floods, storms, wind damage, fire, etc.)
- Staff absence (illness or leaving employees)
- Loss of partners or service providers
Several of these scenarios can coincide – a natural disaster can cause a power outage, for example. You also prepare for unforeseen risks by thinking about these aspects: in many companies, for example, the pandemic led to staff absences, the loss of partners and service providers, or the closure of buildings.
How to proceed
Business continuity management (BCM) is a holistic process. During development, it is particularly necessary to have both a disaster recovery plan (i.e., concepts for disaster recovery) and to take preventive measures. Any approach should always encompass the entire company so that the important business processes can continue. It is especially important to set priorities and allocate the resources needed.
- Preparation
The framework conditions, specifications and objectives are recorded with the management in a BCM policy. Responsibilities are also defined according to know-how. - Business Impact Analysis (BIA)
Next, an analysis is performed. One assesses the potential dangers and damages that may threaten the company. Maximum permitted downtimes of business processes are then derived from this. These are a particularly important indicators for checking how critical the failure of the required resources, infrastructure, security and thus also business processes are to be assessed.
Furthermore, BIA always includes risk assessment: how likely are the scenarios and where are any vulnerabilities? These must be considered in the later phase of an emergency preparedness plan. As is often the case with business continuity, prevention is better than cure! A business continuity management strategy is thus also being developed. - Planning (BCP)
During this phase, all necessary Business Continuity Plans (BCP) are developed. The previously performed BIA makes this process easier. In addition, it helps to create checklists for the individual scenarios so that you can work through the steps efficiently in an emergency. - Implementation
Now the measures of the BCM strategy have to be implemented. In parallel, you build a crisis organization: specific team that manages and operationally leads the crisis in emergency situations. This team implements all planned processes, according to the BCP and at the latest after the maximum allowed downtime. - BCM testing
- Once the processes are implemented, you don’t just wait for an emergency to test your concept – the business continuity plan also needs to be tested. In 2008, the British Standards Institution (BSI Group) identified three types of exercises that can be used in testing BCP:
– Tabletop exercises: A few people or one representative from each team work on a specific aspect of a business continuity plan.
– Medium exercises: Several departments, teams or experts focus on various aspects. Different contingencies are also tested in the process.
– Complex exercises: The basic structure of the Middle Exercise remains, but there is more realism. You go over actual evacuations, calls, or other scenarios in detail. - Lessons learned: optimization, adaptation, maintenance
BCM is a complex system that is not simply introduced – it is a continuous cycle. During the tests, learnings are obtained, which are used to adjust and optimize the plans. Subsequently, these are tested and introduced again. However, the catastrophic events that are anticipated do not occur very frequently, which is why BCP require constant maintenance. As soon as new scenarios are added, economic, internal company, environmental or other conditions change, your BCP must also be adapted. Here, the continuity in the business continuity management system becomes clear.
Advantages of BCM – a good plan works wonders
The procedure shows that your organization is prepared for various scenarios with a business continuity management system. Condition: detailed testing and analysis of individual weaknesses for possible attacks and failures. This minimizes the likelihood of your company becoming incapable of acting or doing business due to unforeseen events. BCM is thus a kind of insurance against the worst case and also creates better risk awareness internally.
Distribute responsibilities well
In the event of an emergency, the management, and the board of directors of a company can be held liable for incapacity, bankruptcy or insolvency, the prevention of this is also the responsibility of the upper management level. Accordingly, the initial introduction takes place there. It is then worth appointing a suitable person in the company as Business Continuity Manager, who then takes over the organization. A team of BCM experts and risk managers is also helpful to set up the concrete action plans and to control and constantly adjust the implementation.
A current example: the energy crisis
In recent years, it has become abundantly clear how necessary business continuity management is: first came the Corona pandemic in 2020, and now we find ourselves in the midst of an energy crisis. Many companies now fear sharply rising costs and, in extreme cases, even power shortages due to a shortage situation.
Within the framework of business continuity management, one should prepare accordingly for some uncertainties in this context – the biggest risk factors here are rising energy prices, as well as the danger that not all systems (e.g., cloud, production machines, plants and others) can be operated continuously, so that economic damage occurs in the company.
The approaches to solving this problem are many and varied. It is important, in the spirit of business continuity, to conduct an analysis of the current situation. For example, with regard to rising energy costs, it is important to know where power is effectively flowing into devices and systems and where a correspondingly large savings effect can be achieved. Energy optimization is the keyword here! With the reduction of your operating costs and further energy savings, you already gain much.
Information and concepts for your company can now also be found in our latest whitepaper. Among other things, we used this as an example to illustrate energy consumption and corporate costs, as well as the associated savings potential and ideas for energy optimization. You will also find technical options for enabling continued cloud-based operation of the infrastructure, as well as other considerations of a general nature on the subject of “green IT” – options that can make your IT more sustainable and thus also more crisis-proof, for example through the use of renewable energies.
Safely through crises if you start now
The last few years have shown us abundantly clear that the next crisis can come at any time, whether you expect it or not. Pandemic, war, inflation and who knows what comes next. With the help of business continuity management, it is also possible to prepare for unforeseeable risks so that uninterrupted business operations can be maintained immediately after a crisis. All necessary organizational, personnel and technical steps are formulated in a business continuity plan and continuously reviewed to minimize damage. Since disasters can lead to companies becoming incapacitated, having to file for bankruptcy and managing directors even being liable themselves in the event of an emergency, you should look into BCM at an early stage. As is so often the case, prevention is cheaper than repairing the damage.