Business Continuity Management (BCM) – ISO 22301

In all organizations/companies, regardless of industry or size, there are business processes whose interruption, disruption or prevention can severely disrupt business operations.
To prevent these undesirable situations, the establishment of a Business Continuity Management System for reliability is recommended.

Business Continuity Management (BCM) ensures through the methodical procedure according to the requirements of ISO 22301 that the continuation of a business operation is secured in the best possible way in case of crises or unexpected events.


BCM – Lifecycle

The identification and analysis of critical business processesis crucial and forms the basis for the following questions:

  • which processes in the company must be maintained functional and
  • which measures are necessary for this.

One of the main components of BCM is the Business Impact Analysis (BIA). Using BIA, the dependencies between IT processes and/or business processes/areas are methodically recorded and presented.

Further sub-areas of BCM include emergency and crisis management to ensure the essential business processes and the continuity of business operations.

The result of BIA / BCM

  • the criticality of the effects of failures in business and IT processes becomes transparent and
  • critical points of attack can be identified, considered and appropriate measures taken
  • emergency planning, including emergency tests, is implemented
  • the associated documentation is checked, evaluated and managed.

Together with risk analysis, BIA forms the basis for the security strategy of a company.

The Business Continuity Management Software QSEC offers optimal support here by combining risk management according to ISO 27005 with business impact analysis according to ISO 22301.

Based on information security management according to ISO 27001/BSI standard (IT-Grundschutz) and data protection according to EU GDPR, QSEC supports the protection of business processes against risks and enables the business continuity management to be permanently adapted to the current business strategy. Thus changes to the business model can be taken into account at any time and any new risks that may arise can be incorporated into the business continuity management strategy.

We would be pleased to show you how QSEC can guide you through the entire process of business continuity management and business impact analysis with workflow support.




QSEC Online-Demo