Contact

Answers from 25 years of BCM practice (FAQs)

From countless projects – some even before BC Consulting was founded – we know what really concerns companies. Here you will find answers to the most frequently asked questions about BCM, emergency and crisis management, consulting and software.

What is business continuity management and why is it important?

Business continuity management (BCM) is a holistic management approach that companies use to ensure that they remain capable of acting even in crisis and emergency situations. The aim is to maintain or restore critical business processes, such as cyberattacks, natural disasters or a blackout, as quickly as possible.

For the company, stagnation means financial losses, operational challenges and risks to its reputation. A professionally established BCM not only protects against massive damage, but also strengthens the trust of employees, customers, partners and investors. As BCM specialists, we support companies in developing individual strategies and building sustainable resilience. Practical, effective and future-proof.

Basically, all companies benefit from business continuity management, regardless of industry or size. However, BCM is particularly important for organizations in critical infrastructure, finance and insurance, the healthcare sector or government organizations.

As a specialized BCM consultancy, we support companies in exactly this area: We analyze risks, develop practical emergency plans and strengthen organizational resilience.

A business continuity management system makes sense if you depend on stable business operations – and who is not? Whether it’s the availability of your IT, the accessibility of your services or the fulfillment of customer promises: Even short interruptions can have far-reaching consequences.

A well-thought-out strategy for maintaining business operations helps to identify and hedge risks in a targeted manner before damage occurs. It is not a luxury, but an investment in the future viability and resilience of your company. Because in an increasingly uncertain world, it is not the greatest who wins, but the one who is best prepared.

An effective business continuity management system comprises several central components:

  • Business Impact Analysis (BIA): Identification of critical processes and their time tolerances.
  • BCM Risk Management: Assessment of potential hazards and their impact.
  • Strategies for maintenance or recovery: Technical, organizational and personnel measures for various failure scenarios.
  • Emergency and recovery plans: Concrete instructions for emergency and crisis situations.
  • Exercises and tests: Regular review and optimization of measures.
  • Continuous maintenance and development: To keep the system up-to-date and effective.

We support companies in implementing these building blocks efficiently and individually – with the help of our specialized BCM software, which networks processes and creates transparency and traceability at all times. In this way, BCM not only remains on paper, but becomes an effective instrument in an emergency.

Knowing risks is the first step to resilience. That’s why we work with you to analyze, among other things:

  • What threats could put your business at risk.
  • Which processes are particularly vulnerable.
  • Where you can protect yourself through technical, organisational or personnel measures

Our structured risk analysis not only provides you with a clear picture of the dangers – but also concrete, implementable measures to mitigate the risk. So that you are prepared before it becomes critical.

In order for business continuity management to work in an emergency, all parties involved must know their roles and be prepared accordingly. Effective measures are:

  • Role-specific training for employees and managers
  • Regular awareness measures, e.g. short training courses, information formats or e-learning
  • Crisis exercises with realistic scenarios to train processes and reactions
  • Documentation and feedback rounds to learn from each exercise and improve measures

We help companies to systematically anchor training and practice in BCM – in a structured, practical and tailored way to your organization.

The legal requirements for BCM in Austria depend heavily on the industry and the size of the company. BCM is particularly relevant for:

  • Operators of critical infrastructure and organizations in the public sector and healthcare (RKE Directive)
  • Financial service providers and insurance companies (FMA Guidelines, DORA)
  • Companies with a high level of IT relevance (NIS 2, ISO 27001)

In addition, there are recognized standards such as ISO 22301 or BSI 200-4 that serve as a framework for an effective BCM – even without a legal obligation.

Getting started with business continuity management (BCM) starts with an as-is analysis to identify the current state of your organization and identify pain points. On this basis, we develop a tailor-made BCM governance for your organization, which defines a clear structure and responsibilities.

The process includes:

  • Carrying out the as-is analysis to take stock
  • Analysis of existing BCM building blocks and identification of gaps
  • Establishing solid BCM governance with clear responsibilities
  • Develop a customized action plan for your organization

This forms the basis for a sustainable and effective BCM strategy.

Excel spreadsheets are not designed to manage complex emergency plans, perform business impact or risk analysis, nor do they offer security or transparency. Missing links, manual maintenance, no access control and no automatic documentation quickly turn them into a risk instead of a solution in BCM.

Our BCM software solves exactly these problems:

  • All data is intelligently linked – no information chaos
  • Measures, plans and tests can be centrally controlled and tracked
  • User rights, shares, and reports are integrated
  • You keep track of everything at all times – even in an emergency

Effective BCM needs structure. And that’s exactly what our software delivers – secure, traceable and field-tested.

No – and that’s a good thing. Governance, Risk & Compliance (GRC) tools are often broad, abstract, and complex. What they lack is practical implementation in the event of a crisis.

Our BCM software specializes in exactly this and offers more:

  • It makes emergency planning and responsiveness tangible
  • It maps concrete processes, plans, exercises and restart strategies
  • It provides support with an integrated business impact analysis (BIA) and risk management to identify and prioritize critical business processes and risks at an early stage
  • It optimizes emergency and crisis management so that you can respond quickly and efficiently to crises
  • It is easy to use, clearly structured and focused on the essentials

If you already have a GRC solution in use, our software can be ideally complemented – for what GRC alone cannot do: practical crisis management, supported by risk analysis, BIA and targeted emergency strategies.

Resilience management describes an organization’s ability to prepare, respond appropriately, and recover from unexpected disruptions, changes, or crises—ideally even emerge stronger.

It includes not only classic emergency preparedness such as business continuity management, but also strategic adaptability, risk management, crisis communication and a resilient corporate culture.

The aim is to systematically strengthen resilience at all levels – operational, technical, organisational and cultural.

If you already have a GRC solution in use, our software can be ideally complemented – for what GRC alone cannot do: practical crisis management, supported by risk analysis, BIA and targeted emergency strategies.

A crisis exercise is a tailor-made simulation game based on a realistic scenario and specially tailored to the risks of your company. The exercise takes place in four phases:

  • Planning – Defining the exercise objectives, selecting the scenario and defining roles and responsibilities
  • Preparation – preparation of exercise documents, coordination of the process and briefing of the participants
  • Implementation – Simulation of the crisis situation with active involvement of the participants, including the reaction of the crisis team and the implementation of emergency measures
  • Follow-up – evaluation of the exercise, identification of strengths and weaknesses, and derivation of concrete improvement measures for crisis management

The aim of the crisis exercise is to prepare the crisis team and the employees involved for an emergency and to give them more confidence in their actions through a realistic and structured exercise.

Business continuity management (BCM) is a preventive, structured management approach that aims to maintain or quickly restore critical business processes in the event of disruptions. It includes analyses, strategies, contingency plans and tests, making it a permanently established part of the organisation.

Crisis management, on the other hand, refers to the operational response in an emergency. It is used when a crisis has already occurred and decisions have to be made under high time pressure, for example by a crisis team.

In short:
BCM is preparing, crisis management is responding. Ideally, both interlock seamlessly.

Our BCM software is aimed at organizations that want to implement their emergency preparedness and crisis management in a professional, structured and sustainable way. It is suitable for:

  • Companies of all sizes – from SMEs to corporations
  • Organizations with high requirements for security, availability, or compliance
  • Industries with regulatory requirements (e.g. RKE, DORA, NIS2)

The software has a modular structure and can be flexibly adapted to the maturity level and individual needs of your company – regardless of whether you are just starting out or already have an established BCM system.