Business Continuity Management (BCM): a practical approach for SMEs

For every company, it is important that processes run smoothly – especially critical business processes. Processes can be interrupted by supplier failures, cyber attacks or power outages, which can have financial consequences or even threaten the existence of the company. The goal and benefit of a business continuity management system is to ensure the functionality of the critical business processes, the daily business – despite a crisis situation. Various standards and guidelines such as DIN EN ISO 22301:2019 on BCM or the BSI Standard 100-4 Emergency Management from the Federal Office for Information Security provide a framework for the organization and implementation.

Business continuity management (BCM) refers to a management process that first identifies risks, threats and vulnerabilities to your business. BCM then provides a framework for building organizational resilience, that is, the ability to respond effectively to specific threats using business continuity plans. Apart from the fact that organizations with a functioning BCM system have a much better chance of recovery, an organization with an established BCM will also meet legal and regulatory requirement. In the event of an incident, senior management is responsible for ensuring the protection of their employees, their organization and their assets.

The fundamental objective of BCM is to ensure and continue day-to-day operations in the event of a damaging event or to quickly resume and continue operations after an outage using business continuity plans. The objective combines the areas of prevention and response to crisis situations that affect the company and its economic activity.

BCM is not just something for the “big players”. Small and medium-sized companies also benefit from a well-structured BCM. At the same time, BCM can still be implemented in these companies with relatively little effort and continue to grow organically with the company. With the upcoming release of BSI Standard 200-4 and the options it contains for build-up and reactive BCM, more attention will also be paid to SMEs in the context of BCM. It is never too early to be prepared.