Business continuity management (BCM): making companies crisis-proof
Business Continuity Management (BCM) is the organizational framework for maintaining critical business processes during and after crises. This article explains the BCM lifecycle according to ISO 22301, Business Impact Analysis (BIA), recovery strategies, Business Continuity Plans (BCP), crisis management structures, and integration with IT emergency management and ISO 27001.
Summary: A management discipline designed to ensure the continuity of critical business processes in the event of disruptions. This entry describes the basic concepts of RTO, RPO, BCP, and DRP. For practical implementation in the context of cyberattacks—including the 3-2-1-1-0 backup rule, ransomware scenarios, and tabletop exercises—see the more detailed entry on Business Continuity Management (Cyberattacks).
Questions about this topic?
Our experts advise you free of charge and without obligation.
About the Author
Dipl.-Math. (WWU Münster) und Promovend am Promotionskolleg NRW (Hochschule Rhein-Waal) mit Forschungsschwerpunkt Phishing-Awareness, Behavioral Security und Nudging in der IT-Sicherheit. Verantwortet den Aufbau und die Pflege von ISMS, leitet interne Audits nach ISO/IEC 27001:2022 und berät als externer ISB in KRITIS-Branchen. Lehrbeauftragter für Communication Security an der Hochschule Rhein-Waal und NIS2-Schulungsleiter bei der isits AG.
3 Publikationen
- Different Seas, Different Phishes - Large-Scale Analysis of Phishing Simulations Across Different Industries (2025)
- Self-promotion with a Chance of Warnings: Exploring Cybersecurity Communication Among Government Institutions on LinkedIn (2024)
- Exploring the Effects of Cybersecurity Awareness and Decision-Making Under Risk (2024)
