With verinice, you work on your Business Continuity Management System (BCMS) according to ISO 22301 or Standard 200-4 by the German Federal Office for Information Security (BSI). Record all business processes according to the respective methodology and ensure that you can react quickly in crises and emergencies.
Identify important business processes and critical infrastructure in companies, organisations or agencies with verinice. Analyse and evaluate dependencies and work continuously on your Business Impact Analysis (BIA) - this helps you to maintain an overview and optimise continuously. Prioritise time-critical processes, initialise emergency operations and quickly restore failed resources. If they return to normal operation within a reasonable time, this minimises risks, data loss and business interruptions if disaster strikes.
Use the familiar ISM or IT Baseline Protection perspective and benefit directly from data already collected and the synergies between ISMS and BCMS. verinice brings information security, emergency planning and data protection together to work hand in hand. verinice enables you to take a detailed - and highly customisable - approach.
Business Continuity Management step by step
BCM with verinice means using the ISO 22301:2019 or the BSI 200-4 standards to screen your company. Both standards provide procedures and rules with which you define, control, monitor, maintain and continuously improve the availability of processes and thus business continuity. This is exactly what you document in verinice. As a result, you succeed in establishing and maintaining a process-oriented emergency plan.
The structured approach enables you to:
- The documentation: Identify core processes, record criticality data and define failure scenarios, determine recovery.
- The analysis: To prepare and conduct the Business Impact Analysis, analyse process and resource dependencies.
- Responsibilities and tasks: Document process owners or persons with overall responsibility. Record staff members (ex- and internally) and tasks assigned to them for improvements or in case of crisis.
- Important documents: Include relevant documents for emergency management via the verinice document repository. The verinice.TEAM recommends taking a look at the materials provided by the BSI on emergency management. You can adapt these for your organisation.
- Work more efficiently: Reduce complexity and time by using the basic protection or ISM/ISO perspective. In addition, this enables direct collaboration between information security officers and emergency management teams.
Insights: Business Continuity Management with verinice
ISM/ISO perspective: As a basis for business continuity planning, first collect all relevant data for your organisation. Determine the certification object and define the scope of application and exclusions or delimitations (e.g. IT area only).
ISM/ISO perspective: Important steps in contingency planning are the questions "What documents do I have?" and "What documents do I need?" These can be registered, assessed and directly linked.
ISM/ISO perspective: Record all persons associated with BCM and assign them the appropriate roles.
ISM/ISO perspective: Assess the impairment of your business processes. Together with the classification of the unsustainability level, the damage assessment automatically results in the Maximum Tolerable Downtime (MTA/MTPD).
ISM/ISO perspective: Capture all business processes and business continuity parameters. Determine if they are time-critical processes to be considered in a BIA.
ISM/ISO perspective: For all requirements, it can be individually determined whether it is a BCM element and whether it should be included in corresponding reports. For example, it is possible to specifically select and list only BCM requirements via the verinice report query.
ISM/ISO perspective: On system level (assets), you can also document in detail all parameters for the BCM strategy, such as restart time, damage until restart, RTO, emergency operation level, maximum possible emergency operation duration.
ISM/ISO perspective: Determine whether the asset should be considered later in the action plan.
Outlook: Making it even more efficient
The verinice team is already working on further refinements to make Business Continuity Management with verinice even more convenient and meaningful. The next enhancements are announced with upcoming releases - and a foreseeable finalisation of the BSI Standard 200-4.
A sample organisation including standard reports is planned as an additional module. This will be available independently of verinice releases via the verinice.SHOP after publication. Data required for the reports can already be entered now, all necessary prerequisites have been created. The extensive aids and normative documents already referenced in BSI Standard 200-4, which the BSI has published on its website, will be integrated directly into verinice in the future.
