S 6.116 Integrating business continuity management into organisation-wide procedures and processes

Initiation responsibility: Top Management

Implementation responsibility: Top Management, Emergency Officer

Organisations often already have a general risk, security, and crisis management system, especially larger organisations. Operational risks, including the IT risks, are an integral component of risk management and security management. Residual risks, which are still present in spite of the precautions taken, are to be covered by the crisis management.

Business continuity management examines all risks that could lead to the disruption or failure of critical business processes. This means business continuity management overlaps with many areas of risk management, security management, and crisis management. For this reason, the methods used to manage risks in the area of business continuity management should be coordinated with the methods already in use. It is essential that the work instructions or service agreements from different areas of an organisation do not contradict each other.

Integrating aspects of business continuity management into all business processes

The management must have an overview of the business-critical, specialised tasks, business processes, and information. The Specialists Responsible and the business continuity management team must specify concrete rules for integrating continuity aspects into the planning and implementation of business processes (such as safeguards and classification, for example).

Change management

Change management deals with the planning of changes to processes, infrastructure, hardware, and software. Organisational rules must be in place ensuring that the aspects and needs of business continuity management are taken into account.

Review questions:

© Federal Office for Information Security. All rights reserved.