Business continuity operations with business impact analysis, continuity plans, RTO validation against real BIA data, threat scenarios, gap analysis and BCM tests. All in one platform that shares its data layer with ISMS, TPRM and Assessment. Hosted in Germany.
Request a BCM module demoThe BCM module implements ISO 22301 as live operations, not as a Word emergency manual that gathers dust after the audit. The evidence emerges from the real process and asset data that the ISMS and TPRM modules already maintain.
Business processes, maximum tolerable period of disruption (MTPD), resource requirements and dependencies on applications, sites and suppliers. The BIA pulls the asset inventory from the ISMS module and supplier criticality from the TPRM module, instead of capturing them a second time by hand.
Recovery plans per critical process with defined RTO and RPO targets. The platform validates every Recovery Time Objective against the BIA data and flags every gap where the target falls below the actually recorded recovery time. Static plans become a verifiable target-versus-actual comparison.
Scenario catalogue from power outage through ransomware and supplier failure to staff and building loss, with gap analysis against existing plans. Critical suppliers from the TPRM module automatically generate matching disruption scenarios.
Planning, execution and documentation of exercises, from tabletop walkthrough to full test, including lessons learned and measure feedback. A complete test history as evidence for auditors and insurers.
Alerting chains, crisis team roles, escalation levels and communication templates, interlocked with the ISMS module's incident management. An incident escalates to a crisis without rebuilding the context.
Auto-populated KPIs from live BCM operations, maturity score and review templates for board, supervisory board, auditors and insurers. Revision-safe snapshots document the status at any reporting date.
The BCM module covers the ISO 22301 family and integrates the complementary standards relevant for DACH. No fragmented multi-tool architecture, but one data layer for ISMS, BCM and TPRM.
Three constellations in which the BCM module replaces the Word-Visio emergency manual economically and keeps the plans permanently current.
NIS-2 requires business continuity and crisis management. A Word emergency manual does not pass the audit if the plans were never tested and never validated against real data. BCM module plus vCISO as adoption path: BIA and plans from real process data, audit-ready rather than theoretical.
Existing BCM in Word and Visio, BIA data outdated, RTOs never checked against actual recovery times. The platform links the BIA to the asset inventory from the ISMS and supplier criticality from the TPRM, so the plans stay current without anyone manually refreshing them once a year.
DORA requires tested ICT business continuity and recovery. The BCM module delivers scenarios, tests and revision-safe evidence, aligned with the TPRM module for critical ICT third parties and the ISMS module for the underlying controls.
The BCM module shares the data layer, permission model and audit trail with the ISMS module (information security per ISO 27001), TPRM (Third-Party Risk Management per EBA) and Assessment (OSCAL import). The BIA pulls assets from the ISMS, critical suppliers from the TPRM generate threat scenarios in the BCM. There are no mandatory modules: licensing is modular, modules build on each other without forcing each other.
See the full platformMemberships, programmes and partnerships
