Business Continuity & IT Service Continuity Management

Business Continuity and IT Service Continuity Management ensure the continuity or recovery of critical business processes in the face of adverse events.

For companies with increasing complexity in their business models, which are based on connected and digitalized processes, the potential damage through business disruptions is particularly high. The risk rises through the steadily increasing number of challenges, especially cyber attacks. In the event of damage, not only financial and reputational loss occurs, but also legal consequences. Business interruptions are also ranked on the first place as most important global risk for the sixth year in a row according to the Allianz Risk Barometer 2019.

Through Business Continuity (BCM) and IT Service Continuity Management (ITSCM) organizations ensure the continuity of critical business processes in the face of adverse events and a swift recovery to normal operations. Therefore, continuity management plays a decisive role to increase organizational resilience and is a vital part of a reasonable risk management.

As part of the continuity management, an organization determines from an economical point of view the critical and protect-worthy core activities and which impact a business disruption might have.

Based on the results, a continuity strategy with corresponding structures, emergency plans and solutions will be developed. The resulting processes, structures and competences need to be incorporated into the organization and constantly adapted to changes in the internal or external environment. Education, training as well as tests & exercises are further vital parts of the continuity management. We support you through all phases of the continuity management and assist you in adequately preparing for business disruption and crisis situations.


Business Continuity and IT Service Continuity Management Lifecycle

Our working basis comprises legal and regulatory requirements, national and international standards as well as best practices and the expert knowledge from our Deloitte network. Also, we constantly take your individual and branch-specific requirements into account.

We do not only support you in conceptualizing and implementing a continuity management but also evaluate your current maturity level, identify further needs for action and recommend next steps for continuous improvement. In connecting the partly different requirements from information security, Business Continuity & IT Service Continuity Management as well as crisis management we aim for an overarching concept against all types of incidents and attacks. Additionally, we support you in the evaluation and implementation of corresponding software solutions.

Browse through our BCM/ITSCM Lifecycle and learn more about the services we offer.

Training & Awareness C B A Business Continuity Planning Business Impact & Risk Analysis Governance, Policy & Organization Tests & Exercises

Tests & ExercisesIn order to review and further improve the continuity management, periodic tests and exercises are conducted. This includes theoretical and full-scale exercises as well as simulations. Depending on the participants and test objectives, scenarios of different complexity and focus are used. Besides the practicability of the recovery plans, the affected employees’ level of training is assessed. All conducted tests and exercises are extensively documented and specific measures for improvement are derived from the evaluation reports.


Governance, Policy & OrganizationThe fundamentals for continuity management are determined in the policy. In addition to objectives, roles, and responsibilities, the governance of the continuity management is defined.


Business Impact & Risk AnalysisDuring the Business Impact Analysis (BIA), critical business processes are identified and the necessary resources for their continuity are allocated. The determination of critical processes is, besides the evaluation of relevant risks, based on the company‘s individual risk appetite. By means of a risk analysis (RA), specific events that may lead to a disruption of processes are assessed.


Business Continuity PlanningAs part of the continuity planning, strategies for emergency management are defined and specified in recovery and emergency plans. In order to identify the continuity requirements of resources, the criticality of the supported processes is determined. The resulting measures for emergency management are also influenced by cost-benefit considerations. In some cases, extremely critical resources may require a specific risk analysis and protection measures.


Training & AwarenessAs part of Training & Awareness Management, employees are being prepared for their role in the continuity management by means of theoretical and practical training measures. Objectives and requirements of BCM and ITSCM are conveyed through targeted awareness campaigns for an enlarged employee circle.

Your Contacts

Max Kaiser
Senior Manager | Cyber & Strategic Risk
Tel: +49 (0) 40 32080 4017

Michael Fusseder
Senior Manager | Cyber & Strategic Risk
Tel: +49 (0) 89 29036 7658

Ralph Noll

Ralph Noll

Partner | Cyber Risk

Ralph Noll ist Partner im Bereich Cyber Risk bei Deloitte und ist verantwortlicher Ansprechpartner für alle Fragestellungen rund um den Themenbereich der Cyber Response. Ralph hat mehr als 20 Jahre Er... Mehr