Business Continuity Management (BCM) refers to anticipating incidents and disruptions related to business operations, as well as responding to them in a way that allows the organization to continue functioning.

BCM includes processes and procedures for risk management aimed at preventing interruptions to critical services and restoring the organization’s operations as quickly and smoothly as possible. The fundamental requirement for maintaining continuity is ensuring the essential functions of the organization remain operational during a crisis. This includes considering various unpredictable events such as natural disasters, fires, disease outbreaks, cyberattacks, and other external threats.

Every business should have a business continuity management system in place. Why? We live in times where downtime is unacceptable, and certain threats, such as cyberattacks and extreme weather conditions, seem to be intensifying. The advantage of BCM is that once the strategy is created (and updated), it helps to build the organization’s resilience.

1. It helps maintain resilience by quickly responding to threats and disruptions.
2. It protects against the negative consequences of emergencies and unforeseen events, saving money, time, and the organization’s reputation.
3. By enabling resource recovery, it enhances security.

Below, we present a few selected examples of BCM implementation from our own experience – in state and public organizations, hospitals, as well as large and small private companies.

The hospital in Koszalin, as an operator of essential services, had to adapt its security management system to the national Cybersecurity Act (KSC). First, we conducted an audit, followed by a risk analysis and assessment. Based on the gathered information and identification of organizational and technical gaps, we proceeded to update the documentation to ensure it met the requirements and obligations set for essential service operators. A crucial stage was also the training for selected staff, which significantly increased awareness of procedures and risks within the organization, playing a key role in maintaining business continuity.

Full description can be found here: Case study – Wojewódzki Hospital in Koszalin, M. Kopernik.

Another example of effective business continuity management comes from US Pharmacia, which sought support in improving the functioning of its IT infrastructure. The project included, among other things, the implementation of IT service management according to the ITIL v3 framework. We conducted analyses based on the best practices of ITIL and ISO 27001, and also carried out a Business Impact Analysis (BIA). We examined service catalogs, user roles and responsibilities, applied templates, including SLAs with business recipients. An important stage was training for employees – after developing procedures for incident and problem management, we organized a workshop to introduce the updated procedures and best practices for managing IT services.

Full description can be found here: Case study – US PHARMACIA.

For the Swiss company Geberit, a manufacturer of sanitary technology, we implemented a comprehensive Business Continuity Management (BCM) system. The primary focus was on developing complete documentation with procedures and management plans, defining the scope of competencies and authorities for individuals involved in BCM, and providing employee training. As part of the process, we conducted a full audit to ensure compliance with ISO 2240 and ISO 22301 standards, along with a Business Impact Analysis (BIA) and a risk assessment. The client received a full report with recommendations, enabling them to proceed with the ISO 22301 certification.

A full description can be found here: Case study – Geberit.

Neuca, a leader in the wholesale distribution of pharmaceuticals in the country, needed to verify its organizational and technical readiness to fulfill the obligations of a critical service operator. The focus was placed on meeting the requirements of the Critical Infrastructure Act (KSC) and the potential for further improving cybersecurity processes within the organization. Based on a security audit and risk analysis, we developed a package of recommendations and provided consultancy, allowing the company to identify the systems that would help ensure business continuity, considering the infrastructure in use.

Full description can be found here: Case study – Neuca.

At PBSG, we provide comprehensive implementation of the Business Continuity Management (BCM) system. As seen in the examples above, our work begins with a risk and business process analysis to develop and implement an appropriate methodology tailored to the business. For more information, please visit the Business Continuity Management section.