Business continuity management (BCM) ensures that companies identify and design critical business processes so that they can overcome emergency situations as soon as possible or even prevent them in advance.


As a management process, BCM strives to identify major risks that pose a threat to the organization’s survival and launch counteractions at any early stage. To ensure their ability to function and survive, companies need to take preventive measures to create more robust, fail-safe business processes and enable fast, targeted reactions in the case of emergency or crisis. BCM provides a planned, organized approach to sustainably increase the robustness of essential or time-critical business processes, respond to damaging events accordingly, and return to business as usual as quickly as possible.


The goal of BCM is to minimize temporary disruptions to important business processes or eliminate them entirely and secure the company’s economic existence in the case of major damaging events. This requires a holistic view of all factors to continue critical business processes, and not simply the resource of information technology, in case of a damaging event. IT service continuity management (ITSCM) is one component of BCM.

risk2value supports all relevant steps along the entire BCM lifecycle:


  • Business impact analysis

    • Identifying business-critical processes
    • Running damage analyses (categories and scenarios for damage and protection requirements)
    • Collecting restore parameters (e.g. max. tolerated downtime, max. tolerated data loss, recovery time and level)
    • Setting priorities and criticality
    • Collecting resources for normal and emergency operations
    • Defining criticality and the order for restarting resources
    • Creating BIA reports

  • Risk analysis (identification, evaluation, strategies, reporting)
  • Control analysis (determining current status)
  • Continuity strategies (including analysis of costs to benefits)
  • Emergency prevention (actions, controls, guidelines, escalation)
  • Test (execution, documentation)
  • Compliance (maturity level)


With risk2value, companies can align their specific BCM processes to various norms, national regulations and best practices, including BSI 100-4, BS 25999:2007, good practice guidelines (GPG), ISO / PAS 22399, ISO/IEC 27000/270031:2011, ISO 27001 / ISO 27002, NIST SP 800-34, etc.


Software adds value to the BCM process and automatically merges information contributions from various people to create a complete picture. Companies can individually configure rules, questionnaires, workflows, etc. to implement their specific requirements. They can also create many different types of detailed reports or dashboards to create a complete view of BCM.  


  • Flexible modification of customer-specific requirements
  • Fewer management tasks in the central BCM team
  • Optimal reporting (efficient, structured views)
  • Automated, transparent action tracking
  • Investment security through module extensibility (ISMS)
  • Integration of ITSCM in the BCM solution
  • Optional mapping of SCM requirements
  • Completely accessible risk management
  • Transparency on the maturity level of BCM
  • Simpler information exchange among different stakeholders
  • Integration of business departments and process owners based on a business impact analysis or tactics
  • Documentation and tracking of defined and assumed emergencies
  • Fast implementation (Web application)
  • Workflow support for complex approval processes
  • Less reporting work through automation


  • Compatible with many standards
  • Mapping of BCM assessment lifecycles and period comparisons (business impact analysis, risk analysis, BCP and RRP tests)
  • Custom rule configurations to enable objective evaluations based on quantitative and qualitative criteria
  • Workflow support for editing and tracking actions, test results, emergency cases, etc.
  • Mapping complex cause-and-effect relationships among organizational units, infrastructures, IT systems, IS services, processes and resources
  • Individual reports for various stakeholders
  • Comprehensive evaluation and aggregation capabilities
  • Support for custom client-side modifications
  • Simple administration