Crisis resistance with business continuity management

On 11 March 2011, the earth shook several hundred kilometers northeast of Tokyo, in the middle of the Pacific Ocean. The quake triggered a tsunami with a tidal wave up to 40 meters high. It devastated large parts of Japan, destroyed infrastructure, and claimed more than 22,000 lives. As a result, the Fukushima nuclear power plant was severely damaged. A meltdown occurred, and 150,000 people were evacuated.

The tsunami affected numerous companies, including Toyota's production plants. Because many factories were severely damaged, supply and production chains were interrupted for a long time. This led to significant production losses and global supply bottlenecks for vehicles. In response to the crisis, Toyota developed an improved business continuity management (BCM) system that takes greater account of major disasters such as a tsunami.

BCM: more than just risk management
This type of BCM goes far beyond traditional risk management, which is primarily aimed at identifying and reducing potential hazards. BCM aims to maintain or quickly restore a company's business operations in crisis situations. To achieve this, BCM considers all possible hazards that could disrupt business operations, ranging from hacker attacks to natural disasters such as floods, earthquakes, or pandemics to geopolitical crises and interruptions to global supply chains due to unforeseen events. 

In particular, the growing threat of climate change makes BCM indispensable for companies. Extreme weather events such as heavy rainfall, heat waves, or storms are becoming more frequent and cause significant damage. Companies are increasingly integrated into complex supply chains that can be disrupted by such events. An affected organization must be able to find alternative procurement channels for raw materials and ensure that its communication and IT infrastructure can withstand the challenges.

Effective strategies for crisis resilience
Effective business continuity management (BCM) integrates all potential threat scenarios into a comprehensive corporate strategy. The first step is to conduct a detailed business impact analysis (BIA). This identifies and prioritizes the critical business processes and resources that are essential to the company's survival in a crisis. 

The goal is to develop plans that enable the company to remain operational even under difficult conditions. That's why a comprehensive BCM system requires the involvement of all areas of the company. Focusing on the IT department is not enough. Departments such as human resources, purchasing, production, and logistics must also be included. 

Another important aspect of BCM is the continuous training and sensitization of employees. To maintain business operations, they need to know exactly how to act in an emergency. In addition, all emergency plans and continuity strategies should be regularly reviewed and adapted to current conditions.

How ISO 22301 facilitates certification
ISO 22301 provides a globally recognized framework for establishing and operating a business continuity management system (BCMS). Companies can use the standard as a guide to ensure that they systematically address all key aspects of business continuity, from risk identification and assessment to developing and implementing contingency plans. 

Implementing a BCMS is a complex task, but one that synergies can facilitate. In particular, it is common practice in the IT industry to implement an information security management system (ISMS) in accordance with ISO 27001 and to have it audited by external certification bodies. According to ISO 27001, an ISMS already contains many central elements that are also relevant for a BCMS, especially concerning IT failures. These overlaps enable the use of existing security structures so that the implementation effort of a BCMS is reduced. 

This combined implementation also facilitates the certification process for external audits, which can be carried out efficiently in a single step. Both management systems increase stakeholder trust and provide a competitive advantage. This is particularly important in industries with high delivery capability and demands for resilience. 

In the face of growing challenges such as climate change, geopolitical instability, and increasing cyber threats, business continuity management is becoming more and more important. It enables companies to remain operational in crisis situations and to recover quickly. It is not just about risk avoidance but also about crisis preparedness and rapid response. A well-developed BCM is an important tool for managing business risks, maintaining business operations, and reducing the risk of claims for damages due to a lack of preparedness.