Risk Management

Business Continuity Management in ISO 27002:2022

By |2022-03-07T15:52:25+01:00 7 March, 2022|News, Norms & Standards|

In February 2022, ISO 27002 "Information security, cybersecurity and privacy protection - Information security controls" was updated and replaces its predecessor from 2013 with the 2022 version. ISO 27002 is the guidance for implementing the requirements from ISO 27001 and consequently is not itself a certification standard. Certification continues to be based on the ISO 27001 standard. The title of the standard has been changed (formerly: "Information technology - Security techniques - Code of practice for information security controls"), the structure of the controls has been changed, for example by assigning attributes to the individual controls and controls have been merged, the descriptions updated and controls deleted. These changes will be included in the ISO 27001 update and will be mandatory for future ISO 27001 certifications. The following controls were added: Threat intelligence Information security for use of cloud services ICT readiness for business continuity Physical security monitoring [...]

Leading – differences between bcm and administrative crisis management

By |2021-09-29T11:18:07+02:00 29 September, 2021|Interest|

Business continuity management can also mean "emergency and crisis management". We also find this term in the administrative sector, as in the work of civil protection. But is leadership in the event of crises really the same? This short article is intended to highlight individual differences and similarities between these two emergency and crisis management approaches so that a distinction can be made and differentiation simplified. Causes of crises The causes of crises or disasters in the field of civil protection are almost exclusively external. This means, for example, natural disasters, terrorist attacks or a technical/human failure, which leads to high risks. In the case of companies, there are two additional causes: inadequate attention to operational fluctuations up to the point of escalation and the occurrence of latent problems, which lead to high reputational damage. The crisis is therefore not only brought in from the outside, but may [...]

Comments Off on Leading – differences between bcm and administrative crisis management

Modern Hospital Alarm and Response Planning

By |2021-09-24T16:37:49+02:00 24 September, 2021|Interest, Norms & Standards|

Hospitals are specialized healthcare enterprises that operate either for profit or as a public legal entity. Crisis management in hospitals is also known as "hospital alert and response planning" (german: Krankenhaus Alarm- und Einsatzplanung KAEP), this has its roots in the need to increase treatment capacity. Examples of this are mass casualty incidents (MCI) or sick cases, where the hospital has to care for significantly more patients than in regular operation. Also described in the KAEP are measures to deal with functional failures, such as power outages. Hospital processes require personnel as well as resources embedded in an organization. Support from resources such as electricity, water, sewage, hygiene, IT, materials, medicines, etc. is required with the highest availability. Organizational, billing and documentation processes occur in parallel. The intersection between a hospital and a company from a business continuity management perspective is therefore very large. The Criticality Ordinance of [...]

Comments Off on Modern Hospital Alarm and Response Planning

Case study companies with and without BCM

By |2021-08-30T08:08:32+02:00 30 August, 2021|Interest|

Why actually think and take precautions for robust corporate governance and supposedly expensive business continuity management? Paper is patient - and the ISO 22301 standard lies warm and dry in the cupboard. We take you through a case study to show you the process of an emergency using two differently positioned companies. Our case study takes you to two medium-sized companies operating in the same industry: House of cards-Money Tomb GmbH and robusta-Willow Tree KG. As "hidden champions," the companies produce the highest quality products and services in a niche area. Both companies have an extensive product portfolio, production at several locations, a business field of medical services and a large web presence with B2B and B2C contact. Key customers of the company come from the aviation industry, the automotive industry and other diverse sectors. Our protagonist is Bert van Jenssen, IT manager in the companies. The system [...]

Comments Off on Case study companies with and without BCM

Embedding resilience into your cloud-based modernization strategy

By |2021-08-24T08:21:15+02:00 24 August, 2021|Interest|

As part of transformation and modernization strategies, enterprises are increasingly adopting cloud-first strategies. This provides an ideal opportunity to embed resilience. Consider three core components of modernization: people, applications and IT. "We don't know of any vendor or service provider today whose business model and revenue growth is not impacted by the increasing adoption of cloud-first strategies." Those were the words of Gartner analyst Sig Nag, commenting on the company's recent finding that the public cloud services market grew an astounding 17.5 percent in 2019 to a total of $214.3 billion. While the cloud is transforming businesses of all types, a key aspect of its appeal to traditional enterprises in particular is the role it plays in modernizing existing IT structures. In particular, migrating existing IT to an Infrastructure-as-a-Service (IaaS) model can be a blessing to comprehensive modernization strategies, with pay-as-you-use pricing structures helping to streamline and scale [...]

Comments Off on Embedding resilience into your cloud-based modernization strategy

How COVID-19 is changing the future of cyber resilience through remote working

By |2021-08-23T15:43:38+02:00 23 August, 2021|Interest|

One of the clear impacts of the COVID-19 pandemic is that it has forced many organizations to resort to remote work; and this could have an irreversible impact on future work practices - and cyber resilience. The COVID-19 crisis will undoubtedly have a lasting impact on the way most organizations operate, as work life and operational structures are forced to change dramatically. One of the most obvious changes brought about by the COVID-19 pandemic is the increase in remote work. This development, brought about by the need to reduce physical contact and the spread of infection between people, is likely to remain a feature of modern life even after the worst of the pandemic is over. A key reason for this changing dynamic is that COVID-19 has shown many companies the benefits of virtual online communications. In particular, many companies have seen how effective remote work can be, [...]

“New Normal” – Really that new?

By |2021-08-18T13:58:00+02:00 18 August, 2021|Interest, News|

In many places, life with and after SARS-Covid-19 is currently being described as the new normal. But much of what is supposed to be "new" is not so new. I dare to take a look back. The call of the tower guard: "Close the gates" announced imminent danger. The "lockdown" was the consequence. Isolation and waiting (historically: quarantine = 40 (itl. quaranta) days waiting period for ships entering the port of Venice to protect the narrow city from epidemics) were always the first step to ward off an epidemic. So far, nothing new. But behind the term "New Normal" lies the question of how to shape the future. And not just in dealing with a pandemic event. In terms of business processes, this means formulating modified requirements for business continuity management (BCM). Because closing the gates and waiting will have consequences: Necessary movements of people and goods are [...]

Is COVID-19 really a “Black Swan”?

By |2021-08-18T13:27:29+02:00 18 August, 2021|Interest|

Many commentators referred to the COVID-19 pandemic as a "Black Swan" event. However, this is a misunderstanding of what a Black Swan actually is. Understanding the difference moves COVID-19 from the list of events for which governments and organizations could not prepare to the list of events for which they should have prepared. What are Black Swans? The theory of Black Swan events was developed to categorize unpredictable high-impact events. Nassim Nicholas Taleb first proposed the term in his 2001 book Fooled by Randomness. In 2007, he expanded the concept in his better-known book, "The Black Swan." According to Taleb, a Black Swan event has three characteristics: "First, it is an outlier, being outside the range of regular expectations, because nothing in the past can convincingly point to its possibility. Second, it has an extreme impact. Third, despite its outlier status, human nature lets us concoct explanations for [...]

Supply chain: Risk assessment in general

By |2019-07-19T19:20:25+02:00 19 July, 2019|Interest|

The mere consideration of financially oriented risks is no longer sufficient in today's logistics. Rather, aspects such as risk management, sustainability and social requirements are of great relevance as a result of society. Several studies show, however, that many companies have not yet implemented risk management, nor have plans been drawn up to do so. Medium-sized companies in particular are still hesitant to consider an introduction. The company management either lacks the necessary risk awareness, or the companies regard the resulting cost factor as too high. With regard to current challenges for supply chain management, globalization is often cited as the greatest challenge. As the world and its countries become more interconnected, supply chains are becoming more and more international. As a result, supply chains are becoming longer and more expensive and risk-prone. The effective counteraction and the installation of safeguards in a supply chain is on the [...]

Comments Off on Supply chain: Risk assessment in general

Climate change as a business risk?

By |2019-07-03T10:02:08+02:00 3 July, 2019|Uncategorized|

Climate change and its consequences are painfully felt in many areas and increasingly pose a threat to people and the environment. According to the German Weather Service (DWD), "around 9% more precipitation falls over the year than 140 years ago". The increase in heat waves and hot days can also be clearly seen in the climate report of the German Weather Service (source: bkk.bund.de). Direct consequences of the climatic changes are weather extremes such as heavy rain (or snow), heat (or extreme cold) as well as increasing storms. They have an increasing impact on infrastructure, health, water resources, ecosystems, and much more. In the future, companies will also have to deal even more thoroughly with the possible effects and consequences of climate change. In May of this year, heavy rainfall caused the ceiling of a hospital delivery room to collapse and, at some point, electricity to fail. It [...]

Comments Off on Climate change as a business risk?
Go to Top