01
Risk Analysis
Within the scope of a Business Impact Analysis (BIA), we assess which business processes are crucial for maintaining operations and what consequences an interruption could have. These "critical" business processes are to be particularly safeguarded and prepared for in the context of emergency management. Working alongside your executive team, we prioritize your risks, aligning directly with the requirements of your business model and industry. Throughout this process, we consider all stakeholders and ensure your resilience in times of crisis.
02
Emergency Preparedness Concept and Organizational Preparations
An emergency management concept for an organization is to be developed, encompassing emergency preparedness, emergency response, and post-emergency recovery. To establish and sustain such a process, an efficient management system (guidelines, processes) is necessary, along with the requisite internal prerequisites (resources, roles, committees). The strategic responsibility domain (overall responsibility for entrepreneurial or planning actions), tactical responsibility domain (implementation of strategic directives), and operational responsibility domain (execution of directives from strategic and tactical levels) are distinguished. Without proper organization, an emergency cannot be effectively managed!
03
Creation of Emergency Plans and Integration into Workflows and Processes
Here, reactivation plans, information and communication plans, and more are developed, all of which need to be integrated within an operational structure. Competencies and decision parameters can also be defined. A "business continuity mode" should be outlined, as well as strategies for transitioning from this state back to regular operations. The planning of crisis communication should not go unnoticed – it's a critical internal and external measure to inform customers, business partners, authorities, the public, and your own employees appropriately. Risks stemming from reporting obligations (e.g., publicly traded companies), reputation damage, or even waves of customer terminations can be more detrimental than the actual incident itself, in some cases!
04
Drills of Emergencies and Continuous Improvement
Drills practice the procedures outlined in the plans, establish habitual actions, and verify the efficient functionality of the solutions. They enhance employees' responsiveness and their confidence in taking action. Since individuals tend to react impulsively, hastily, and often incorrectly and irrationally under crisis and associated stress, the aforementioned objectives of drills should not be underestimated. Alongside the practical solution, avenues for improvement should also be explored.
How do we establish an emergency management plan?
An Exemplary Overview of the Process
I would be delighted to work with Mr. Salvador and the team again on the next project. Thank you and all the best!
Andreas Freitag, BMW AG
My TISAX® audit went smoothly and was successful right from the start. We were able to demonstrate our information security according to TISAX® and can now attract new automotive clients.
Any gaps in our preparation or examination were promptly addressed, and Opexa provided documents of high quality. I can highly recommend the team led by Klaus Höllerer, Klaus Kilvinger, and Thomas Salvador.
Dr. Samir Kadunic, MAASU GmbH
During the examination of customer requirements in the TISAX® domain, there was an urgent need for consultation within the company. Thanks to the assistance of Opexa Advisory GmbH, we were able to fulfill our customer requirements and achieve our goals with significant cost savings.
Opexa Advisory is the ideal partner due to their extensive automotive experience, project know-how, and their competent, efficient, and straightforward support.
Herbert Schmidt, Dennemeyer & Co. GmbH
What our clients have to say
Frequently Asked Questions about Emergency Management
Are there standards for this?
How long does it take to establish an emergency management system?
The answer to this question depends heavily on the definition of the goal, the "Definition of Done" (in Scrum terminology). When is the implementation completed? This can be answered differently depending on the organization, time pressure, resources, and the maturity of the company. A startup founded two years ago for mechanical engineering has different requirements than a 30-year-old organization in finance. It is also possible to proceed iteratively by initially recording only a few emergencies and then gradually expanding.
For emergency management, general and established standards such as ISO 22301 can be utilized. Especially for IT risks, the BSI Standard 100-4 can also be employed. From the realm of IT risk management, ISO 27005 can come into play.
There is no obligation to adhere to such a norm or standard; each organization can independently determine how its emergency management should be structured. However, if a certificate (e.g., ISO 22301, BSI IT-Grundschutz) is requested by the customer or is the industry standard (NIS2, BAIT, DORA, etc.), the decision becomes straightforward. Standards offer advantages but might lead to excessive effort and "shelfware" in smaller organizations. The applicability must also be ensured!
We are already operating according to ISO 27001 or TISAX®. Is that an advantage?
Those who already utilize these standards have an advantage! Because the management of information security risks, as well as incident management, are already integral parts of the ISMS. Building on this foundation, the implementation of a general emergency management can be expedited, as it can partly rely on the ISMS processes, knowledge, organization, as well as documents and a management system. It holds true: the higher the ISMS maturity level, the more effective and rapid the implementation of a Business Continuity Management.
What other benefits can we expect from the emergency management system?
Not only cyber risks but also general damage risks are minimized through active emergency management. And consider your cyber insurance – premiums could be higher without demonstrable emergency management. In the worst case, you might not receive any insurance coverage if your organization can't demonstrate its own activities within the scope of plans or emergency drills. Implementing and "living" emergency management can support the overall stability of the company and help make processes and responsibilities more efficient. It allows you to prove your responsibility, provide employees and customers with more security, and even take a leading role in the market.
Cyber attacks and data privacy incidents are two specific areas where emergencies can occur and are frequently reported in the press. This media attention can have disadvantages - who wants negative press or to read about their vulnerabilities in the newspaper, or even worse, having to discuss security issues with clients?
Emergency management - not only in the case of cyber attacks - plays a crucial role within an organization to ensure business operations' continuity or to swiftly resume operations in core areas during a disruption. We assist our clients in establishing appropriate emergency management protocols. With our guidance, they are prepared for the unforeseeable. If you're wondering how to achieve this, feel free to reach out to us!
