01
risk analysis
As part of a business impact analysis (BIA), we examine which business processes are important for maintaining business operations and what consequences a failure can have. These "critical" business processes must be particularly secured as part of emergency management and provisions must be made for the crisis. Together with management, we prioritize your risks and focus directly on the needs of your business model and your industry. In doing so, we keep an eye on all stakeholders and prepare you for crises.
02
emergency preparedness concept and organizational preparations
A concept for the emergency management of an organization must be created, covering both emergency preparedness, emergency management and emergency follow-up. In order to establish and maintain such a process, an efficient management system (guidelines, processes) and the necessary internal requirements (resources, roles, committees) are necessary. A distinction is made between the strategic area of responsibility (overall responsibility for the business or planning activities), the tactical area of responsibility (implementation of the strategic specifications) and the operational area of responsibility (implementation of the specifications of the strategic and tactical level). An emergency cannot be managed without organization!
03
Creation of emergency plans and integration into procedures and processes
This is where restart plans, information and communication plans, etc. are created, which are to be embedded in a process organization. In addition, competencies and decision-making parameters can be defined. An "emergency operation" should also be defined, as well as return strategies from this status to normal operation. The planning of crisis communication should also not go unmentioned, which is a very important internal and external measure in order to adequately inform customers, business partners, authorities, the public and your own employees. Risks from reporting obligations (e.g. listed companies), damage to reputation or waves of cancellations by customers can cause more damage than the actual incident itself!
04
Emergency exercise and continuous improvement
Übungen trainieren die in den Plänen beschriebenen Abläufe, schaffen routinierte Handlungsabläufe und verifizieren die effiziente Funktionalität der Lösungen. Sie verbessern die Reaktionsfähigkeit sowie die Handlungssicherheit der Mitarbeiter. Da Menschen in Krisensituation und dem damit verbundenen Stress dazu neigen, unüberlegt, überhastet und vor allen falsch und irrational zu reagieren, sollten die zuletzt genannten Ziele von Übungen nicht unterschätzt werden. Neben der realen Lösung sind auch Verbesserungsmöglichkeiten zu prüfen.
How do we establish emergency management
An exemplary process at a glance
I would be happy to work with Mr. Salvador and his team again on the next project. Thank you and all the best!
Andreas Freitag, BMW AG
My TISAX® audit went smoothly and was successful right from the start. We were able to demonstrate our information security in accordance with TISAX® and can now win new automotive customers.
Gaps in our preparation and testing were closed promptly and high-quality documents were delivered by Opexa. I can only recommend the team around Klaus Höllerer, Klaus Kilvinger and Thomas Salvador.
Dr. Samir Kadunic, MAASU GmbH
When reviewing customer requirements in the area of TISAX®, the company urgently needed advice. Thanks to the help of Opexa Advisory GmbH, we were able to meet our customer requirements and also achieve our goals with significant cost savings.
Opexa Advisory is the ideal partner due to its many years of automotive experience, project know-how and competent, efficient and uncomplicated support.
Herbert Schmidt, Dennemeyer & Co. GmbH
What our customers say
Frequently Asked Questions about Emergency Management
Are there standards for this?
Wie lange dauert der Aufbau eines Notfallmanagements?
The answer to the question depends heavily on the definition of the goal, the (loosely based on Scrum terminology) "definition of done". When is the introduction finished? Depending on the organization, time pressure, resources and maturity level of the company, this can be answered differently. A mechanical engineering start-up founded two years ago has different requirements than a 30-year-old organization in finance. It is also possible to proceed iteratively by initially identifying only a few critical high-risk emergencies and then gradually expanding in a prioritized manner.
General and established standards such as ISO 22301 can be used for emergency management; the BSI standard 100-4 can also be used, especially for IT risks. ISO 27005 can be used in the area of IT risk management.
There is no obligation to use such a norm or standard; every organization can also independently determine what its emergency management should look like. However, if a certificate (e.g. ISO 22301, BSI IT-Grundschutz) is requested by the customer or is the standard in the industry (NIS2, BAIT, DORA, etc.), the decision is easy. Standards offer advantages, but can lead to excessive effort with "shelfware" for smaller organizations; applicability must also be ensured!
We already work according to ISO 27001 or TISAX®, is that an advantage?
Anyone who already uses these standards has an advantage! This is because the management of information security risks and incident management are already part of the ISMS. On this basis, the implementation of general emergency management can be accelerated, as it can be partly based on the ISMS processes, knowledge and organization, as well as documents and a management system. The following applies: the higher the ISMS maturity level, the better and faster the implementation of business continuity management.
What other benefits can we expect from emergency management?
Not only cyber risks, but also general damage risks are reduced to a minimum through active emergency management. And think of your cyber insurance, the premiums for which can be much higher without demonstrable emergency management. In the worst case, you will not receive any insurance cover at all if your organization cannot prove its own activities, concepts or emergency exercises. The implementation and "living" of emergency management can support the overall stability of the company and help to make processes and responsibilities more efficient. It enables you to prove your responsibility, give employees and customers more security and even take on a pioneering role in the market.
Cyberattacks and data protection incidents are two specific areas where emergencies can occur and are often reported in the press. This media attention may have disadvantages - who wants bad press or wants to read about their vulnerabilities in the newspaper or - even worse - have to discuss security issues with customers?
Emergency management - not just in the case of cyberattacks - plays an important role in an organization to ensure the continuity of business operations or to quickly resume operations in the event of a failure in the core areas. We help our clients to establish appropriate emergency management. With us, they are prepared for the unforeseeable. If you are wondering how this works, please feel free to contact us!