The show must go on! If something has gone wrong, sometimes you just want to bury your head in the sand and wait and see. But the best thing to do is to carry on! However, depending on what has happened, this is not so easy. For example, if all systems in the warehouse are paralysed because there has been a cyber-attack, chaos quickly breaks out: Without access to the TMS, it is not clear where pallets are coming from, where they need to go or on which shelf they are in temporary storage. IT emergency management (or business continuity management) provides a remedy here and prepares for precisely this worst-case scenario.
The term Business Continuity Management (BCM) is basically self-explanatory in the context of IT: it is about maintaining operations even in the event of a crisis. No matter how long a company exists, unforeseen events can severely disrupt business processes. Operational continuity management is a must to minimise damage in the event of a power outage or cyber-attack and ensure that work can continue at best.
Firstly, it is important to take suitable preventative measures to increase the resilience of business processes. This applies to cyber-security, for example. However, the main aim is to be able to react quickly and in a targeted manner in the event of a crisis. In logistics, for example, this can mean implementing a back-up transport management system (TMS) and an emergency app. This allows production and warehouse processes to be maintained even in the event of a crisis. Having defined the term business continuity management, we will now look at how IT emergency management works. Which companies are affected by the NIS-2 Directive?
Business continuity management for IT is about developing replacement systems that can be used in the event of a crisis. If a haulage company's TMS fails, the warehouse is quickly flooded with goods and descends into chaos. At the same time, communication with partners breaks down, which makes the situation even worse. In logistics, IT emergency management must therefore ensure that critical functions such as route creation, scheduling, warehouse organisation and scanning processes continue to run – including data transfer to partners.
Business continuity management thus consists of two parts: On the one hand, there are the emergency programmes, more specifically the back-up TMS and an emergency app. Equally important, however, is the emergency plan, which defines exactly what steps need to be taken in the event of an emergency.
The best plan is useless if nobody knows it or what steps need to be taken. If the team only asks in confusion: ‘What is business continuity management?’, the concept won't work either. The motto is therefore: After the concept is before the exercise! As soon as IT emergency management has been implemented in the company, it should be rehearsed for emergencies. After all, if things get dicey, employees should be able to act without hesitation.
To ensure that the back-up software is not affected by the interrupted IT infrastructure in an emergency, it must be independent. It therefore comes from the cloud and runs as a secondary system during normal operations. This way, it is continuously filled with data and is always ready for use – meaning it can seamlessly replace the main system in an emergency.
It is also important to find alternative data transmission methods. If the normal Wi-Fi in the hall is down, transport data must ultimately be transmitted to the partners in another way. Mobile networks and self-sufficient devices (emergency laptops, mobile phones, etc.) ensure that logistics operations can continue even without Wi-Fi.
Business continuity management is a must to prevent everything in the company from collapsing immediately in the event of a crisis. Whether it’s a cyber-attack or a system failure caused by other means, preventive measures such as back-up systems and emergency plans ensure that companies remain capable of acting, and damage is minimised. Regular training and the use of cloud-based solutions are particularly important here. This means that affected processes can be restarted quickly, and companies are as well prepared as possible for unexpected incidents.
Regarding directives such as NIS-2, it is sometimes even legally necessary to think about IT emergency management. IT service providers provide support in drawing up a concept and implementing the necessary processes. It is important that the IT service provider works in accordance with ISO 27031. ISO 27031 is a standard for disaster recovery in the IT sector. Compliance with this standard ensures that organisations and companies have a business continuity concept that can cope with any situation.
Add a comment