Business Continuity Management

We can support you in the following points as part of your emergency planning:

An emergency manual contains all the points that need to be considered in an emergency. This includes a restart plan for the IT systems, a communication guideline for employees, but also the planning of resources in order to be able to quickly access replacement IT systems in an emergency and to have enough employees available to reinstall or restore the IT systems.

The emergency manual should also define an emergency operating level that must be reached as quickly as possible in order to ensure stable operation of the hospital even with restricted IT. To this end, particularly critical processes and dependencies on IT systems must be identified.

It also makes sense to plan how to maintain emergency operations until the emergency operating level is restored and to prepare and provide any necessary resources.

Emergency drills are used to rehearse procedures and processes in the event of an emergency. These include dry runs, in which the processes are run through on paper, but also real emergency drills in which, for example, individual systems have to be restored or processes are carried out without IT.

Special attention should be paid to crisis communication. Even seemingly harmless messages can be misunderstood and lead to negative consequences for the company or uncertainty among the population, e.g. in the event of a hospital closure.

We therefore work with communications professionals who can prevent a communications disaster even before a catastrophe occurs through preparatory discussions, handouts and formulation aids.

Of course, we are also at your side in the event of a disaster.

In the event of an attack by a third party, e.g. a ransom virus or a hacker attack, the cause of the compromise must be identified before the system is put back into operation. If the gateway is not closed, a new compromise can occur within a short period of time.

As part of a forensic analysis, we examine IT systems and evaluate log files to determine the cause and consequences of an attack.

Communication with authorities should be structured and coordinated. Law enforcement officers expect competent contacts who can prepare and quickly deliver important information. In the event of data protection breaches, there are critical deadlines (e.g. GDPR 72 hours) within which supervisory authorities must be informed.

Today, ransomware viruses no longer only encrypt IT systems. A so-called "double extortion" often takes place, i.e. business-critical, confidential or personal data is copied first and then systems are encrypted. The attackers can then threaten to publish data and extort protection money, even if backups are available.

Experience shows that the management should never speak directly to the blackmailers, but that a representative should always act as an intermediary. If only to gain time when the negotiator wants to consult with the management. Experienced negotiators trained in psychology also have a better chance of reducing the ransom if necessary or ending the extortion completely.

We also help you to coordinate your system partners when restoring systems. Especially in an emergency, which can never be fully planned, experience is an advantage that should not be underestimated.

We work with you to develop your emergency manual. We help you draw up your recovery plans and your crisis communication. We create emergency drills for you and carry them out with you.

In the event of a security incident, we support you in restoring your system, coordinate suppliers and service providers, carry out forensic analyses and communicate with authorities and, if necessary, extortionists.