Crisis Management & Business Continuity Planning

Learn crisis management and business continuity planning online. Practical training aligned to ISO 22301, NIS2 and BSI standards.

Crisis Management & Business Continuity Planning

Course Overview What happens when a cyberattack brings your organisation to a standstill — and nobody knows what to do?

Crises rarely strike at a convenient moment. Whether it's an IT failure, a natural disaster, a supply chain disruption, or a reputational incident — organisations that are unprepared pay a heavy price. According to the Federal Office of Civil Protection and Disaster Assistance (BBK), many German companies remain poorly prepared for serious business interruptions. At the same time, regulatory pressure is intensifying: EU directives NIS2 and CER, along with the German IT Security Act, now require organisations to develop and demonstrate measurable crisis resilience and business continuity measures.

This course in Crisis Management and Business Continuity Planning gives you the practical tools you need to identify crises systematically, manage them effectively, and build a genuinely resilient organisation. You will learn how to establish a Business Continuity Management System (BCMS) in line with ISO 22301 and BSI Standard 200-4, how to carry out a thorough risk assessment, and how to put clear crisis structures in place across your organisation.

The course is specifically designed around the German and European legal landscape. It covers relevant legislation such as the BSIG and the IT Security Act, EU requirements including NIS2 and GDPR, and the roles of authorities such as the BSI and BBK. Whether you are new to the subject or looking to deepen your expertise, this course equips you with the knowledge and confidence to act when it matters most.

Crisis Management & Business Continuity Planning

Learning Objectives

By the end of this course, you will be able to:

  • Identify and classify different types of crises in German organisations
  • Explain the difference between crisis management, business continuity, and emergency response
  • Apply legal requirements from the BSIG, IT Security Act, NIS2, and GDPR correctly
  • Conduct a structured Business Impact Analysis (BIA) using metrics such as RTO, RPO, and MTPD
  • Design a Business Continuity Management System (BCMS) in line with ISO 22301 and DIN EN ISO 22301
  • Build crisis organisation structures, including escalation and activation models
  • Manage internal, external, and media communication professionally during a crisis
  • Protect stakeholder relationships and organisational reputation in acute crisis situations
  • Create and maintain continuity and emergency documentation (BCP, disaster recovery plans)

Course Curriculum

5 Sections 20 Lectures 5 Hours
  • Crisis types in German organizations
  • Crisis management vs. business continuity vs. emergency response
  • Organizational resilience principles (ISO 22316)
  • Legal liability and duty of preparedness
  • Federal laws: BSIG, IT-Sicherheitsgesetz, BSI-KritisV
  • EU directives: NIS2, CER, GDPR incident obligations
  • State (Länder) catastrophe protection laws
  • Role of BSI, BBK, regulators, and insurers
  • Risk identification aligned to German threat landscape
  • Business Impact Analysis (RTO, RPO, MTPD)
  • Critical process and dependency mapping
  • Scenario planning and prioritization
  • ISO 22301 and DIN EN ISO 22301 requirements
  • BSI Standard 200-4 and IT-Grundschutz alignment
  • Continuity strategies (people, IT, facilities, suppliers)
  • BCP, DR, and crisis documentation
  • Crisis leadership and decision structures
  • Escalation, activation, and command models
  • Internal, external, and media communication
  • Stakeholder and reputation management

Who is this course suitable for?

This course is designed for:

  • Risk and compliance managers in German companies and public authorities
  • IT security officers and information security managers (CISOs)
  • Professionals working in KRITIS organisations (critical infrastructure)
  • Operational emergency officers and corporate safety managers
  • Project managers seeking to integrate resilience and continuity into their work
  • Consultants specialising in business continuity or crisis management
  • HR and organisational development professionals with crisis preparedness responsibilities
  • Career starters looking to build a solid foundation in crisis management and BCM

Requirements

  • No specialist prior knowledge required
  • A basic understanding of business processes is helpful
  • An interest in risk preparedness, compliance, and organisational security
  • Internet access and any device (PC, tablet, or smartphone)

Career opportunities

A qualification in crisis management and business continuity planning opens doors in a rapidly growing field. Companies, public authorities, and consulting firms are increasingly looking for qualified professionals — particularly in the context of NIS2 implementation and rising cyber risk.

  • Business Continuity Manager Responsible for planning, implementing, and monitoring the BCMS within an organisation.
  • Crisis Manager Leads the operational response to crises and coordinates internal and external communication.
  • IT Security Officer / CISO Protects critical IT systems and ensures cybersecurity is maintained even during crises.
  • Risk Manager Identifies and assesses organisational risks and develops appropriate countermeasures.
  • Compliance Officer (BCM Focus) Ensures the organisation meets all regulatory BCM requirements.
  • Emergency Planning Consultant / BCM Consultant Supports organisations in building and optimising emergency and continuity structures.

Certification information

Upon successful completion of the course, you will receive a Crisis Management & Business Continuity Planning certificate documenting your knowledge & skills in this area.

Certificate Image

Frequently Asked Questions

01 What is the difference between crisis management and business continuity management? +

Crisis management deals with the immediate response to an unexpected situation — the what and how in the moment of crisis. Business continuity management (BCM) goes a step further: it ensures that critical business processes can continue to operate during and after a crisis. The two areas complement each other and are inseparable in any effective emergency framework.

02 Are companies in Germany legally required to plan for crises? +

Yes, in many cases. Operators of critical infrastructure (KRITIS) are required under the BSIG and BSI-KritisV to demonstrate measures for operational security and continuity. Through the EU's NIS2 directive, now transposed into German law, this obligation extends to a significantly larger group of organisations. The GDPR also requires breach notification procedures, which in turn demand a functioning emergency response plan. More information is available directly from the Federal Office for Information Security (BSI).

03 What is ISO 22301 and does my company need it? +

ISO 22301 is the international standard for Business Continuity Management Systems (BCMS). It provides organisations with a clear framework for assessing risks, developing continuity strategies, and implementing emergency plans. Certification to ISO 22301 is not mandatory for all organisations, but it is widely regarded as a quality benchmark — especially for companies operating in regulated industries or working with public sector clients.

04 What is NIS2 and what does it mean for German companies? +

The EU's NIS2 Directive (Network and Information Security Directive 2) significantly raises the bar for cybersecurity and crisis resilience. It has been in force since October 2024 and applies to a much broader range of companies than its predecessor — including mid-sized businesses in sectors such as energy, transport, healthcare, and digital infrastructure. Affected organisations must demonstrate security measures, report incidents, and maintain emergency plans. More information can be found on the website of the Federal Office of Civil Protection and Disaster Assistance (BBK).

05 How long does it take to implement a Business Continuity Management System (BCMS)? +

This depends greatly on the size and complexity of the organisation. Small and medium-sized businesses can often establish a basic BCMS within three to six months. Larger organisations with complex IT infrastructures and extensive regulatory requirements may need twelve months or more. This course walks you through the systematic development of a BCMS from the ground up — practical, structured, and step by step.

06 What roles do the BSI and BBK play in crisis preparedness in Germany? +

The Federal Office for Information Security (BSI) is Germany's central cybersecurity authority. It publishes standards such as BSI Standard 200-4 and IT-Grundschutz to help organisations secure their IT infrastructure and prepare for crises. The Federal Office of Civil Protection and Disaster Assistance (BBK) coordinates civil disaster protection at the federal level and provides guidance on risk preparedness. Both authorities play a central role in Germany's crisis management landscape.

07 Can I complete this course without an IT background? +

Yes, absolutely. This course is not designed exclusively for IT professionals. Crisis management and business continuity are interdisciplinary fields. Whether your background is in HR, law, public administration, operations, or general management — the course explains all technical concepts in clear, accessible language without unnecessary jargon. The content is deliberately designed to be approachable for those new to the field, while still offering genuine depth for experienced professionals.

Hier beginnt dein Wachstum.

Entfalte dein Potenzial. Lerne jederzeit und überall.

Starte jetzt mit uns