Get Instant Access
to This Blueprint

Infrastructure Operations icon

Business Continuity Management Software Selection Guide

Navigate a mature market to find the best fit.

Developing a business continuity plan is one of the largest and most complex projects an organization will take on because it touches every aspect of the organization and can involve mounds of data. When you add disaster recovery, crisis management, and other resilience planning, the effort can be overwhelming, especially if you plan on using just MS Office tools.

A BCM tool will help streamline plan development and maintenance, but navigating such a deep and mature market can be challenging.

Our Advice

Critical Insight

  • A BCM tool is not a silver bullet. You still need to follow a practical, structured process to generate the plan elements that will be recorded in the BCM tool.
  • All leading vendors in this space offer the same core features, so focus on usability, price, and differences in key features that are most relevant to your requirements.
  • Look for options to simplify the experience (e.g. an entry-level software package or the ability to customize views to hide content that is not yet applicable) until you are ready to take full advantage of the solution.

Impact and Result

  • Understand key trends and differentiating features in the BCM marketspace.
  • Review the strengths and weaknesses of major BCM vendors.
  • Follow a process to define your requirements and evaluate vendors in a structured manner to identify the best fit.

Business Continuity Management Software Selection Guide Research & Tools

1. Business Continuity Management Software Selection Guide – Understand key trends and differentiating features.

Use this guide to understand what you get in a BCM software solution and to review trends and leading vendors. This research will help you define your BCM requirements and select a vendor that best meets your needs.

2. BCM Vendor Evaluation Workbook – Define requirements and evaluate prospective vendors.

Use this workbook to define use cases and requirements to guide your selection.


Business Continuity Management Software Selection Guide

Business Continuity Management Software Selection Guide

Navigate a mature market to find the best fit.

Analyst Perspective

This is a highly mature market with little to separate leading vendors when it comes to feature lists. Focus on usability and vendor support, and let price be the tiebreaker when the first two requirements are met.

Any decent business continuity management (BCM) software will have a business impact analysis (BIA) component, templates for developing plans, and the ability to integrate with other relevant software such as emergency/mass notification tools, human resource information system (HRIS) tools, and so on. To evaluate vendors and find the right fit for your organization, focus on usability because the feature lists are likely to look very similar.

For usability, factor in not only the end-user perspective but also the ease of implementation, integration, and administration, particularly as BCM vendors continue to expand their offerings in real-time incident management and overall resilience planning (e.g. crisis management, operational resilience planning, and so on). With greater complexity comes greater need for usability.

Vendor support to streamline implementation (including customizations), integrations, and administration is also critical, but harder to determine from a vendor’s response to an RFP or a demo. The Net Emotional Footprint in our SoftwareReviews reports can provide an indicator of what to expect, and drive questions to ask prospective vendors beyond feature considerations.

Finally, usability is subjective. Use our SoftwareReviews scores as a guide to help shortlist vendors, but ultimately you need to see these products and ensure they meet your specific requirements. Usability in specific areas critical to your goals can tip the balance.

Frank Trovato

Frank Trovato
Principal Advisory Director, Infrastructure and Operations
Info-Tech Research Group

Executive Summary

Your Challenge

Common Obstacles

Info-Tech’s Solution

  • Developing a business continuity plan (BCP) is one of the largest and most complex projects an organization will take on because it touches every aspect of the organization and can involve mounds of data. When you add disaster recovery, crisis management, and other resilience planning, the effort can be overwhelming, especially if you plan on just using MS Office tools.
  • However, a BCM tool is not a silver bullet. You still need to follow a practical, structured process, but a good tool will help.
  • This is a mature market, so differentiating between vendors is difficult for many organizations.
  • Furthermore, BCM vendors have greatly expanded their offerings. While that can help address a wider range of resilience planning needs, it can also add complexity if you can’t find the right fit.

This trends and buyers guide will help you:

  1. Understand key trends and differentiating features in the BCM marketspace.
  2. Review the strengths and weaknesses of major BCM vendors.
  3. Follow a process to define your requirements and evaluate vendors in a structured manner to identify the best fit.

Info-Tech Insight

All leading vendors in this space offer the same core features, so focus on usability, price, and differences in key features that are most relevant to your requirements.

Info-Tech’s methodology for selecting an appropriate BCM solution

1. Understand BCM Software Capabilities and Trends 2. Define Your Requirements

3. Select Your Vendor

Phase Steps

  1. Define BCM software
  2. Review table stakes & differentiating capabilities
  3. Explore BCM market trends
  1. Streamline requirements gathering
  2. Build your vendor evaluation workbook
  1. Discover key players in the BCM software landscape
  2. Make your selection
  3. Prepare for implementation

Phase Outcomes

  1. Consensus on BCM software scope and key capabilities
  1. Top-level use cases and requirements
  2. Vendor evaluation workbook
  1. Vendor shortlist
  2. Implementation considerations

Combine this research with our Rapid Application Selection Framework (RASF) to accelerate the process

Book a call with an analyst to help you with your software selection:

  • Combine expert analyst guidance with the vendor analysis and tools in this blueprint.
  • Follow a structured, efficient process using the RASF framework to identify your use cases and key requirements to find the best fit.
  • Leverage our contract review services to level the playing field through the negotiation process.

Evaluate solutions
Determine the best fit for your needs by scoring against features.

Features
Determine which features will be key to your success.

Use Cases
Create use cases to ensure your needs are met as you evaluate features.

High-Level Requirements
Use the high-level requirements to determine use cases and shortlist vendors.

CLICK HERE to book your Selection Engagement

Phase 1

Understand BCM Software Capabilities and Trends

Phase 1

Phase 2

Phase 3

1.1 Define BCM software

1.2 Review table stakes & differentiating capabilities

1.3 Explore BCM market trends

2.1 Streamline requirements gathering

2.2 Build your vendor evaluation workbook

3.1 Discover key players in the BCM software landscape

3.2 Make your selection

3.3 Prepare for implementation

This phase will walk you through the following activities:

  • Level set an understanding of what is BCM software.
  • Define which BCM software features are table stakes (standard) and which are key differentiating functionalities.
  • Review key trends in the BCM software market.

This phase involves the following participants:

  • Business continuity manager (or whoever is taking on that role, if not a full-time role).
  • GRC representative. The BCM solution will support overall GRC efforts.
  • Other stakeholders who will be responsible for creating or maintaining BCM-related plans (e.g. IT DRP, BCP, Crisis Management Plan).

What exactly is BCM software?

BCM software supports the development and maintenance of an organization's BCP and related resilience plans. This includes features to facilitate core activities such as identifying business processes and dependencies, executing a BIA, and documenting incident response plans.

BCM software typically can be used to develop, maintain, and/or support a wide range of resilience plans and related objectives including, but not limited to:

  • Business Continuity Plan (BCP)
  • IT Disaster Recovery Plan (DRP)
  • Emergency Response Plans (ERP)
  • Crisis Management Plans (CMP)
  • Governance, Risk, and Compliance (GRC)

Info-Tech Insight

BCM software offerings continue to expand, and the wide range of capabilities and types of plans they support can be overwhelming. Look for options to simplify the experience (e.g. entry-level software package or the ability to customize views to hide content that is not yet applicable) until you are ready to take full advantage of the solution.

BCM software table stakes

Effective BCM solutions streamline the development and maintenance of your BCP and related plans (e.g. DRP, crisis management). That starts with these core features:

Business Process Dependency Identification

IT System Dependency Identification

Business Impact Analysis

Incident Response Planning

Plan Management

Records business processes and their dependencies. This informs incident response plans for business disruptions and supports more advanced features to visually identify business operations affected by an incident.

Records IT applications/ systems and their dependencies. This informs incident response plans for system recovery and supports more advanced features to visually identify systems affected by an incident.

Gathers input from a wide range of stakeholders to estimate impact of a business disruption. Uses that analysis to prioritize business processes and IT systems and define acceptable recovery timelines.

Documents the steps from detection/notification onward to recover from a critical IT and/or business disruption.

Identifies and monitors tasks to be completed by all stakeholders to create and maintain your BCP and related plans. This includes automated reminders to stakeholders and reporting plan completion status.

Beyond table stakes

This is a mature market. Most leading vendors have these same features, but the usability and effectiveness can vary.

Incident Response Management

Facilitates response by identifying affected systems/business processes, relevant plans, and recovery status.

Visual Representation

Illustrates response workflows, dependency mapping, incident impact, etc.

Interface Customization

Customizes input forms, field labels, menu items, etc.

Role-Based Access and Views

Customizes views based on role to improve usability (only see what you need) and manage data security.

Data Encryption

Encrypts data in-flight (i.e. while it's being uploaded/entered) and at rest (after it's uploaded/entered).

Compliance Reporting

Creates predefined reports for common BCM standards (e.g. ISO 22301) and customizable reports to align with other standards.

Vendor Security Compliance

Complies with security standards such as FEDRAMP and SOC2

Integrations to facilitate automation

Seamless integrations to import data such as contact information and system dependencies streamline implementation and ongoing plan maintenance.

GRC Integration

Shares common information between your BCM tool and your overall GRC solution to streamline plan development and reporting.

Customized Integrations

Ensures flexibility to integrate with a wide range of products and not be limited to product-specific connectors.

Mass Notification Capability

Customizes mass notification to relevant groups (e.g. leadership, IT, users) via built-in capabilities or integration with EMNS products.

Roles and Users Information Management

Leverages HRIS, AD, or related systems to pre-populate and maintain user lists, contact info, department, location, etc.

ITSM Integration – Source Data

Leverages ITSM tools to identify systems and dependencies.

ITSM Integration – Critical Incident Management

Enables ITSM tool to leverage your BCM tool to coordinate and manage response (e.g. targeted notifications, incident tracking).

DR Orchestration Software Integration

Ensures alignment of system criticality, RTOs, and RPOs between the BCM tool and DR orchestration software.

Key trend – Operational resilience (OpRes)

OpRes planning improves day-to-day resilience for critical services as opposed to only preparing for traditional large-scale disruptions.

OpRes depends on better understanding the dependencies and risks for individual critical services to better prepare appropriate incident response plans at the critical service level as well as for the overall organization. This includes being able to better coordinate related plans to focus on resumption of critical services – for example, to ensure business workarounds and security incident response plans are better aligned.

UK Financial Services are already subject to OpRes regulations, and other countries around the world have followed suit or are preparing to do so.

BCM vendors have specifically added “Operational Resilience” modules to their software suite to address this need. This includes enabling organizations to:

Identify critical services, related dependencies, and risks at a more granular level (including internal and external risks).

Identify opportunities to proactively mitigate risks to critical services.

Incorporate specific requirements outlined by relevant regulations (e.g. “Impact Tolerance” in addition to the traditional measures such as RTOs/RPOs).

"[OpRes] extends beyond business continuity and disaster recovery. Financial firms and FMIs must have robust plans in place to deliver essential services, no matter what the cause of the disruption. This includes man-made threats such as physical and cyber attacks, IT system outages and third-party supplier failure. And it also includes natural hazards such as fire, flood, severe weather and pandemic."

Source: Bank of England, 2023

Future trend – AI streamlining BCM efforts

Organizations across all industries are scrambling to understand the potential and risks of AI, especially generative AI. The BCM market is no different. Examples of potential enhancements that we expect will be (or already are) part of BCM product roadmaps include:

  • Generate plan summaries: A common challenge for BCM tools is generating a prose-style summary of the massive amount of data and planning captured within the tool, as opposed to provide what appears to be a database dump. AI is a potential solution to create a BCP summary aimed at executives, third-parties, and auditors to provide a high-level, concise, and readable summary of the current state of your BCM program.
  • Generate recovery procedures: Similar to the above, leverage information in the tool (e.g. systems and dependencies) and from related sources to generate draft recovery procedures.
  • Automate plan updates (beyond the basics): Existing automation will maintain contact and dependency information. AI or automation improvements can potentially identify more significant updates due to new service offerings, organizational changes, network changes, and so on.

Risks:

  • Data security: Using third-party tools (e.g. ChatGPT) can expose your data. BCM vendors are addressing this by building their own AI solutions to enable control over data usage.
  • Inaccuracies: AI is only as good as the data it can access and how it interprets that data. AI potentially provides a starting point to create draft content that still needs to be reviewed.
  • AI treated as a silver bullet: Similar to the above, AI has the potential to streamline BCM efforts, not replace foundational BCM practices that ensure an effective and accurate overall BCM program.

A BCM solution supports a sound BCM process; it does not replace it

There are many BCM process frameworks; at its core, it comes down to these three activities – with governance oversight and support by relevant technology (which can include a BCM solution):

  • Define Requirements: Determine scope (business functions, locations, legal and regulatory requirements, etc.), recovery targets (e.g. RTOs, RPOs), and relevant organizational objectives.
  • Implement: Create and implement incident response strategies, including people, process, and technology considerations.
  • Maintain: Review and update requirements; test and update solutions; maintain governance oversight to keep the BCM program current and aligned with organizational objectives.

Phase 2

Define Your Requirements

Phase 1

Phase 2

Phase 3

1.1 Define BCM software

1.2 Review table stakes & differentiating capabilities

1.3 Explore BCM market trends

2.1 Streamline requirements gathering

2.2 Build your vendor evaluation workbook

3.1 Discover key players in the BCM software landscape

3.2 Make your selection

3.3 Prepare for implementation

This phase will walk you through the following activities:

  • Identify requirements, with a focus on use cases to drive practical evaluation of prospective vendors.
  • Complete the BCM Vendor Evaluation Workbook to document your requirements to support your evaluation process. This workbook can be used as a supplement to your RFP to drive detailed responses relevant to your requirements.

This phase involves the following participants:

  • Business continuity manager (or whoever is taking on that role, if not a full-time role).
  • GRC representative. The BCM solution will support overall GRC efforts.
  • Other stakeholders who will be responsible for creating or maintaining BCM-related plans (e.g. IT DRP, BCP, Crisis Management Plan).

Elicit and prioritize requirements for your BCM solution

Understanding business needs through requirements gathering is key to defining everything about what is being purchased, yet it is an area where people often make critical mistakes.

Signs of poorly scoped requirements

Best practices

  • Requirements focus on how the solution should work instead of what it must accomplish.
  • Multiple levels of detail exist within the requirements, which are inconsistent and confusing.
  • Requirements drill all the way down into system-level detail.
  • Language is technical and dense, leaving some stakeholder groups confused on what they are actually looking for in a solution.
  • Requirements are copied from a market analysis of the art of the possible, abstract from organization’s own customer persona analysis.
  • Get a clear understanding of what the system needs to do and what it is expected to produce. Build customer personas to assist with identifying high value use cases.
  • Test against the principle of MECE – requirements should be “mutually exclusive and collectively exhaustive.”
  • Use language that is consistent with that of the market and focus on key differentiators – not table stakes.
  • Include the appropriate level of detail, which should be suitable for procurement and sufficient for differentiating vendors.

Info-Tech Insight

Review Info-Tech’s requirements gathering methodology to improve your requirements gathering process.

Activity: Complete the vendor evaluation workbook

  1. Review each tab of Info-Tech’s BCM Vendor Evaluation Workbook to ensure you have a good understanding of the different areas of evaluation.
  2. As a team, collaborate to identify relevant use cases, technical requirements, qualifications, and implementation deliverables.
  3. Modify the example criteria to suit your requirements. This would include adding, changing, and/or deleting criteria where appropriate for your needs.

Note: After you finalize the criteria in the workbook, you can choose to send the workbook to vendors to provide their responses or use your RFP and/or demos to collect the required information to complete the vendor responses.

Download the BCM Vendor Evaluation Workbook

Input Output
  • Challenges and goals that you are expecting the BCM tool to address. This can range from day-to-day operational tasks to desired outcomes.
  • Use the above to define relevant use cases, technical requirements, qualifications, and implementation considerations.
  • Vendor Evaluation Workbook.
Materials Participants
  • BCM Vendor Evaluation Workbook
  • Business continuity manager
  • GRC representative
  • Other stakeholders who will be responsible for creating or maintaining BCM-related plans (e.g. IT DRP, BCP, Crisis Management Plan)

Choose your route: RFP or otherwise?

As you gather requirements, decide which procurement route best suits your situation.

RFI (Request for Information)

RFQ (Request for Quotation)

RFP (Request for Proposal)

Purpose and Usage

Gather information about products/services when you know little about what’s available.

Often followed by an RFP.

Solicit pricing and delivery information for products/services with clearly defined requirements.

Best for standard or commodity products/services.

Solicit formal proposals from vendors to conduct an evaluation and selection process.

Formal and fair process; identical for each participating vendor.

Level of Intent

Fact-finding – there is no commitment to engage the vendor.

Vendors are often reluctant to provide quotes.

Committed to procure a specific product/service at the lowest price.

Intent to buy the products/services in the RFP.

Business case/approval to spend is already obtained.

Level of Detail

High-level requirements and business goals.

Detailed specifications of what products/services are needed.

Detailed contract and delivery terms.

Detailed business requirements and objectives.

Standard questions and contract term requests for all vendors.

Response

Generalized response with high-level product/services.

Sometimes standard pricing quote.

Price quote and confirmation of ability to fulfill desired terms.

Detailed solution description, delivery approach, customized price quote, and additional requested information.

Product demo and/or hands-on trial.

Phase 3

Select Your Vendor

Phase 1

Phase 2

Phase 3

1.1 Define BCM software

1.2 Review table stakes & differentiating capabilities

1.3 Explore BCM market trends

2.1 Streamline requirements gathering

2.2 Build your vendor evaluation workbook

3.1 Discover key players in the BCM software landscape

3.2 Make your selection

3.3 Prepare for implementation

This phase will walk you through the following activities:

  • Review profiles of leading BCM software vendors, including representative customers, vendor history, and analyst insights.
  • Follow a structured, efficient process to evaluate vendors to find the best fit.

This phase involves the following participants:

  • Business continuity manager (or whoever is taking on that role, if not a full-time role).
  • GRC representative. The BCM solution will support overall GRC efforts.
  • Other stakeholders who will be responsible for creating or maintaining BCM-related plans (e.g. IT DRP, BCP, Crisis Management Plan).

Discover key players through our SoftwareReviews rankings and reports

The image contains a screenshot of the Data Quadrant.

The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.

The image contains a screenshot of the Emotional Footprint.

The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

Leading BCM Solutions

Product summaries driven by SoftwareReviews and analyst insights.

The vendors profiled in this section are listed below, in order of their SoftwareReviews ranking as of November 2023.

Vendor

Product

Rank (as of November 2023)

Premier Continuum Inc.

ParaSolution

1

Controllit AG

[alive-IT]

2

CLDigital

CLDigital 360

3

Fusion Risk Management

Fusion Framework System

4

Riskonnect

Riskonnect BCM

5

This is a mature market, which makes for a crowded leaderboard. Although some products rank higher than others, all the products profiled in this report are among the leaders in this market and are worthy of consideration. The key is to find the right fit for your requirements.

Also note that this is not an exhaustive list. Several well-known vendors such as Archer and Quantivate are not listed here due to insufficient recent reviews to make a fair comparison.

Use the profiles in this section along with our BCM SoftwareReviews reports to help you determine the best fit.

For the latest scores as well as the downloadable category and product reports, please see SoftwareReviews' BCM category.

Business Continuity Management Software Selection Guide preview picture

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Talk to an Analyst

Our analyst calls are focused on helping our members use the research we produce, and our experts will guide you to successful project completion.

Book an Analyst Call on This Topic

You can start as early as tomorrow morning. Our analysts will explain the process during your first call.

Get Advice From a Subject Matter Expert

Each call will focus on explaining the material and helping you to plan your project, interpret and analyze the results of each project step, and set the direction for your next project step.

Unlock Sample Research

Author

Frank Trovato

Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019