Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Empowering Resiliency
Issue 1
2 Introduction – Risking Opportunity
For us, it’s all about empowering simplicity, resiliency, biggest risk challenges. We have seen exceptionally
and transformation so that companies can focus on rapid growth in our business because of what we do
innovation and stay ahead of the curve. really well today and how we think about potential
challenges in the near future. We have found that our
The Gartner Effect and Who Really Cares customers enjoy a partner that thinks beyond what
Some people out there might take it lightly that a they are retained to do.
vendor in the BCMP universe has been consistently
recognized by Gartner. For the first time, we are To learn more about how we simplify all elements
furthest to the right for “Completeness of Vision”. of business continuity governance across the full life
Instead of talking to us about it, we welcome you cycle, contact Jim Holt at 216-469-6000 or jim.holt@
to talk with the ones that trust us most with their continuitylogic.com.
time on manual data entry, analysis and reporting • Risk Assessment for Availability: Key
from and to business unit personnel who are time- evaluation criteria include risk methodology
constrained and for whom BCM is not their primary support; risk register; preloaded risk and
responsibility, the core goal in using BCMP software control content; ease of risk rating algorithm
is to spend more time on decision making and customization; risk assessment completion
acting on those decisions, including: navigation support; risk assessment over
time; risk weighting support; and product/
• Facilitating cross-organizational business unit service, location, business process, etc., risk
and IT participation in the BCM program so that mapping and rendering options.
availability risk is complete, transparent and
agreed on by all parts of the business • Usability:
• Effectively managing response, recovery and • Ease of Use: Key evaluation criteria include
restoration activities when business disruptions administrative interface options; drag-and-
occur drop support; help functionality; navigation
wizards; search capabilities; and forward-
The critical capabilities of BCMP software center typing selection.
on providing business leaders with a more
effective means of evaluating operational risks • Ease of Reporting: Key evaluation criteria
and business impacts, as well as planning for, include reporting architecture; custom report
responding to, recovering from and restoring after creation; extent of object inclusion; customer
a business disruption. Gartner believes the optimal branding; alignment with dashboarding; and
BCMP software is holistic in nature, addressing report scheduling and distribution options.
seven critical capabilities. In determining the
effectiveness of the solution, each critical • Mobile Device Support: Key evaluation
capability should be underpinned by the following criteria include device and HTML5 support;
specific attributes: online/offline support; plan rendering
options; depth of mobile device support
• IRMS Enablement: for each BCMP component (e.g., risk
assessment, business impact analysis [BIA],
• Risk Management Discipline Support plan management, crisis management);
and Packaging: Key evaluation criteria interactive task tracking; emergency
include native or third-party support for notification support; and security controls.
operational risk management; IT risk
management; supplier risk management • BCM Planning and Program Management:
and contingency planning; emergency/mass
notification services; IT disaster recovery/ • BIA: Key evaluation criteria include
service continuity management (IT DR/SCM); preloaded business impact content; impact
crisis/incident management (C/IM); hazard option flexibility; breadth and depth of
alerting; and operational and regulatory impact analysis across all resources/
compliance. assets; ease of impact analysis algorithm
customization; BIA completion navigation
• Application Integration: Key evaluation support; peak volume support; critical time
criteria include application integration frame support; impacts over time; impact
methods; specific applications supported; weighting support; maximum acceptable
data association mapping on import; and outage (MAO), recovery time objective
data validation on import. (RTO) and recovery point objective (RPO)
7
• Operations: Key evaluation criteria include Based on the Gartner 2015 Security and
staffing configuration; data center operations; Risk Management Survey, 46% of surveyed
data center formation; data center operations organizations use BCMP software. Therefore,
audits; IT DR/SCM for hosted or hybrid service in the 2015 BCM Hype Cycle, we position
delivery options; data center security (physical the BCMP software market as climbing the
and information); BCM; IT operations; and Slope of Productivity along the Hype Cycle,
information security certifications. and reaching early mainstream adoption.
The detailed responses to the 2015 survey
BCMP software provides benefits by automating question, “Which of the following software
certain BCM program processes that are defined, tools is your organization using to monitor
communicated and agreed on among stakeholders. and/or manage its (BCM) program?” were:
BCMP software can help organizations that have
not done this work to clarify and then standardize • BCM planning software (i.e., risk
BCM program processes to the benefit of all in the assessment, BIA, plan management):
organization. 46%
BCMP software is typically not packaged as a suite One thing to note is that the BCMP
for BCM program processes, although it offers software market provides not just the
additional modules for added IRMS functions. The planning capability, but also the crisis
main advantage, however, is the integration of the management capability. Therefore,
modules, data and workflow. If an organization we expect both markets to have more
does not need correlated information from BCM, crossover functionality and more blurring
supplier/vendor risk and contingency management of the lines between the two markets. In
or compliance management (as examples), then a addition, as more BCMP software vendors
best-of-breed vendor in one of these areas may be integrate communications platform as a
a better choice. service (CPaaS) offerings such as Twilio,
they will offer a near-complete BCM
The Future of the BCMP Software Market program software suite. What is missing
BCMP software is part of a growing category of — but some vendors are discussing for
IRMS focused on supporting a broader enterprise inclusion in their offering — is training and
risk management (ERM) program, including awareness capability. On that point, the use
operational risk (see Note 1). BCMP software is of gaming technologies is becoming a very
well-positioned to address not just availability risk, effective way to train workforce members
but also the broader set of operational risks. on BCM needs.
9
As more organizations recognize that BCMP capability did not stand out from the others.
software is a viable operational risk management Where no commentary is provided, it should be
solution (most already include some form of assumed that the capability is adequate for most
supplier/vendor risk management and contingency organizations’ needs. Refer to Methodology for
planning, as well as compliance management), This Magic Quadrant Completion1 for a detailed
they will start to expand the functionality and, explanation of how this Magic Quadrant research
therefore, the number of users of BCMP software. was conducted.
We see the majority of expansion in BCMP market
revenue coming from two areas: Guidance for the Magic Quadrant Analysis
In regard to the vendor write-ups below,
1 More users (meaning more overall annual we provide analysis background for clearer
subscription fees). understanding of the Vendor Strengths and
Cautions for certain criteria, including.
2 Operational risk management (ORM) solution
replacement opportunities, when a full-fledged • Geographic Strategy: This criterion focuses
ORM solution is not needed. BCMP software on the geographic regions that the vendor
can be used to address a subset of operational targets, multilingual support within the BCMP
risks, as well as to inform a broader operational software, and the geographic diversity of
risk management program. Greater utilization company operations for customer call centers,
of BCMP software in this manner will ultimately management, and technical and professional
lead to growth for BCMP software providers. services. This criterion does not include the
vendor’s geographic diversity for the data
As we see the market maturing, most vendors are centers that run the BCMP software. That
converging on a relatively similar feature set. The criterion is under Operations.
pattern on the Magic Quadrant itself suggests a
market in which most of the vendors are offering • Product or Service: Because of the importance
customer-functional BCMP solutions and meeting of the application development architecture in a
the needs of their respective target markets. BCMP software’s ease of configuration, we scored
However, how they meet customer needs is based newer technologies higher than older technologies.
on a wide variety of application architectures. If We also highlight the application development
your organization cares about ease of configuration architecture of each vendor in this research.
and flexibility, then the BCMP software’s product
architecture should become a key evaluation • Sales Execution/Pricing: We scored vendor
criteria in your BCMP software selection project. pricing based on four user groupings: up to
100, 101 to 500, 501 to 2,500 and over 2,500.
One change in the BCMP market that Gartner Also, we highlight the percentage of fees
is tracking is the number of BCMP vendors that associated with each vendor’s typical BCMP
integrate with ServiceNow — an IT operations implementation allocated to configuration and
solution — as well as the number of BCMP implementation services. This is an important
software solutions being built on top of evaluation criterion because it is indicative of
ServiceNow, either by a consulting firm (e.g., how easy it is to configure the solution by the
Fairchild Consulting) or through an organization’s customer — a higher percentage means that
own development teams. The benefit of more vendor intervention is required.
ServiceNow is that many firms are using it already
for IT operations, and thus can automatically • Customer Experience:
trigger an IT DR/SCM script from an IT DR/SCM
plan housed in the BCMP recovery plan. Therefore, • We scored the SLA guaranteed by contract
BCMP software based on the ServiceNow based on the median of 99.99%, which
application development framework can be a represents four minutes and 19 seconds of
market disrupter in the next three years. downtime per month. The median actual
uptime (not guaranteed via contract) was
The Vendor Strengths and Cautions in this Magic 100%.
Quadrant cover the evaluation criteria for which
a vendor is above or below average. We do • Vendor Performance: In the customer reference
not provide commentary on every evaluation survey, we asked the references to provide
criterion, nor on criteria for which a vendor’s feedback on the vendor’s overall performance
10
during presales, the sales process and the 2016. There are three versions of Catalyst, each
postsales relationship. This question did not having different customization and configuration
include questions specific to the BCMP software options: (1) Enterprise, on a customer-dedicated
capability. The questions in this section include: platform (code customization by the vendor only);
(2) Pro, on a shared customer platform (customer
• Ease of initial installation and setup of configuration to recovery plans, reports, fields
vendor’s BCMP software and BIA; no code customization); and (3) Basic.
Catalyst is a Ruby on Rails application. The product
• Experience with version upgrades is offered in the following delivery models: shared
multitenant, and multitenant with dedicated
• Ease of use in development activities client application instance and dedicated client
and ongoing support of vendor’s BCMP database instance. The industry sectors where
software it has at least 5% of its customers are: financial
services (not including insurance); healthcare
• Performance, scalability and/or throughput providers; government — state, local or regional;
of vendor’s BCMP software manufacturing — discrete and process; higher
education; software publishers or developers;
• Vendor’s product technical support and insurance; and IT service providers.
documentation
Strengths
• Vendor’s professional services
• Innovation: Avalution has either added or
• Vendor’s pricing method enhanced the following innovative capabilities:
ISO 22301:2012 is supported out of the box,
• Vendor’s pricing strategy (actual cost of
an Insights report that shows strong status and
the BCMP software relative to its value)
gap reporting of all aspects of BCM planning
built into the software, and geomapping of
• Quality and reliability of vendor’s sales team
contacts and locations. The R&D investment
as a percentage of revenue is high relative to
• Vendor’s understanding of a particular
other vendors.
industry vertical
• Product or Service: There is very strong
• Vendor’s customer service support
support for IT DR/SCM management. Its
• Vendor’s ongoing software development Insights tool offers a business intelligence view
activities and innovation of the BCM program.
Figure 1 Magic Quadrant for Business Continuity Management Planning Software, Worldwide
• Operations: Avalution’s data centers are based • Innovation: ClearView has either added or
only in the U.S. enhanced the following innovative capabilities:
migration tools for other BCMP software, as
ClearView well as Excel/Word, etc.; “what if” reporting; the
ClearView is headquartered in Oxfordshire, U.K. Its concept of a rolling incident; combined crisis and
BCMP software evaluated for this Magic Quadrant information security incident management and
was v.6.0; the current version is 6.2. The product is expenditure management into its C/IM capability;
offered in the following delivery models: on-premises IT DR plans; geocoding of resources; and a
and multitenant with dedicated client application nonconformance report that shows gaps in BCM
functionality built into the software.
12
based on tiered users. Fusion has one of the • Product/Service: The application is FIPS
best mobile device apps, as it is delivered in 140-2-encryption-certified.
HTML5 and native formats, and offers access to
all of the core BCMP software capabilities. It is • Operations: Global AlertLink’s data centers
one of only three vendors that uses FedRAMP- have among the broadest geographic reach of
certified data centers. all the vendors in this Magic Quadrant.
• Sales Execution/Pricing: Fusion offers one of • Offering/Product Strategy: The vendor did
the highest pricing models based on all user not provide a detailed solution roadmap due to
groupings. confidentiality concerns.
• Business Model: Its only service delivery • Sales Execution/Pricing: Global AlertLink
model is multitenant for both the application did not provide responses for percentage of
and the database. customers by geography or percentage of
revenue by industry due to confidentiality
• Geographic Strategy: The vendor’s customer concerns.
service support is in the U.S. only.
LockPath
Global AlertLink LockPath is headquartered in Overland Park,
Global AlertLink is headquartered in Charleston, Kansas. Its BCMP software evaluated for this
West Virginia. Its BCMP software evaluated for Magic Quadrant was version 4.2; the current
this Magic Quadrant was v. 7.8.3; the current version is 4.4, Update 2. The product is offered in
version is 7.9.2. The product is offered in the the following delivery models: on-premises, and
following delivery models: on-premises, hybrid, multitenant with a dedicated client application
dedicated hosted solution, shared multitenant, instance and dedicated client database instance.
and multitenant with dedicated client application The Keylight platform is a C# and Visual Studio
instance and dedicated client database instance. application. The industry sectors where it has
The product is developed on the Microsoft .NET at least 5% of its customers are: healthcare
Framework. The industry sectors that it has at least providers; financial services (not including
5% of its customers in are: financial services (not insurance); insurance; manufacturing — discrete;
including insurance); transportation; healthcare manufacturing — process; professional, scientific or
providers; insurance; IT service providers; and technical services (not including IT); and retail. An
manufacturing — discrete and process. IRMS vendor, it has BCMP capability in addition to
other risk management offerings.
Strengths
Strengths
• Customer Experience: Based on customer
reference feedback, Global AlertLink has one • Innovation: LockPath has either added or
of the best vendor performance scores, from enhanced the following innovative capabilities:
presales through implementation (this score its Bowtie reports for risk assessment; workflow;
does not include BCMP functionality). reporting; and its Keylight Ambassador tool for
data importing.
• Innovation: Global AlertLink has either
added or enhanced the following innovative • Product/Service: The application is FIPS
capabilities: dependency model; autopopulation 140-2-encryption-certified.
of user attributes; context-sensitive help,
“ToolTip”; workflow; guide for completion of • Overall Viability: LockPath’s average three-year
tasks; geocoding of resources; and IT DR/SCM revenue growth rate was one of the highest of all
run books. The R&D investment as a percentage the vendors in this Magic Quadrant.
of revenue is high relative to other vendors.
15
• Product/Service: Quantivate offers very strong • Geographic Strategy: The vendor has the
support for IT DR/SCM management. largest geographic footprint of all the vendors
in this research, mainly through partners.
• Sales Execution/Pricing: The vendor’s pricing Multilingual support is available at no charge.
model is one of the best (which is corroborated
with high customer reference scores for pricing • Innovation: RecoveryPlanner has either
model), and it is strong across user groupings, added or enhanced the following innovative
except over 2,500 users. Its typical percentage capabilities: The concept of risk user, guided
of a BCMP implementation allocated to wizards for product navigation, supplier risk
configuration and implementation services is management and contingency planning, DOCX
the average of 23%. migration, project management view, support
for geocoding of resources, a personal mobile
Cautions device app, remote wipe and touch ID on the
mobile device app, and RPX University for
• Operations: Quantivate’s data centers are training purposes. It is the only vendor in the
based only in the U.S. Magic Quadrant with a continuity of operations
(COOP)-specific module. ISO 22301:2012 is
• Geographic Strategy: Multilingual support supported out of the box.
was not available beyond its standard language
of English. • Sales Execution/Pricing: Its pricing is one
of the best, and is below average for all user
• Product or Service: Application integration price points (which is corroborated with high
capability is very weak, and limited to the customer reference scores for pricing model
vendor’s custom import process. and strategy). Its typical percentage of a BCMP
implementation allocated to configuration and
• Offering/Product Strategy: Key core BCMP implementation services is one of the lowest of
capabilities, such as compliance management, all vendors in this research, at 3%.
supplier/third-party risk management and
operational risk analysis, required an additional Cautions
investment over the core package pricing.
• Customer Experience: RecoveryPlanner
RecoveryPlanner had one of the widest varieties of reported
RecoveryPlanner is headquartered in Trumbull, problem categories for BCMP usage. It had one
Connecticut. Its BCMP software evaluated for of the lowest BCMP functionality customer
this Magic Quadrant is version RPX 26.111; the satisfaction scores (85% of the median score).
current version is 27.115. The product is offered
in the following delivery models: on-premises, • Product or Service: The product has limited
hybrid, and multitenant with a dedicated client automated ability to guide end users through
application instance and a dedicated client recovery plan creation.
database instance. The product is written in Java.
The industry sectors where it has at least 5% of
its customers are: financial services (not including
17
• Product or Service: The vendor offers among • Innovation: Sungard AS has either added or
the best support for IT DR/SCM management, enhanced the following innovative capabilities:
and all capabilities except basic EMNS are A capability to schedule screen configuration
included in the core package. changes for a future date/time implementation,
for later updating; support for geocoding of
• Sales Execution/Pricing: Strategic BCP’s resources; plan visualization; and C/IM capability.
pricing model is very strong for two user
groupings: 501 to 2,500 and over 2,500 (which • Product or Service: Secure FTP is supported
is corroborated with high customer reference for secure application integration. The
scores for pricing model and strategy). There is application is FIPS 140-2-encryption-certified.
no cost for BCMP implementation allocated to Multilingual support is available at no charge.
configuration and implementation services.
• Sales Execution/Pricing: Its typical
Cautions percentage of a BCMP implementation
allocated to configuration and implementation
• Operations: Strategic BCP’s data centers are services is one of the lowest of all vendors in
based only in the U.S. this Magic Quadrant, at 8%.
• Customer Experience: The conversion of • Business Model: Virtual is one of only three
highly customized Living Disaster Recovery vendors that uses FedRAMP-certified data centers.
Planning System (LDRPS) implementations to
AssuranceCM has been a problem for some Cautions
customers.
• Innovation: There is no BCM standard support
• Overall Viability: Its average three-year for ISO 22301:2012.
revenue growth rate was one of the lowest of
all vendors in this research. • Sales Execution/Pricing: The vendor does not
include dashboarding functionality as part of its
Virtual core BCMP software.
Virtual is headquartered in Budd Lake, New
Jersey. Its BCMP software evaluated for this Vendors Added and Dropped
Magic Quadrant was Sustainable Planner 3.3; We review and adjust our inclusion criteria for
the current version is 3.4. The product is offered Magic Quadrants as markets change. As a result
in the following delivery models: on-premises, of these adjustments, the mix of vendors in any
hybrid, and single tenant with a dedicated client Magic Quadrant may change over time. A vendor’s
web server and database instance. Sustainable appearance in a Magic Quadrant one year and not
Planner is written using ASP.NET. It integrates the next does not necessarily indicate that we have
with iDashboards for business intelligence and changed our opinion of that vendor. It may be a
data visualization. The industry sectors where reflection of a change in the market and, therefore,
it has at least 5% of its customers are: discrete changed evaluation criteria, or of a change of focus
manufacturing; government — federal, national by that vendor.
or provincial; healthcare providers; government
— state, local or regional; financial services (not Added
including insurance); insurance; higher education; • Virtual
professional, scientific or technical services (not
including IT); and retail. Dropped
• BOLDplanning is now focusing on the small
Strengths business market.
The basic benefits of using BCMP software include: • Provide better visibility about availability risk to
executive management and the board of directors.
• Having a structured and consistent approach
to performing and reporting on availability risk • Make better business and risk management
assessments and BIAs decisions.
• The greatly improved crisis management that can be crafted to meet the specific user’s
functionality is a realization that a time of needs based on their role assignment within
disaster is when all the planning efforts come the BCMP software, rule engine support for
together — if you have good plans in place, processing all types of activity, application
then the transition to an actual crisis event integration, and enhanced refined access
can be smoother, especially when using crisis controls so that customers can create roles that
management automation. Also, the high have very detailed access to database fields/
adoption of mobile devices is facilitating a objects, entitlements and functions within the
more comprehensive and complete response BCMP software. Workflow has become much
approach. Using a mobile device app means more sophisticated and configurable in order to
that recovery team members can execute their automate business continuity plan creation, review
recovery duties from the field. This is especially and approval across all key business processes,
important when you have a geographically assets and facilities, as well as for use in the crisis
dispersed operational footprint of people, management process. Finally, the presentation
facilities and equipment, or when you are of recovery and resilience, as well as situational
responsible for customer outages, as is the awareness data, requires strong visualization in
case with insurance claims processors, utility order for users to comprehend the information in a
workers and first responders. In future, the much easier manner.
crisis management functionality will be used to
support crisis events involving the IoT devices, The source of revenue for BCMP software vendors
including notifying people in the area of the is almost twice as high in the U.S. (93%) compared
device failure. to Canada (57%), Europe (50%), the U.K. (43%), the
Asia/Pacific region (other than Japan; 36%), and
• The growth in IRMS functionality beyond BCM Central and South America (46%). The Middle East
in pure-play BCMP software is due to the and Africa each represent 14% of revenue source.
customer base recognizing that the value of These figures align with the vendors’ geographic
risk management is the key driver to resilience priorities: the U.S. is the first priority, Canada is
and competiveness. As organizations work second, and the U.K. and Europe are third. Many
to build an IRMS portfolio, many are aligning of the vendors sell into other geographic regions:
the BCM program with a broader ERM/ORM 12 vendors sell in the Asia/Pacific region, 11
program. As a result, we are seeing ERM vendors sell in the Middle East and Central and
function as the latest “home” for the BCM South America, seven vendors sell in Japan, and six
program. See “Members of the Association of vendors sell in Africa. Russia is a growing area for
Contingency Planners Report on ‘What Keeps sales also for a few vendors.
Them Up at Night’” for the results from a 2015
survey Gartner conducted with the association’s There is not a strong vertical industry product
membership. Further in support, organizations orientation for BCMP software due to the maturity
need the ability to embrace risk rather than of the practices for the BCM profession as
avoid it. Organizations today are not fully developed through regulations such as the FFIEC
prepared to deal with the inevitable and wide Business Continuity Planning Handbook, generics
variety of disruptive events that the future will standards such as ISO 22301 and ISO 22317, and
bring — the average maturity of BCM programs, professional certification organizations such as
as measured using Gartner’s ITScore for BCM BCI, DRII and ICOR. Rather, the differences are
maturity self-assessment tool, is 2.45 on a scale seen in the drivers of each industry to have a BCM
of 1 to 5.2 program and, therefore, the use of BCMP software
(e.g., regulation, supplier management, safety
Other major improvements across all BCMP and others). The one place where an industry
vendors include ease of use, ease of configuration, orientation is seen within BCMP software is in the
supplier/vendor risk management and contingency compliance functionality: Does the vendor support
planning (due to complex supplier networks), the regulations or standards with which your
and IT DR/SCM, as well as enhancements to organization needs to or wants to comply? The
the mobile device app for real-time, interactive industries with the highest percentage of adoption
crisis management, enhanced business analytics, of BCMP software usage are financial services, not
enhanced solution navigation guidance for including insurance (79%); healthcare providers
improved and streamlined project management (71%), insurance (71%) and utilities (50%).
through the use of work steps and workflow
24
The top buyer for BCMP software continues to be the • Vendor offered a portfolio of other
business continuity manager. This role is also reflected complementary solutions, such as operational
as the top owner of the BCMP software, as reported risk management, emergency/mass notification
in the customer reference survey results. The second services or C/IM: 5.0
most likely buyers are a business executive, an HR
manager or an IT DR/SCM manager. Facility managers • Our own previous experience with the product:
and supply chain managers are both the third most 3.6
reported buyer roles.
• We already used other solutions from vendor:
The motivation for customer references buying 3.0
BCMP software is primarily driven because their
current BCM plan management approach was Although there is no such thing as a “typical”
not adequate for their needs (46%). The desire BCMP implementation, the average deployment
to mature their BCM program is the second will have three to six customer resources assigned
motivation (21%) and the complexity of plan to the project team to help with the following
management no longer supports a manual areas: project management, organizational BCM
management approach (13%) is the third. program expertise, business unit representation, IT
liaison for solution architecture and infrastructure
Customer references reported the importance (especially for source of record integrations), and
of the following factors when choosing the final information security. Business unit representation
vendor from the shortlist of BCMP vendors: is vital because they may only access the system
once or twice a year (for BIA or a plan update), so
• BCMP software functional capabilities: 6.6 the solution has to be clear and simple to get their
buy-in.
• Demonstrated understanding of our business
needs: 6.4 Customer references reported that their top factors
when choosing a BCMP vendor are:
• Expected performance and/or scalability: 6.3
1 (Top) BCMP software functional capabilities
• Relevant industry experience; 6.1
2 Demonstrated understanding of our business
• Innovative capabilities: 6.1 needs
• Pricing model and/or overall total cost of 3 Expected performance and/or scalability
ownership: 6.1
4 Pricing model and/or overall total cost of
• Operational/business-IT risk management ownership
experience: 5.8
5 Relevant industry experience
• Viewed as a strategic partner: 5.8
As we did last year, we analyzed only vendor-
• Quality of response to request for proposal or hosted/SaaS-based BCMP software pricing; some
presentation of capabilities: 5.7 vendors offer on-premises pricing, but the majority
of implementations are vendor-hosted/SaaS-based.
• Project implementation methodology: 5.6 BCMP vendor-hosted/SaaS-based pricing is a mix
of options, including module pricing, full and read-
• Conformity to our technical standards: 5.5 only user pricing, head count pricing, setup fees,
and training fees — thereby making price point
• Perceived viability and/or financial strength: comparisons between vendors more complex than
5.5 many other software products. Implementation fees
are common, especially for application integration and
• Good feedback from customer references: 5.4 product configuration that the buyer does not want to
do itself. Training fees apply for on-site training from
• Proven successful implementation at peer
most BCMP vendors. All vendors offer free online
organizations; 5.3
training; a few others include it as part of their initial
setup/implementation.
25
We computed the pricing score using the following • 101 to 250 users (1,001 to 3,000 employees) —
two components: median price: $38,262; average price: $54,012
• Pricing model: This includes the number of • 251 to 500 users (3,001 to 5,000 employees) —
modules that are priced separately (see Note 2), median price: $55,000; average price: $69,769
user pricing complexity, unique pricing options
and pricing incentives, such as multiyear discount, • 501 to 1,000 users (5,001 to 10,000
industry discount, nonprofit pricing and small or employees) — median price: $60,000; average
midsize business pricing. A vendor was given a price: $78,334
lower score if it had more complex pricing.
• 1,001 to 2,500 users (5,001 to 10,000
• Price point comparison: This is the average employees) — median price: $69,750; average
pricing based on the number of users of the price: $87,068
BCMP software. The more above the median
price point the vendor was, the lower its score • 2,501 to 5,000 users (10,001 to 50,000
in this component. employees) — median price: $80,940; average
price: $127,660
This year, we broke out implementation costs from
product pricing in order to raise the importance • More than 5,000 users (50,000-plus employees)
of this pricing category when looking at the total — median price: $89,000; average price:
cost of ownership for the first year. This category $130,883
includes implementation fees such as setup,
training, configuration and recovery plan migration, It must be noted that, on average, 23% of the total
as well as the percentage of a typical deal — which implementation cost comes from professional
average 23% — allocated to professional services services required to configure or customize the
for product configuration and implementation software for customer-specific BCM needs. It is
services. The higher the percentage, the lower extremely rare for a BCMP software tool to have to
the score, because it can indicate that the BCMP be customized for the customer — meaning that
software is not as customer-configurable as code changes are required to provide the required
another solution, or that it is overly flexible and functionality. When using professional services
requires more assistance from the vendor. for their BCMP implementation, 45% of customer
references used the vendor’s professional services
The median deal size of the pure-play BCMP team and only 9% used a third party professional
vendors has gone up slightly between 2013 and services provider. However, 43% of customer
2015 ($50,000 and $55,000, respectively), in many references used no professional services at all for
cases due to the BCMP software being provided their implementation.
to more users within the organization as the
customer uses more of the functionality in the The mean time to implement a BCMP software
solution (e.g., crisis management, risk assessment, solution is 6.21 months, according to customer
supplier risk management and contingency references. After implementation, 39% of
planning). The following list provides median and customers spend five hours to less than 20 hours
average pricing examples for the detailed user per month managing the solution, while 37%
groupings (read-only users are not included) used spend 20 hours or more per month. The two most
in the vendor survey and resulting analysis: commonly integrated BCM technologies with
BCMP software are EMNS (62%) and third-party
• Up to 10 users (1 to 500 employees) — median C/IM solutions (23%). As the crisis management
price: $21,045; average price: $18,820 functionality in BCMP software becomes more
complete, there will be less need to integrate with
• 11 to 25 users (501 to 1,000 employees) — these external solutions.
median price: $22,795; average price: $25,691
Customer references reported their biggest
• 26 to 50 users (501 to 1,000 employees) — challenges to implementing the BCMP software as:
median price: $27,907; average price: $29,811
• Product/Vendor: There was a product-related the specific needs of the customer’s BCM program. In
or vendor workforce issue (48% of customer regards to product training documentation, vendors
references). whose products are more complex provide customized
documentation to the customer. In this Magic
• Company Process/Product Alignment: The Quadrant, we negatively scored these vendors as an
complexity of the customer’s BCM process indication of the complexity of the underlying solution
and/or its alignment to the BCMP software, the itself.
latter often because the BCMP software was
also complex and offered a blank slate (39% of Evidence
customer references). 1Methodology for This Magic Quadrant Completion:
As part of the vendor survey conducted for this Magic
• Company Politics/Resource Management: Quadrant, we asked each vendor to identify five
Customer politics around product usage or reference customers. These customers’ comments
resource commitment (20% of customer were derived from more than 50 BCMP surveys
references). completed between October 2015 and November
2015. Vendors’ placement in the Magic Quadrant also
• Training: Customers that explicitly stated
was influenced by our discussions of BCMP software
training, but it could not be aligned to the
with Gartner clients and non-Gartner clients.
above categories (9% of customer references).
All 13 vendors featured in this Magic Quadrant
As reported in the customer reference survey
completed a survey in which they provided: (1)
results, the multitenant SaaS deployment model is
information about their business and operational
the most common type of implementation (45%),
strategies; (2) an overview of their capabilities and
with 41% of customer references reporting they
how they align with the inclusion and evaluation
use an off-premises deployment of the software
criteria; and (3) their most important financial, sales
hosted by the vendor or a third party (on dedicated
and operational data.
hardware and software) for their organizations’
implementation. Only 5% of customer reference Vendors were evaluated as if they were responding
implementations are for an on-premises to an RFP, and they were ranked on their ability to
deployment. document and qualify their strengths and features.
It is important to remember that a Magic Quadrant
Forty-five percent of the customer references
does not solely rate product quality or capabilities and
reported that they are now using different BCMP
features; it also indicates Gartner’s view of a vendor’s
software from what they started out using. Fifty-six
overall position in a specific market. Although
percent reported they converted from SunGard
product portfolio was an important consideration
AS LDRPS (a BCMP software solution the vendor
in our assessment, a vendor’s ability to acquire
purchased from Strohl Systems in 2008 that is
customers and expand its presence in the market
no longer offered by SunGard AS and has been
also was deemed important, as was its ability to
replaced with its AssuranceCM offering, evaluated
increase its product revenue. A vendor that offers a
in this Magic Quadrant). Twenty-eight percent
strong, technically elegant product, but that is unable
reported they used another BCMP software
or unwilling to devote funding and attention to
solution, 12% reported that they had a homegrown
marketing and sales to increase revenue and improve
solution that outgrew its viability and 4% reported
profitability, will find itself unable to invest in future
that they used office automation.
product development.
The majority of training on the use of BCMP
In addition, each vendor conducted a detailed briefing
software has moved to free online media, with
about and demonstration of its BCMP software. Each
component-specific modules, such as “Here’s
vendor was rated on its ability to conduct an effective
How to Develop a BIA Template,” FAQs, videos,
briefing and demonstration, based on the provided
self-paced tutorials, online live instruction and
critical capabilities defined in the vendor survey as
documentation. On-site training is offered by
well as in the market definition/description section of
some vendors, especially by those whose products
this research. These ratings were used to substantiate
are more complex to configure. Train-the-trainer
and, in some cases, where inadequate customer
modules are the norm for end-user training
reference data existed, to supplement the overall
required by the customer, because almost every
product ratings.
implementation has been configured to support
27
translate those into products and services. Vendors Vertical/Industry Strategy: The vendor’s strategy
that show the highest degree of vision listen to to direct resources, skills and offerings to meet
and understand buyers’ wants and needs, and can the specific needs of individual market segments,
shape or enhance those with their added vision. including vertical markets.
About Us
Continuity Logic connects everyone-to-
everything from BOD to frontline workers and
from governance to business objectives and
performance. We’re an innovation leader for
enterprise continuity, risk, and compliance
management software. Our Global2000 customers
selected us for our unparalleled ease-of-use,
speed-of-implementation, and abilities-to-meet
rapidly changing requirements. Our solutions
eliminate GRC complexity.
Contact US
Continuity Logic
55 Lane Road
Fairfield, NJ 07004
T 866-321-5079
F 973-227-7461
info@continuitylogic.com
Continuity Logic … is published by Continuity Logic. Editorial content supplied by Continuity Logic is independent of Gartner analysis. All Gartner research is used with Gartner’s
permission, and was originally published as part of Gartner’s syndicated research service available to all entitled Gartner clients. © 2016 Gartner, Inc. and/or its affiliates. All rights
reserved. The use of Gartner research in this publication does not indicate Gartner’s endorsement of Continuity Logic’s products and/or strategies. Reproduction or distribution of
this publication in any form without Gartner’s prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner
disclaims all warranties as to the accuracy, completeness or adequacy of such information. The opinions expressed herein are subject to change without notice. Although Gartner
research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a
public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner’s Board of Directors may include senior
managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For
further information on the independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity” on its website.