Business impact analysis, service dependency mapping, and DR exercise management.
The challenge
Business continuity plans live in Word documents that nobody reads. Impact analyses are done once and never updated. DR exercises are either skipped or produce findings that go untracked.
How Fig helps
Structured BIA with criticality scoring, recovery priority ranking, and RTO/RPO definitions for every critical service. Linked directly to your asset register and service dependencies.
Visualise how services depend on each other, on vendors, and on infrastructure. Single points of failure identified automatically. DR planning grounded in real architecture, not assumptions.
Plan, execute, and document disaster recovery exercises with structured scenarios. Findings tracked through to remediation. Compliance with NIS2, DORA, and ISO 22301 exercise requirements.
ICT continuity strategies documented and linked to critical services. Backup and restore validation with RTO/RPO compliance checking. Management review integration.
Fig uses organisational context to establish BCDR baselines and integrates with the supplier management module to adjust requirements dynamically as the threat landscape changes.
Audit-ready workflow
Business Continuity & DR should not be treated as a standalone tool surface. In Fig it is part of a governed workflow: a signal is captured, an owner is assigned, a control or risk is updated, and evidence is retained so the organisation can prove what happened later.
Lifecycle
The Protect phase is where this capability sits in the wider Fig operating model. Business continuity plans live in Word documents that nobody reads. Impact analyses are done once and never updated. DR exercises are either skipped or produce findings that go untracked. Fig turns that problem into a repeatable lifecycle so MSPs, risk teams, and auditors are not relying on static spreadsheets or ad hoc screenshots when a buyer asks for proof.
Evidence captured
For business continuity & dr, useful evidence normally includes the triggering record, the affected asset or supplier, the control requirement, the assigned owner, the decision made, the timestamp, and the outcome. That evidence is mapped back to frameworks such as Cyber Essentials, ISO 27001, NIS2, DORA, GDPR, CMMC, and internal policy requirements where relevant.
Implementation checks
Useful references
The exact evidence required still depends on your scope, risk profile, sector, and framework obligations.
Built for you
Standardised BCDR across client portfolios. Exercise scheduling, finding management, and service dependency views for every client.
Learn moreBoard-ready continuity reporting. Service dependency graphs show real exposure. DR exercise results feed directly into compliance evidence.
Learn moreComplete BCDR evidence chain from BIA through strategy, exercises, and management review. Meets ISO 22301, NIS2 Article 21, and DORA operational resilience requirements.
Learn moreProtect
Common questions
A DR exercise failure automatically creates a control consequence that affects your compliance scoring. Service dependencies link to your asset register and supplier risk assessments. Everything is connected.
Fig structures your continuity planning in the platform with version control, review cycles, and evidence linking. You can import existing plans and add governance workflows on top.
ISO 22301 Business Continuity Management, NIS2 Article 21 operational resilience, DORA ICT continuity requirements, and Cyber Essentials incident planning controls.
Yes. Plan tabletop or live exercises with defined scenarios, assign roles, track actions during execution, and document findings. Remediation actions are tracked through to closure with full audit trails.
Fig builds dependency graphs from your asset register, integration data, and manual input. It identifies single points of failure, calculates cascade impact, and shows which services are affected if a dependency fails.
Next step
Book a walkthrough tailored to your frameworks and tooling.
We only load non-essential analytics and advertising tags after explicit consent. You can review our cookie register in the cookie policy section and update your choice at any time via “Cookie settings” in the footer.