Magic Quadrant For Business Continuity Management Planning Software

Magic Quadrant for Business Continuity
Management Planning Software

26 August 2013 ID:G00217265
Analyst(s): Roberta J. Witty, John P Morency
VIEW SUMMARY
The 2013 business continuity management planning market, in which there is no perfect product, has
a 2012 revenue estimate of $130 million, 30% more than our 2010 estimate. This Magic Quadrant
ranks 18 enterprise-class vendors.
Market Definition/Description
BCMP products have been in the market for more than 20 years, growing from word-processing
templates to sophisticated, interactive decision support products. The increased need for usable
recovery plans of all types (see Note 1), as well as for a consistent and repeatable plan development
process, has resulted in increased sophistication in the products. In addition, they now integrate with
other BCM products, such as emergency or mass notification service (EMNS) and crisis/incident
management (C/IM), GIS/geospatial, IT asset management, change and configuration management
database (CCMDB), and more. Mature BCM programs use BCMP products for business and program
management analysis, with a goal of building more resilience into the day-to-day business process.
A BCMP product will typically include the following components:
Risk assessment for BCM (more clearly differentiated from the business impact analysis [BIA]
due to governance, risk and compliance [GRC] product influence)
BIA a core BCM activity
Business process and IT dependency mapping
Resource libraries of business and IT equipment, processes, personnel, facilities, third parties
(suppliers/vendors), etc.
Plan development and management
Workflow management for plan development and maintenance actions
Analytics capability to provide BCM program metrics so that the appropriate investments can be
made in risk mitigation controls, day-to-day operations and recovery operations
Some products include additional features, such as:
A modeling capability that lets the organization assess the impact on the business as a result of
an outage whether it be an application, location, business process, third party, etc.
An exercising capability that assists organizations when they test the functionality of their
recovery plans
A lighter-weight C/IM function that can be used when the organization experiences a business
disruption and, therefore, needs to execute its recovery plans; this function should not be
confused with pure-play C/IM products in the market that provide a much richer set of functions
than those described in this research
With over 30 vendors, the BCMP market has a 2012 revenue estimate of $130 million, a 30% growth
since our 2010 estimate of $100 million. Average revenue growth for 2009 to 2010, 2010 to 2011,
and 2011 to 2012 is 33.3%, 18.6% and 19%, respectively. Pricing for this market remains very
competitive for the simpler implementation; pricing for large, multinational implementations can be in
the six figures or higher. Large or regulated enterprises, as well as government agencies, are typical
users of these products, while small and midsize firms are increasingly looking to use them so they
can provide structure and standardization to a BCM program, even one just starting out. The financial
services market and organizations with complex business operations lead in the number of
implementations and vendor marketing efforts.
The significant growth in adoption of BCMP products, as measured in our annual security and risk
management survey 23.8% from 2010 to 2011; 8.5% from 2011 to 2012 and 51% from 2012 to
2013 is an indication that organizations are realizing the importance of the use of these products to
help standardize and manage recovery plan development, as well as management of the BCM
program itself. (Note: The question response option in the 2013 survey was combined with risk
assessment and BIA. In prior years, the survey question response options were separated.)
Having current, effective and exercised recovery plans is the key to success during a disaster, and
these products are essential for effective BCM response, recovery and restoration activities. We
anticipate adoption to continue to grow during the next five years, given the increased focus from
government agencies federal, state and local as well as private-sector preparedness initiatives.
Some of this additional growth will come through the GRC product market: more GRC vendors are
providing BCMP capability as part of a broader operational risk management program.
STRATEGIC PLANNING ASSUMPTION

By 2015, 80% of organizations at a Level 4 maturity
level for their business continuity management (BCM)
program will be using BCM planning (BCMP) products
to help them perform recovery plans and exercise
management, as well as to analyze and manage BCM
program metrics.
EVIDENCE
1 Gartner provided the 18 vendors included in this
Magic Quadrant with a survey resembling an RFP (see
"Toolkit: Business Continuity Management Planning
Software RFP Template, 2012"), with multiple
questions for each evaluation criteria. The completed
surveys were returned in December 2012 and January
2013. In addition to the vendor survey, in-depth
vendor briefings regarding product, portfolio, strategy
and messaging were conducted with each vendor.
Sixty-two customer reference checks were conducted
59 through a 23-question online survey and three
through phone calls.
2 Gartner takes hundreds of call annually regarding
the BCMP market; it made up 18.5% of our call
volume from July 2010 through April 2013. These calls
also inform our understanding of the market and
vendor capabilities.
NOTE 1
TYPES OF BUSINESS CONTINUITY
MANAGEMENT/RECOVERY PLANS
Following are the various types of BCM/recovery plans:
Damage assessment
Emergency response
C/IM
Crisis communications
External communications
Business process/department recovery
Location logistics
Evacuation procedures
Insurance support
Travel support
Legal support
Procurement/vendor management
Customer/partner support
Shelter in place
IT recovery
Business recovery
Business resumption
Third-party availability management
Restoration
Stand-down
Devolution/resolution
NOTE 2
GARTNER HYPE CYCLE BENEFIT RATING
SCALE
Table 3. Hype Cycle Benefit Rating Four-Point

Scale
Benefit Rating
Definition
Transformational
Enables new ways of

doing business across
industries that will result
in major shifts in
industry dynamics
High
Enables new ways of

performing horizontal or
vertical applications that
In "Hype Cycle for Business Continuity Management and IT Disaster Recovery Management, 2013,"
we moved the BCMP market position by one spot to post-trough 15%, from the 2012 BCM Hype Cycle
position of post-trough 10%, and placed BCMP as early mainstream adoption with 20% to 50%
penetration of the target audience and as having a benefit rating of high out of a four-point scale (see
Note 2).
will result in significantly

increased revenue or
cost savings for an
enterprise
Moderate
Provides incremental,
but significant,
This BCMP product Magic Quadrant is a market snapshot that ranks vendors according to competitive
buying criteria. Vendors in any sector of the Magic Quadrant, as well as those not ranked on the Magic
Quadrant, may be appropriate for your enterprise's needs and budget.
improvements to
established processes
that will result in
cost savings for an
Return to Top
Magic Quadrant
enterprise
Low
Slightly improves
processes (for example,
improved user
experience) that will be
Figure 1. Magic Quadrant for Business Continuity Management Planning Software
difficult to translate into

cost savings
Source: Gartner (August 2013)
EVALUATION CRITERIA DEFINITIONS

Ability to Execute
Product/Service: Core goods and services offered by
the vendor for the defined market. This includes
current product/service capabilities, quality, feature
sets, skills and so on, whether offered natively or
through OEM agreements/partnerships as defined in
the market definition and detailed in the subcriteria.
Overall Viability: Viability includes an assessment of
the overall organization's financial health, the financial
and practical success of the business unit, and the
likelihood that the individual business unit will continue
investing in the product, will continue offering the
product and will advance the state of the art within the
organization's portfolio of products.
Sales Execution/Pricing: The vendor's capabilities in
all presales activities and the structure that supports
them. This includes deal management, pricing and
negotiation, presales support, and the overall
effectiveness of the sales channel.
Market Responsiveness/Record: Ability to respond,
change direction, be flexible and achieve competitive
success as opportunities develop, competitors act,
customer needs evolve and market dynamics change.
This criterion also considers the vendor's history of
responsiveness.
Marketing Execution: The clarity, quality, creativity
and efficacy of programs designed to deliver the
organization's message to influence the market,
promote the brand and business, increase awareness
of the products, and establish a positive identification
with the product/brand and organization in the minds
of buyers. This "mind share" can be driven by a
combination of publicity, promotional initiatives,
thought leadership, word of mouth and sales activities.

Return to Top
Vendor Strengths and Cautions

Avalution Consulting
Avalution Consulting is headquartered in Cleveland, Ohio. It is a privately held company with an
employee head count of 15 dedicated to the BCMP product. The BCMP product version evaluated for
this Magic Quadrant was The Planning Portal (TPP) version 2012; the current version is TPP 2013.
With a BCMP offering in place since 2005, the reported number of BCMP product customers for this
evaluation period was 28. The key markets supported are financial services (including insurance), life
sciences, healthcare and nonprofits. TPP is offered only in a vendor-hosted delivery model. The
product architecture for TPP is based on Microsoft SharePoint 2010.
Strengths
Avalution's BCM consulting practice is recognized as strong in the market. The vendor's
consulting lead is the U.S. representative to the International Organization for Standardization
(ISO) for ISO 22301:2012 standard development.
Customer references report a very strong customer service capability, ease of implementation
and total cost of ownership.
Avalution was the only vendor that reported that its BCM operations located in a SAS 70 Type
II data center are BS 25999-certified. All development work is subject to a formal quality
assurance and testing process, including product beta testing with the customer. TPP operations
recovery is tested on a quarterly basis. Customer support is through a toll-free help line with a
two-hour response time 24/7 for emergency issues.
In terms of specific product features, TPP has average capability for workflow management,
strong ease of reporting, very good ease of use experience and average customization
capability. The offering has a risk register and a preloaded set of risks against which a risk
Customer Experience: Relationships, products and

services/programs that enable clients to be successful
with the products evaluated. Specifically, this includes
the ways customers receive technical support or
account support. This can also include ancillary tools,
customer support programs (and the quality thereof),
availability of user groups, service-level agreements
and so on.
Operations: The ability of the organization to meet its
goals and commitments. Factors include the quality of
the organizational structure, including skills,
experiences, programs, systems and other vehicles
that enable the organization to operate effectively and
efficiently on an ongoing basis.
Completeness of Vision
Market Understanding: Ability of the vendor to
understand buyers' wants and needs and to translate
those into products and services. Vendors that show
the highest degree of vision listen to and understand
buyers' wants and needs, and can shape or enhance
those with their added vision.
Marketing Strategy: A clear, differentiated set of
messages consistently communicated throughout the
organization and externalized through the website,
advertising, customer programs and positioning
statements.
Sales Strategy: The strategy for selling products that
uses the appropriate network of direct and indirect
sales, marketing, service, and communication affiliates
that extend the scope and depth of market reach,
skills, expertise, technologies, services and the
customer base.
Offering (Product) Strategy: The vendor's approach
to product development and delivery that emphasizes
assessment can be performed. TPP shows the last approved version of a document versus the
current document being worked on. AES-256 is used to encrypt data at rest in the database and
uses TLS 1.0 for data encryption during transit. C/IM is a built-in component of TPP. TPP has a
mobile Web application that enables users to access their recovery plans and the live C/IM portal
on TPP via their iOS, Android or BlackBerry device. Recovery plans can be printed in more than
PDF format. Single sign-on is supported.
TPP offers the best price comparison coming in at less than half of the median pricing
example. Its pricing model is based on the number of plans and BIAs; Avalution offers a
multiyear discount and a small or midsize business (SMB) pricing option.
Cautions
All internal staff for sales, customer call centers and support engineers is U.S.-based only.
Production availability service levels are managed only to a 99.99% service guarantee level with
a recovery time objective (RTO) of four hours and a recovery point objective of four hours. Data
centers are in the U.S. only in Virginia and Illinois.
Partnerships with other BCM vendors, professional services, resellers/value-added resellers
(VARs) are limited, compared with other BCM product vendors, thereby limiting Avalution's
market penetration and sales performance.
Drag-and-drop support for customization is not provided. The BIA capability does not
automatically calculate RTOs. Suppliers/vendors are considered a resource managed as all other
resources. The vendor's internally provided EMNS capability is limited to phone, email and SMS
endpoint support. The user interface supports English only.
Return to Top
BOLDplanning
BOLDplanning is headquartered in Nashville, Tennessee. It is a privately held company with 21
employees dedicated to BCMP. The BCMP product version evaluated for this Magic Quadrant was
BCplanner.com v.6.8; the current version is 10.4. With a BCMP offering in place since 2004, the
reported number of BCMP product customers for this evaluation period is 170. The key markets
supported are state, local and municipal government agencies (including municipal airports); higher
education institutions; courts and healthcare. The product is offered only in a vendor-hosted delivery
model. The product architecture is based on Windows 2003 Server, Internet Information Services 6.0,
Adobe ColdFusion v.7 and Microsoft SQL Server 2005.
Strengths
BOLDplanning has a very strong focus on government, including continuity of operations
(COOP), Department of Homeland Security's (DHS's)/Federal Emergency Management Agency's
(FEMA's) National Incident Management System (NIMS)/Incident Command System (ICS), the
U.S. National Response Framework, and Federal Continuity Directives 1 and 2. BCplanner.com is
the best product for government organizations.
Customer references report that the product is cost-competitive for the functionality and that
BOLDplanning has very good customer service. Customer references also report that the product
is easy to use.
The vendor has very strong partnerships with emergency management consultancies,
strengthening its market penetration and sales performance.
In terms of specific product features, the user interface makes the product more easily usable
by a broader community. The product has strong reporting capability, strong customization with
drag-and-drop support, very good workflow capability and very good risk assessment capability
with a preloaded set of risk content. It also has a comprehensive help facility. BCplanner.com
has an excellent built-in C/IM module. The online chat room feature is a nice addition for a BCMP
product something usually only found in EMNS products. BCplanner.com has the best set of
plan templates both in terms of breadth and depth, including COOP, continuity of government
(COG) planning and emergency operations planning (EOP). BOLDplanning provides template
text preloaded into the templates a unique feature that the other vendors in this Magic
Quadrant do not support due to a perceived liability risk if a customer uses a vendor-populated
recovery plan and fails in the process. AES-256 encryption is used for data encryption at rest for
both database and file storage. BOLDplanning uses 256-bit SSL for encryption in transit,
although they allow users to downgrade their encryption in transit security in support of
government agency customers. BOLDplanning has separate product versions for government
versus the private sector. Recovery plans can be printed in more than PDF format. The user
interface supports English and Spanish only.
For the BCMP vendor-hosted/software as a service (SaaS) delivery model, BOLDplanning offers a
99.999% service-level guarantee. The vendor's server infrastructure was upgraded in mid-2012
to utilize multiple servers in Virginia and Oregon with automatic failover. Data center operations
failover times are on the order of a few minutes and do not result in the loss of customer data.
The vendor's data center operations are audit-tested by a third party on a quarterly basis. Upon
request from existing customers, complete and full audit reports are provided.
Pricing is based on organization head count. Comparison pricing was on target with the median
pricing example. BOLDplanning offers a "try before you buy" option, as well as a multiyear
discount.
Cautions
All internal staff for sales and customer call centers, as well as support engineers, are U.S.based only.
Currently, the product has very limited multilanguage support. The vital record data object can
be used to represent too many different resources, such as business processes, applications and
data; instead, it should break out resources (IT, form, report, facility, etc.) as discrete boxes
with a comment field to help manage and report impact data in a more structured way. The
vendor's BIA capability does not automatically calculate RTOs and it should break out the
differentiation, functionality, methodology and feature

sets as they map to current and future requirements.
Business Model: The soundness and logic of the
vendor's underlying business proposition.
Vertical/Industry Strategy: The vendor's strategy
to direct resources, skills and offerings to meet the
specific needs of individual market segments, including
vertical markets.
Innovation: Direct, related, complementary and
synergistic layouts of resources, expertise or capital for
investment, consolidation, defensive or pre-emptive
purposes.
Geographic Strategy: The vendor's strategy to direct
resources, skills and offerings to meet the specific
needs of geographies outside the "home" or native
geography, either directly or through partners,
channels and subsidiaries as appropriate for that
geography and market.
business impacts into separate data entry fields. In addition, peak time frames are not
supported, impact time frames are predetermined by BOLDplanning and adding questions to BIA
surveys is not always possible by the customer the customer may need BOLDplanning
intervention to accomplish this task. The vendor's internally provided EMNS capability is limited
in endpoint support. Suppliers/vendors are considered a resource managed as all other
resources. There is no single sign-on support.
Training fees apply.
Return to Top
Business Protector
Business Protector, a Metric One Company, is headquartered in Irvine, California. It is a privately held
company with a total employee head count of 17. The BCMP product version evaluated for this Magic
Quadrant was Business Protector version 5.0; the current version is 6.0. With a BCMP offering in
place since 1986, the reported number of BCMP product customers for this evaluation period was
212. The key markets supported are financial services, including insurance; discrete manufacturing;
and energy firms. The product is offered using SaaS and on-premises delivery models. The product
architecture is based on Microsoft Windows Server (up to 2008 R2), IIS (up to 7.5) and SQL Server
(up to 2008 R2). Version 6.0 of Business Protector was released in May 2013 and supports SQL 2012.
Note: The vendor did not provide revenue numbers, but did provide the percent revenue change year
over year.
Strengths
The acquisition by Metric One offers Business Protector a stronger data center operations
environment one based on cloud computing. It also offers a larger professional services arm
that can take the Business Protector product to a larger and broader set of customers.
Customer references report that a key reason for choosing this product is the vendor's flexibility
in customizing the product to meet its BCM need as well as the cost competitiveness of the
product.
For the BCMP vendor-hosted/SaaS delivery model, the vendor offers a 99.999% service-level
guarantee. Data center operations are split across two continents: California in the U.S. and
London in the U.K., significantly reducing the impact on the customer if Business Protector incurs
a disruptive event. Security and recovery audits are conducted on an annual basis. In addition,
strong customer data protection controls are in place and are evolved as needed.
Partnerships for sales execution are very good, with an interesting one for organized labor risk
management assessments for events such as strikes and workplace violence.
In terms of specific product features, there is very good ease of reporting capability, very good
ease of use, and good ease of customization, with drag-and-drop support. EMNS partnerships
are through top-tier EMNS vendors. Suppliers/vendors are considered a resource managed as all
other resources. The product supports good workflow capability, very good risk assessment
capability and very good BIA capability. SAML single sign-on support is available. Customer data
is encrypted at rest using SQL 2010 encryption support. Data is encrypted in transit using 256bit encryption. The user interface supports multiple languages through Unicode support.
Industry-specific versions of the product are available.
Comparison pricing is very good lower than the median pricing example. The vendor's pricing
model is based on both concurrent and named users those requiring a user ID and password.
The vendor offers a multiyear discount as well as SMB and nonprofit pricing options.
Cautions
Currently, there are limited customer networking and information sharing forums outside of
special forums at the national BCM conferences in the U.S.
Major product releases do not occur as frequently as releases from competitors.
There is no native mobile device app for plan access. The BIA capability does not automatically
calculate RTOs.
The vendor charges a setup fee for product implementation.
Return to Top
Continuity Logic
Continuity Logic is headquartered in Fairfield, New Jersey. A privately held company, it has an
employee head count of 29 dedicated to its BCMP product. The evaluated BCMP product version was
Front Line Live 4.6; the current version is 4.9. The reported number of BCMP product customers for
this evaluation period was 50. The key markets supported are consumer services, financial services,
healthcare, insurance and healthcare. The product is offered using SaaS and on-premises delivery
models. Its architecture is based on Microsoft SharePoint 2007, IIS 7.0 (or greater) and SQL Server
2008 R2.
Strengths
Continuity Logic is one of the newest vendors to the BCMP market, with a long-term focus on
governance, risk and compliance.
Customer service and support engineers are split between the U.S. and the Asia/Pacific region.
Customer references report that a key reason for choosing this product is its cost versus the
competition.
Data center operations are globally decentralized (New Jersey, Dallas, Texas and India),
facilitating a high degree of flexibility for supporting international customers. Operations can be
failed over between data centers. A performance management system is in place that supports
near-real-time alerting of the operations team when predefined packet latency thresholds are
exceeded. Quality assurance (QA) environments that mirror the intended production
environment are internally maintained. Users are provided with access to the QA environment
for testing purposes prior to formal production turnover. A dedicated QA team is in place for
quality testing and customer support.
In terms of specific product features, the vendor's risk assessment capability is good, with the
additional capability of populating the risk register via a third-party offering, such as the Unified
Compliance Framework (UCF). The product has very good reporting capability and very good
ease of use. Its ease of customization is strong, with drag-and-drop support. EMNS is good
(partnerships could improve with top-tier EMNS vendors). The vendor's C/IM and third-party
management capabilities are two of the strongest for a BCMP product. Workflow capability is
very good. Through the Compliance Manager module, Continuity Logic has a very good
standards compliance capability, supporting the most (30) BCM standards/frameworks of all the
vendors in this Magic Quadrant. Secure File Transfer Protocol (SFTP) is used to encrypt data in
transit. Recovery plans can be printed in more than PDF format.
Comparison pricing was on target with the median pricing example. Base pricing complexity is
good (based on the number of plan administrators and product administrators). The vendor has
an excellent multiyear pricing option.
Cautions
From the customer reference point of view, the areas that Continuity Logic can improve in are
customer service and training.
Production availability service levels are managed only to a 99.996% service guarantee level.
Partnerships with a few large consulting firms help to scale the business and expand sales
performance, but Continuity Logic needs to add more partners for this benefit to be realized.
There is no native mobile device app available for plan access for the evaluated version;
however, the vendor reports that the current version of the product supports native apps for the
Apple iPad and Android devices. The product has limited capability to customize the look and feel
to align with the customer's branding. There is no single sign-on support, and no encryption for
data at rest. The user interface supports English only.
Return to Top
Coop Systems
Coop Systems is headquartered in Herndon, Virginia. A privately held firm founded in 2002, it has an
employee head count of 25 dedicated to the BCMP product. The BCMP product version evaluated for
this Magic Quadrant was version 6.11; the current version is 6.14. myCOOP has been a product
offering since 2005. The reported number of BCMP product customers for this evaluation period was
more than 150. The key markets supported are higher education, financial services, state/local
government, insurance and professional services (not including IT). The product is offered
hosted/SaaS and on-premises delivery models. The product architecture is based on SQL Server,
SharePoint, Visual Studio and Microsoft .NET.
Strengths
The vendor supports both a user group and an advisory group.
Partnerships for sales execution include large technology and consulting firms in the U.S. and
Japan.
Data centers are located in the U.S. (Atlanta) and Canada (Toronto, with failover to Vancouver).
Operations service-level guarantees include 99.9% for service availability. SaaS operations are
managed in Tier 4 data center facilities. Active-active operations are supported with recovery
times on the order of minutes.
In terms of specific product features, the reporting capability is very good and the user interface
can be tailored to align with ISO 22301 and other BCM standards/frameworks. myCOOP has a
very good built-in C/IM capability. Coop Systems' hosted services use only SHA-1 hashing
functions to encrypt all sensitive information, including passwords. As an option, data at rest can
be encrypted using AES-256. All sensitive data encrypted for transit over the Internet uses SSL
v.3. myCOOP's native mobile device app delivery approach is unique the vendor works
through a third-party vendor that ports the app to all devices. Supplier/vendor management is a
separate module. The vendor's BIA capability is very good. Dependency mapping supports a
graphical representation. The user interface supports English, Japanese and Thai. Importing data
from organizational sources of record to the added-on myCOOP database has been resolved with
the introduction of its data synch feature. Recovery plans can be printed in more than PDF
format. Coop Systems has built automated capability to import recovery plans and data from
other BCMP products.
The pricing model is based on named users those requiring a user ID and password. The
vendor offers a strong multiyear pricing option.
Cautions
All internal staff for sales and customer call centers, as well as support engineers, are U.S.based only. In some overseas markets, partners provide local support.
Some customer references report a concern over the vendor's customer support services.
Customer references also report that there have been some challenges in balancing the
upgrades and keeping up with customer desires/demands.
myCOOP requires more vendor intervention for aligning the product to customer requirements,
especially those of larger clients.
In terms of specific product features, myCOOP could see expanded sales if it had partnerships
with more than one top-tier EMNS vendor (currently, MIR3). There is no support for single signon. The basic workflow capability has some limitations; the purchase of Advanced Workflow is
required to perform an unlimited number of steps in a defined workflow process.
Comparison pricing was slightly higher than the median pricing example. The vendor charges a
setup fee for product implementation.
Return to Top
eBRP Solutions
eBRP Solutions is headquartered in Toronto, Canada. An employee-owned firm, it has an employee
head count of 40 dedicated to the BCMP product. The BCMP product evaluated for this Magic
Quadrant was the eBRP Suite version 4.1.04; the current BCMP product version is 4.1.08. With a
BCMP offering in place since 2002, the reported number of BCMP product customers for this
evaluation period was more than 120. The key markets supported are the broadest of all vendors
analyzed in this research, with a focus on financial services, energy (oil and gas), discrete
manufacturing, and utilities. The product is offered using hosted/SaaS and on-premises delivery
models. The product architecture is based on Microsoft Windows Server 2008 (or newer), Microsoft
IIS and SQL Server 2008.
Strengths
During the past five years, eBRP has focused on developing an operational risk management
product, including BCM and third-party management.
There is strong global staff distribution between the U.S., Canada, Europe, India and Australia.
Operations data centers (Tier 3/Tier 4) are distributed across six separate geographical
locations: the U.S. (Washington, D.C. and Santa Clara, CA), Canada (Toronto, Ontario and
Vancouver, British Columbia) and the U.K. (London and Slough). For the BCMP vendorhosted/SaaS delivery model, eBRP Solutions offers a 99.995% service-level guarantee.
Operations failover is tested once every two weeks. The maximum amount of time in which
customer data could be lost is 15 minutes.
In terms of specific product features, the third-party management and dependency mapping
capabilities are the best among all the vendors in this Magic Quadrant. EMNS support is provided
through top-tier vendors. The built-in exercise management and C/IM capability is very good.
There is an integrated GIS capability (allowing all facility, employee and vendor locations to be
mapped). Mobile device capability for plan access is through the C/IM capability. Workflow
capability is very good. Support for Gantt charts to visually display recovery procedures is a key
product differentiator. Encryption for data in transit is very good, with support for PGP, SSL v.3
and SFTP. Encryption for data at rest is available upon request by the customer. Single sign-on is
supported. The user interface supports multiple languages. The product has not been developed
to align with any specific BCM standard, but BCM standards self-assessment compliance tracking
support is available through configuration. Strong password controls and role-based access
control. The product has strong training capabilities. eBRP has built automated capability to
import recovery plans and data from other BCMP products.
Comparison pricing is competitive, coming in slightly under the median pricing example. The
vendor has an unlimited user pricing model. The vendor offers a multiyear discount.
Cautions
eBRP has specific and long-held beliefs about how risk assessments, BIAs and recovery plans
are to be developed. For example, the product does not show risk impact over a range of time
frames; this is a professional decision made by eBRP founders about how to conduct a risk
assessment assessing risk impact is not much more than a guess and providing such
capability only takes bad data and compounds it.
Although eBRP has updated the look and feel of the product, it is still limited by the .NET
infrastructure on which the product is developed. Some report data is not accessible through an
online feature, such as a URL link; eBRP considers this to be a security concern and will not
provide the capability. This last point means that there is more work to be done to complete
some steps for example, you can look up people on a team, but you have to go back into the
product's administrative interface to make changes to that person, rather than clicking on the
person's name in the generated report. Tool administration could be easier to perform and more
intuitive; you usually have to go back to the administrative interface, and go through the asset
infrastructure model to do most actions.
Return to Top
EMC (RSA)
RSA, The Security Division of EMC, is headquartered in Bedford, Massachusetts. A public company,
RSA acquired Archer Technologies in 2010. Archer has a BCMP solution available within its eGRC
Suite. The BCMP product version evaluated for this Magic Quadrant was Archer Business Continuity
Management v.4.5.2; the current BCMP product version is 5.2. With a BCMP offering in place since
September 2008, roughly 25% of RSA Archer customers have deployed the BCM module. The key
markets supported are financial services; insurance; government (federal, national and provincial);
business/consumer services; and professional, scientific and technical services (not including IT). The
product is offered in hosted/SaaS and on-premises delivery models. The product architecture is based
on .NET, Windows Server 2003/2008 Microsoft SQL Server for its RDBMS and IIS 7.0 for its Web
server. Note: RSA did not provide answers to survey questions regarding revenue by year or region,
nor for staff head count. We used Gartner's internal vendor rating process to provide an overall
financial viability score for RSA.
Strengths
BCMP capability is integrated with the vendor's enterprise and IT GRC management platform for
broader integration into the operational/enterprise risk management process. RSA has a better
and more well-established delivery ecosystem than the other GRC products included in this
research.
Customer support staff are in the U.S. and the U.K. Support engineers are in the U.S., U.K. and
the Asia/Pacific region.
The vendor has a well-developed network of reseller and professional services partners,
including its own EMC Consulting practice.

There is a very strong user group process, including the number and size of user forums that
facilitate peer networking, information sharing and product requirements capture across all its
product modules.
In terms of specific product features, ease of reporting is very good. Ease of use and the user
interface are excellent, with strong graphical support. Ease of configuration is excellent with
drag-and-drop capability. There is an excellent use of graphics. The product leverages a thirdparty partner for loading risk statistics into the product. Data at rest is encrypted using AES256. Data in transit is protected using SSL 256-bit encryption. The vendor offers one of the best
native mobile device apps for the iPhone and iPad. EMNS support is through one top-tier EMNS
vendor. Exercise management is good, as is C/IM capability. Supplier/vendor management is
available. There is a strong BCM standards self-assessment compliance tracking capability,
including alignment to key BCM standards/frameworks. Recovery plans can be printed in more
than PDF format. Single sign-on is supported. The user interface supports English, French,
Spanish, German and Japanese.
Comparison pricing is on target with the median pricing example. The vendor's pricing model is
based on employee head count and the number of modules needed to be purchased. An SMB
pricing option is offered.
Cautions
Availability service-level guarantees are 99.9%, lower than many of RSA's competitors. Only one
data center supports production BCMP service operations in Phoenix, with a "warm spare"; the
backup site is in Marlborough, Massachusetts. IT service operations failover is not automated. IT
service recovery testing results are not currently audited by independent third parties. The
vendor has indicated that this is due to the newness of the vendor-hosted offering and that such
auditing is planned for the near term.
Generation and distribution of a recovery plan to a designated plan owner is a bit complicated;
the plan is generated through the use of Microsoft Word templates, mail merge and notifications.
Also, the only file format supported as an attachment that can be printed along with the plan is
Word. Other file formats will be forthcoming.
RSA is the only vendor to not offer a multiyear pricing discount. It charges a setup fee for
product implementation. Training fees apply.
Return to Top
Factonomy
Factonomy is headquartered in Edinburgh, Scotland, and New York City. Factonomy is a privately held
company that is venture-capital-backed. The vendor's head count is approximately 50. The BCMP
product version evaluated for this Magic Quadrant was Factonomy ResilienceXT v.3.0; the current
version is 3.21. Factonomy has 14 customers using its technology for BCMP purposes all having
implemented the product within their own data centers. The key markets supported are financial
services, manufacturing and professional services. The product is offered via on-premises and
SaaS/hosted delivery models. The product architecture is based on Windows 2008 Server R2 (64-bit)
Microsoft .NET (v.3.5 or above), Microsoft IIS Application Server and SQL Server (either 2005 or
2008).
Strengths
One of the newest entrants to the BCMP market, the FactonomyXT application engine is based
on a declarative XML application engine.
Customer references report that Factonomy is intuitive and easy to manage, and that the look
and feel is clean, streamlined, not cumbersome, and can be customized even more.
Staff for customer call center and sales, as well as support engineers, are in the U.S., U.K. and
India.
Separate development, user acceptance testing (UAT) and production environments are
established for each client. Additionally, internal test platforms are used for early-stage
configuration. Operations failover to a separate physical server and to another physical location
is supported, consistent with the client's data storage policy. Factonomy supports Amazon Web
Services (AWS) GovCloud (US) and is able to offer U.S. federal government customers the
ability to host its services on AWS GovCloud, which is compliant with the FISMA Act and the
FedRAMP initiative.
In terms of specific product features, Factonomy has converted its declarative XML application
engine from one that required extensive vendor-based configuration to one in which customers
can do much of the customization themselves. This makes the product accessible to
organizations of all sizes, not just the large, multinational organizations that Factonomy had
been pursuing. The user interface is very modern and easy to use. Business rules for plan
development and management can be unique to a business unit, region, etc. The vendor has a
scenario modeler feature that takes BIA results to produce scenarios that rank the impact to the
business from different and varied interruptions. Due to the product operating in the Microsoft
Azure cloud environment, 2048-bit SSL is used to encrypt data in transit. There is very strong
ease of reporting. EMNS support is through one top-tier EMNS vendor. Role-based access control
is very strong. Single sign-on is supported.
The pricing model is based on employee head count.
Cautions
Partnerships for sales execution are few, although those that Factonomy has IBM and Deloitte
are strong partners.
The vendor currently does not support a formal user group.
The SaaS/hosted offering has highly resilient and scalable operations run in Microsoft's Azure
cloud computing infrastructure, although no customer has implemented the product in this
delivery model as of the evaluation time frame. Factonomy offers Microsoft Azure services as a
managed service.
For its vendor-hosted/SaaS delivery model, Factonomy offers a 99.95% service-level guarantee
only. The vendor's recovery plans are not tested on a regular basis. Little to no regular vendor
testing of system performance.
No encryption support currently exists for data at rest. The product does not come with built-in
support for any BCM standard/framework. There is no native mobile device app support, and no
C/IM capability. The user interface supports multiple languages through the use of the translate
feature. English, German, Russian and simplified Chinese are the standard options offered, but
any language can be supported. In all cases, the client is responsible for making and
maintaining the translation.
Comparison pricing is noncompetitive to the median pricing example. Most implementations are
fixed-price.
Return to Top
Fusion Risk Management

Fusion Risk Management is headquartered in Rolling Meadows, Illinois. It is a privately held company
with investors that include Fusion's founders and selected angel investors. The head count of the
company is approximately 15. The BCMP product version evaluated for this Magic Quadrant was the
Fusion Framework Risk Management & Contingency Planning System v.1.4; the current version is 1.5.
The Fusion Framework System runs on the cloud-based Force.com application platform and hosting
environment provided by salesforce.com. As an independent software vendor (ISV) application
partner of salesforce.com, Fusion provides the Fusion Framework System and underlying Force.com
embedded OEM licenses as a single integrated solution to its enterprise customers. Fusion Risk
Management currently has more than 30 customers. The key markets supported are manufacturing,
financial services, telecommunications, energy, services, retail and distribution. Because it is a
layered service within the salesforce.com cloud, the only delivery model supported by Fusion Risk is
SaaS.
Strengths
The newest and fastest-growing BCMP vendor, Fusion has some of the strongest BCM
professional experience in its management team.
Fusion Risk Management is the only BCMP vendor that utilizes cloud-based platform as a service
(PaaS), specifically through salesforce.com.
Customer reference feedback indicates ease of use and expanse of customization capability.
Fusion Risk Management offers a 99.9% service-level guarantee. The product platform
(Force.com) supports several million concurrent users. Client-specific QA is performed to
validate user access models, workflows and navigation. Service availability and performance is
measured and continuously reported on the public-facing portal. Salesforce.com has a very
robust IT disaster recovery management (DRM) capability with ongoing component testing,
failover testing and multiple layers of backup. Full recovery test data is provided to clients as
part of the BITS Shared Assessment reports and SSAE 16, among other assessments. The
vendor also regularly tests its internal BCM plans via a mandatory work-from-home strategy
every six weeks.
In terms of specific product features, Fusion Risk Management has some of the best reporting,
ease of use and configuration capabilities. It provides mobile device support for plan access,
incident response, reports and dashboards, and comprehensive enterprise collaboration via the
integrated salesforce.com Chatter application included with the Fusion Framework System.
Chatter Mobile is supported on iOS, Android and BlackBerry, and Chatter runs within the Fusion
Framework System and as a stand-alone desktop application. Encryption of data in transit is
done through standard HTTPS/TLS 128-bit encryption using RC4-128, with SHA1 for message
authentication and RSA as the key exchange mechanism. Encryption of data at rest is optional
using the industry standard AES algorithm and 128-bit master keys. Very good C/IM is built into
the product. Workflow capability is very good, with integrated workflows across all plans and
features of the product. BCM standard compliance self-assessment tracking is available through
configuration to follow many BCM standards. There are very good role management and access
control capabilities. Single sign-on is supported via SAML 2.0 and 1.1. Recovery plans can be
printed in more than PDF format. The user interface can support more than 25 languages.
The pricing model is based on named users those requiring a user ID and password. The
vendor offers a multiyear discount and has an SMB pricing option called Fusion Essentials.
Cautions
All internal staff for customer call centers and support engineers are U.S.-based only. There is a
small sales presence in Canada.
Because it is a new vendor in the BCMP market, partnerships are currently very limited. The use
of Tier 2 partners is planned for expansion purposes into EMEA, Latin America and the
Asia/Pacific region.
All data centers are in the U.S. in Northern and Southern California, Illinois, and Virginia. To
run the Fusion Framework System application in a non-U.S. salesforce.com data center, Fusion
must make an application to salesforce.com for its review and acceptance.
The BIA capability does not automatically calculate RTOs as an out-of-the-box feature, but the
product can be configured to do so.
Comparison pricing is noncompetitive to the median pricing example. Training fees apply.
Return to Top
MetricStream
MetricStream is headquartered in Palo Alto, California. A privately held company, it has an employee
head count of 1,100 of which 35 to 40 are dedicated to the BCMP product. The evaluated BCMP
product version was MetricStream 6; the current version is 6.1. With a BCMP offering in place since
2010, the reported number of BCMP product customers for this evaluation period was 15. Key vertical
markets supported are energy, financial services (including Insurance), government (federal, national
and provincial), life sciences, discrete and process manufacturing, and utilities. The product is offered
using SaaS/hosted and on-premises delivery models. The product architecture is based on openstandard Java Platform, Enterprise Edition (Java EE) and XML. Note: Revenue numbers were not
provided by the vendor.
Strengths
BCMP capability is integrated with the vendor's enterprise and IT GRC management platform for
broader integration into the operational/enterprise risk management process. In addition, the
BCMP module is packaged and sold separately from MetricStream's GRC offerings.
Staff for customer call centers and sales are on every continent, and support engineers are in
the U.S., Europe and Asia.
For the BCMP vendor-hosted/SaaS delivery model, MetricStream offers a 99.999% service-level
guarantee. Data center operations are located on three separate continents: the U.S., India and
EMEA.
In terms of specific product features, the customization capability is the strongest of all vendors
in this research. Ease of reporting is very good, and ease of use is above average. A very good
and flexible workflow capability is supported by the Process Flow Designer product a Visio-like
interface. A strong track record is in place for both IT operations control management and
regulatory compliance, with the second-highest number (22) of BCM standards/frameworks
supported. Data at rest is encrypted using 256-bit PGP, and 256-bit HTTPS is used to encrypt
data in transit. A native mobile device app is available for plan access in offline mode.
MetricStream has one of the best third-party management capabilities of all the vendors
included in this research, although it is a separately purchased module. Role management and
access control capabilities are also the best among all vendors in this Magic Quadrant. Single
sign-on is supported. The vendor has added a few interesting features to its offering, such as
virtualization risk management and live situational awareness tracking. The user interface
supports multiple languages through Unicode support.
MetricStream offers a multiyear pricing discount.
Cautions
Strong partnerships with business and technology firms are in place for sales execution, but they
are not focused on BCM, which means that they are not recognized in the marketplace as a
strong BCMP vendor.
For the product version analyzed for this Magic Quadrant, service operations recovery plan
testing frequency was unclear, and application performance and scalability testing was only
performed in response to a customer request. According to the vendor, it has since changed
these cautions as follows: service operations recovery plan, application performance and
scalability are now tested annually and with every new release.
The BIA capability does not automatically calculate RTOs, nor does it show business interruption
impact over a range of time frames. The internally provided EMNS capability has limited
endpoints. There is no C/IM capability; the vendor has indicated that this module is currently
under development.
Comparison pricing is noncompetitive to the median pricing example. The pricing model is based
on the number of users and their type: heavy (e.g., product administrators), medium (e.g., plan
administrators) and light (everyone else, including read-only users). There is a setup fee
charged for product implementation.
Return to Top
Modulo
Modulo is headquartered in Atlanta. It is a privately held company with a total employee head count
of 400, including 70 employees focused on the development of the Modulo Risk Manager product and
15 employees dedicated to the BCMP module. The evaluated BCMP product version was the BCM
module of the Modulo Risk Manager software v.8.1; the current version is 8.2. With a BCMP offering
in place since 2006, the reported number of BCMP product customers for this evaluation period was
approximately 50 (all internally hosted in customer data centers). The key vertical markets supported
include energy, financial services, federal and state government agencies, transportation, and utilities.
The product is offered via SaaS/hosted and on-premises delivery models. The product architecture is
based on Microsoft Windows Server 2008, Microsoft .NET Framework 64 and Microsoft SQL Server
2008.
Strengths
The BCMP capability is integrated with the vendor's enterprise and IT GRC management platform
for broader integration into the operational/enterprise risk management process.
competition, as well as vendor certifications in ISO 20000 and ISO 27000.
Customer service, sales and support engineers are located in the U.S., U.K., Brazil and India.
Modulo has a highly experienced consulting and professional services team.
The vendor has a strong reseller network with over 70 companies reselling the Risk Manager and
BCMP modules.
For the BCMP vendor-hosted/SaaS delivery model, Modulo offers a 99.9999% service-level
guarantee with data centers located in the U.S. (production and recovery) as well as Brazil. A
strong track record is in place for both IT operations control management. A large test and QA
management team (of 20) is in place.
In terms of specific product features, there is a very flexible user interface, although it has the
most technical feel of all the BCMP products. There is a very good ease of reporting capability,
including an SQL query to create any dashboard report. There is strong standards/frameworks
compliance tracking support with alignment to key BCM standards/frameworks. Google Maps is
used to view the impact of natural events (such as weather) on asset availability. There is good
workflow and risk assessment capability. Graphics support is excellent throughout the product,
including graphical plan dependency mapping support. Data at rest is encrypted using AES-256.
Data in transit is encrypted using IIS-level certified HTTPS, which supports SSL v.3.0. There are
very good role management and access control capabilities. Single sign-on is supported. The
user interface supports English, Portuguese and Spanish.
Comparison pricing is competitive, coming in slightly under the median pricing example. The
vendor offers a multiyear pricing discount.
Cautions
The areas in which Modulo can improve, from a customer reference point of view, are
features/functions and maintenance/upgrades.
The SaaS-based delivery model was a new offering at the time of this evaluation; therefore,
customers who have implemented the BCMP capability in SaaS were not included.
Ease of customization needs improvement, as customers are not able to change terminology to
their terms and there is limited ability to change the look and feel of the product to meet the
customers' branding requirements. Plan components are fixed and are not easily modifiable by
customers. There are limited built-in EMNS and C/IM capabilities. Exercise management
capability is available, but only through configuration through workflow. BIA capability does not
automatically calculate RTOs, nor does it easily support modifications to facilitate time-based
impact assessments; instead, a separate BIA must be initiated and populated. There is no native
mobile device app for plan access.
Because Modulo's focus is GRC, pricing is based on the number of IT assets being managed by
the Risk Manager module, which is a nonintuitive approach for BCM professionals. The BCM
module is not sold separately from the Risk Manager module and is 20% of the base Risk
Manager cost. The vendor charges a setup fee for product implementation.
Return to Top
Phoenix
Phoenix is headquartered in Northampton, U.K., and is listed in the FTSE. The employee head count
dedicated to the BCMP product is 102. The evaluated BCMP product version was 4.2; the current
version is 4.2.4. With a BCMP offering in place since 2003, the reported number of BCMP product
customers for this evaluation period was 75. Phoenix does not manage its business by industry
vertical; rather, it does so by region and, therefore, we have no key industry verticals to list for the
vendor. The product is offered using the vendor-hosted delivery model. The product architecture is
based on the CentOS, vSphere infrastructure, JBoss Middleware, MySQL database and the
JasperReports engine; client access is via a Web browser (PC, Mac or tablet) or mobile app
(BlackBerry/RIM platform). Note: Phoenix did not provide information regarding its typical
deployments.
Strengths
Phoenix has a high-quality professional services delivery capability.
guarantee. A staffed 24/7 operations center continuously monitors applications and systems
alarms. Operations data centers are distributed across four separate geographical locations: the
U.K. Aston (production), the U.K. Farnborough (recovery) Phoenix (the majority of
Shadow-Planner clients are hosted in Phoenix's own U.K. data centers), and, for clients who wish
to host their data outside the UK, Switzerland Geneva (production and recovery) and the
U.S. New York City. Recovery tests are conducted on a daily basis.
In terms of specific product features, the opening screen is a dashboard of BCM program
management. The user interface is very clean. The product has very strong ease of
configuration, with drag-and-drop capability on most administrative features. Ease of reporting
is very good. EMNS support is through top-tier EMNS vendors. Supplier/vendor management,
workforce scheduling over time and recovery seat planning capability is available. Workflow can
be built using multiple steps and can automatically populate the calendar of tasks to complete in
the workflow process. Out-of-the-box BCM standards/frameworks alignment is to BS 25999
Parts 1 and 2. There is good risk assessment capability, and very good role management and
access control capabilities. Single sign-on is supported. AES-256-bit encryption is used for
encrypting data in transit. The user interface supports English, French, German, Spanish, Italian
and Japanese.
Comparison pricing was on target with the median pricing example. The pricing model is based
on employee head count. The vendor offers a multiyear discount, as well as nonprofit and SMB
pricing.
Cautions
Customer call centers, support engineers and sales are in the U.K. only.
The area in which Phoenix can improve, from a customer reference point of view, is in the time
and effort it takes to bring the product into production.
Partnerships for sales execution are nonexistent. Phoenix needs to pick up a large business
consulting firm to make inroads into the larger enterprise risk management area.
Specific product features: native mobile device app available only on the BlackBerry. There is no
exercise management, C/IM or compliance management support. BCM standard compliance selfassessment tracking is not available as an "out-of-the-box" feature. Data at rest is not
encrypted.
Return to Top
Quantivate
Quantivate is headquartered in Woodinville, Washington. It is currently a privately held company. The

evaluated BCMP product version was Quantivate Business Continuity December/2012. Quantivate
does not publish version numbers because product updates are continuously made and rolled out to
all customers. The product is offered via the SaaS/hosted delivery model only. The product
architecture is based on Linux, Apache HTTP Server, open-source MySQL and PHP. Note: Quantivate
did not provide answers to a number of questions in the vendor survey, including staffing size and
distribution, revenue numbers by year, region and industry (however, it did provide the percent
change in revenue year over year), the number of customers, pricing, and the number of new
contract signings. The exclusions are the primary reason for its Niche Player placement in the Magic
Quadrant.
Strengths
Quantivate provides an integrated platform for BCM, information security, enterprise risk
management, audit management and third-party management.
Customer references report that the key reasons for choosing this product are its intuitive user
interface, experience with other products from this vendor, and Quantivate's "loss based"
approach to BCM that matched the customer's internal approach.
Operations are managed in Tier 4 private cloud infrastructure data center facilities located in
Chicago and Dallas. Users can get a whole QA environment setup with their cloned data. The
vendor has high-quality customer service support with a very repeatable service implementation
and management process.
In terms of specific product features, the native mobile device app for plan access is very good,
with support for iOS and the Droid with synchronization to the phone for offline usage. The ease
of use and user interface and the ease of reporting are very good. The ease of configuration is
good, with drag-and-drop capability. EMNS capabilities are limited and C/IM capability is built-in.
Quantivate's third-party management capability is excellent, although it is a separately
purchased module. The BIA capability can report on RTO gaps in a very graphical and intuitive
way. The product provides conversion support for a wide variety of different plan formats. There
is custom help text online for every field. There is very good graphics support (e.g., heat maps
on risk assessment) and a graphical view of plan procedures. Data at rest is encrypted using
256-bit AES. Data in transit is encrypted using multiple SSL and TLS versions. Quantivate has
built an automated capability to import recovery plans and data from other BCMP products.
Recovery plans can be printed in more than PDF format.
The vendor offers a multiyear pricing discount.
Cautions
All internal staff for sales, customer call centers and support engineers are U.S.-based only.
The areas in which Quantivate can improve, from a customer reference point of view, are
training and maintenance and upgrades.
Reseller and system integration partnerships are very limited, which impacts the vendor's
market presence and sales performance.
Quantivate supports a 99.9% IT service-level guarantee lower than most vendors in this
Magic Quadrant. IT service operations recovery plans are only tested once per year. IT service
incident management procedures are not well-defined. Operations failover is managed manually.
There is limited support for modifying the look and feel of the product to align with customers'
branding requirements. There is a minimal BCM standards/frameworks self-assessment
compliance tracking capability. Workflow is limited to two steps based on date. Roles and access
management is not as robust as the other vendors in this research, and single sign-on is not
supported. The user interface supports English only.
Comparison pricing was not able to be calculated because Quantivate provided no pricing
information. Pricing is not typically based on the number of users. Rather, the vendor uses a
pricing model based on the industry of the customer. For example, banks and credit unions are
charged by asset size, mortgage companies by outstanding loans, insurance companies by
assets under management, and for some other industries, by the number of plans they want to
produce.
Return to Top
RecoveryPlanner
RecoveryPlanner is headquartered in Trumbull, Connecticut. It is a privately held company with an
employee head count of 28 that is dedicated to the BCMP product. The BCMP product version
evaluated for this Magic Quadrant is RPX Enterprise, RPX Bank and RPX Credit Union Editions r.21.91;
the current version is r.22.95. With a BCMP offering in place since 2001, the reported number of
BCMP product customers for this evaluation period was 200. The key vertical markets supported for
their BCMP offerings are financial services, insurance, higher education, and professional, scientific
and technical services (not including IT). The product is offered using the following delivery models:
SaaS/vendor-hosted, customer-hosted or a hybrid of these. The product architecture is based on
Linux and Java.
Strengths
Customer call center staff are in the U.S., U.K., Brazil, the Dominican Republic and Bulgaria.
Sales staff are in the U.S., U.K. and Brazil. Support engineers are in the U.S., U.K., Brazil and
Argentina.
A strong reseller partner program provides RecoveryPlanner with global, enterprisewide BCMP
deployments.
IT service availability is 99.99%. Data center operations are separately located in two countries
(the U.S. and Canada) and spread between two data centers in each country two in the U.S.
(Chicago and Denver) and two in Canada (Toronto and Vancouver), and support automatic
cutover. Failover processes have been audited and certified by several large clients. Customers
can do their own testing and QA with their own production data optionally synchronized to the
staging area prior to production release. Portions of the IT operations recovery plan are tested
on a quarterly basis. Penetration testing is conducted daily by a third party. The vendor has
strong customer service.
In terms of specific product features, there is very good ease of reporting and ease of use/user
interface. The product has built-in support for C/IM. Support for Gantt charts to visually display
recovery procedures is a key product differentiator. Sensitive data at rest (plan data, personnel
data, revision history data and customer custom fields), as well as in transit, is encrypted using
AES-256. RecoveryPlanner has specific versions for commercial banks and credit unions. EMNS
capability is supported through partnerships with top-tier EMNS vendors, as well as built-in
email and SMS alerts. Exercise management and third-party management capabilities are
available. The user interface supports English, Spanish, Portuguese and French. RPX has a very
good BCM standard self-assessment compliance tracking capability. Recovery plans can be
printed in multiple formats. Single sign-on support is through SAML2. RecoveryPlanner has built
an automated capability to import recovery plans and data from other BCMP products.
Comparison pricing is competitive, coming in at approximately 25% less than the median pricing
example. Pricing complexity is medium to low, with the pricing model based on head count or
asset size or BCM program complexity with a determination of the expected use levels of the
product. The vendor offers a multiyear discount as well as nonprofit and SMB pricing options.
Cautions
Security audit testing of IT service operations by a third party is performed once per year.
Native mobile device support for plan access is not available. Workflow capability could be
improved it needs to be standardized across all BCMP product functions. The risk assessment
capability does not show risk impacts over a range of time frames, but the customer can
configure and report on risk impact in the risk survey.
A setup fee is charged for product implementation, and includes training and assistance with
data migration.
Return to Top
Rentsys Recovery Services-EverGreen

Rentsys Recovery Services-EverGreen is headquartered in College Station, Texas. At the time of
evaluation, EverGreen Data Continuity was a privately held company, with an employee head count of
13 dedicated to the BCMP product. On 16 July 2013, Rentsys announced the acquisition of EverGreen.
The BCMP product version evaluated for this Magic Quadrant was Mitigator 9.0.0; the current version
is 9.0.1. With a BCMP offering in place since 2003, the reported number of BCMP product customers
for this evaluation period was 259. The key markets supported are financial services, including
insurance; K-12; higher education, healthcare and federal government agencies. The product is
offered using the following delivery models: SaaS/hosted, on-premises and hybrid. The product
architecture is based on Microsoft .NET and SQL Server (either 2005 or 2008).
Strengths
Rentsys-EverGreen has a strong focus on product quality and offers a guarantee to fix recovery
plans if the customer fails an audit after using the product a unique offering in the market.
Support engineers are in the U.S. and EMEA.
Customer references report that the key reasons for choosing this product are its cost versus the
competition, ease of use, and the ease of managing and maintaining it.
Partnerships are very good and international, but the vendor needs to pick up a large business
consulting firm to make inroads into the larger enterprise risk management area.
For the BCMP vendor-hosted/SaaS delivery model, Rentsys-EverGreen offers a 99.9999%
service-level guarantee, with data centers in the U.S. and Canada. The vendor quotes a
guaranteed product operations one-hour maximum recovery time. Well-defined operations
failover procedures are defined between service provider facilities. QA and preproduction
turnover test processes are well-defined and rigorously managed.
In terms of specific product features, the product comes with preloaded content for risk
assessments through recovery planning tasks. There is strong, integrated IT DRM support.
Exercise management is supported. The product has a very broad and complete set of training
services available to customers, such as online user guides and tutorial videos. The C/IM
capability is very good. There is a strong workflow capability. BCM standards self-assessment
compliance tracking support is through reports called survey summaries, which track percent
compliance to industry best practices. There is above-average risk assessment and BIA
capabilities are based on National Institute of Standards and Technology (NIST) best practices.
There is a solid financial analysis capability, although it is rarely used by customers because the
data needed to perform such an analysis is often not readily available to the customer. The
product has good graphical capabilities. Standard 256-bit HTTPS is used to encrypt data in
transit. Single sign-on support for Shibboleth and LDAP is available. The user interface supports
only English and Italian.
Comparison pricing is very competitive, coming in at approximately half of the median pricing
example. The pricing model is based on employee head count. The vendor offers a multiyear
discount, as well as SMB and nonprofit pricing options.
Cautions
Customer support personnel are in the U.S. only.
There is limited mobile device capability for plan access. Ease of reporting and customization are
the most limited of all the vendors in this research; customers cannot change any report or
easily customize the product, and must go back to the vendor to do so, or export the data to
Excel for report manipulation. Data is not encrypted at rest. The user interface should be
modified for a more modern look. Customers cannot construct their own business impact time
frames, although the vendor notes that it provides the most standard ones. The product does
not support the concept of third parties they are considered contacts only. The role and
access controls provided by the product cannot be modified by the customer.

Return to Top
Strategic BCP
Strategic BCP is headquartered in Plymouth Meeting, Pennsylvania. A privately held company, it has
an employee head count of 15 dedicated to the BCMP product. The BCMP product version evaluated
for this Magic Quadrant was ResilienceONE v.6.0; the current version is 6.1. With a BCMP offering in
place since February 2004, the reported number of BCMP product customers for this evaluation period
was 137. The key vertical markets supported for the vendor's BCMP offering are financial services,
including insurance; higher education and healthcare. The product is offered using the following
delivery models: hosted/SaaS, on-premises and hybrid. The product uses an n-tier architecture and is
written in .NET (C#). Note: Revenue numbers were not provided, but percent change year over year
was provided.
Strengths
Strategic BCP is known for its BCP Genome offering, a built-in component of ResilienceONE that
ensures a strong compliance tracking capability to over 20 BCM-related standards and
frameworks, and allows customers to map their BCM program and BCMP components to them.
The vendor also uses a business process modeling method when developing recovery plans a
unique approach.
competition.
Strong partnerships with top consulting firms provide higher market presence and sales
performance.
An IT service availability level of 99.999% is supported. With Tier 4 data centers in Dallas
(production) and Virginia (recovery), IT service operations can be automatically failed over from
the primary to the secondary site. A separate user acceptance test URL is configured to enable
customers to test any new code prior to going into production. Strategic BCP has strong
customer service, with an online enhancement submission product that customers can use to
submit product enhancement suggestions. Clients have the option to audit internal BCMP
operations as part of the operations SLA.
In terms of specific product features, the offering has the best ease of reporting capability
every field in the database has been mapped to the vendor's internal reporting product, and can
be dragged and dropped to build custom reports on the fly. There is very good ease of use and a
good user interface. There is a strong customization capability, with drag-and-drop support.
EMNS capability is provided through top-tier EMNS vendors. There is a very good built-in C/IM
capability included in the base price. Exercise management is provided through the C/IM
module. There is good third-party management capability and good workflow capability. The risk
assessment capability is also good. There is very good BIA capability, including the automatic
calculation of RTOs. Role and access control management are very good. Data at rest is
encrypted with either 3DES (an obsolete algorithm) or AES 256 (preferred). Single sign-on is
supported. Recovery plans can be printed in more than PDF format.
Comparison pricing is competitive coming in at approximately 25% less than the median
pricing example. The vendor offers nonprofit and SMB pricing options.
Cautions
There is no native mobile device app support. Data in transit is encrypted using a weak
algorithm (128-bit SSL). The user interface is in English only.
Return to Top
SunGard Availability Services

SunGard Availability Services is headquartered in Wayne, Pennsylvania, with its Continuity
Management Solution (CMS) division headquartered in King of Prussia, Pennsylvania. A privately held
company, it has an overall employee head count of over 3,000, with approximately 200 dedicated to
the CMS software. The BCMP product version evaluated for this Magic Quadrant was LDRPS v.10.8,
BIA Professional v.10.8, Risk Assessment v.10.8 and modules of CMS. The current BCMP product
version is 10.8. With a BCMP offering in place since 1988, the reported number of BCMP product
customers for this evaluation period was 2,051. The key markets supported are business/consumer
services, energy, financial services, government (state, local and regional), healthcare, and insurance.
The product is offered in hosted/SaaS and on-premises delivery models. The product architecture is
based on Microsoft .NET. Note: Revenue numbers were not provided. Also, SunGard is actively
addressing customer complaints about LDRPS (including v.10, which some customers have had a hard
time migrating to) and the expanded CMS software suite by completely redesigning the product
(called Assurance) from the ground up, including the core platform, database, user interface and
other components, under the direction of a new product design team. The new solution, not evaluated
for this Magic Quadrant, was announced in March 2013 and was made generally available on 31 May
2013.
Strengths
LDRPS has the largest product installed base and strong brand recognition, with very wellestablished customer/user forums. Because of its data center hosting business, SunGard has
extensive experience in managing complex data center operations.
Customer call centers are located in the U.S., U.K. and India, with support engineers available
for global customer support 24/7. Call center, support engineers and other support personnel
are required to have BCM professional certification.
Customer references report that a key reason for choosing this product is the functionality
provided.
The product is hosted in five geographically separate locations in Tier 4 data centers:
Philadelphia, Atlanta, and Aurora, Colorado, in the U.S., and two data centers in the U.K. for
customers wanting to host outside of the U.S. IT service operations recovery plans are internally
tested once per quarter. A fully hosted UAT environment for testing and training is provided.
Maintaining a database in a separate software staging environment enables customers to
perform internal training or testing without impacting their production databases. SSAE 16 Type
II certification for IT service operations has been obtained.
In terms of specific product features, the new CMS framework has made the product more userfriendly and allows enhanced security features, such as single sign-on using the SAML standard.
Built-in EMNS is provided through the vendor's NotiFind product (powered by Varolii).
Supplier/vendor management is available through a separate module. C/IM capability is
available through the built-in Incident Manager product (powered by WebEOC). AES-256 is used
to encrypt data at rest. SSL v.3 is used to encrypt data in transit. SunGard has product versions
for credit unions and healthcare organizations. Recovery plans can be printed in more than PDF
format. The user interface supports Portuguese, French, English, Japanese, Spanish and Polish.
Comparison pricing was on target with the median pricing example. The pricing model is based
on the number of concurrent users. The vendor offers multiyear pricing discounts, as well as
nonprofit and SMB pricing options.
Cautions
Some customer references report that the product is too expensive, too complex, not easy to
use and too modular (not integrated as an entire BCMP product deliverable). The areas in which
SunGard can improve, from a customer reference point of view, are pricing, installation and
setup, and maintenance and upgrades. Note: SunGard had the lowest customer reference
overall score of all the vendors in this Magic Quadrant. The vendor often has difficulty winning
current competitive bids because of its prospects' assessment of complexity and price
competitiveness for LDRPS. The perceived lock-in of the LDRPS BCM methodology and lack of
flexible workflow is a recurring customer concern. Currently, all deviations require customization
(through configuration) of the product, which further locks users into the product.
For the BCMP vendor-hosted/SaaS delivery model, SunGard offers 99.9% (hosted) and 99.5%
(SaaS) service-level guarantees, which are low compared with the other vendors in this
research. Recovery plans are not made available in their entirety to customers; portions of these
plans are considered confidential and, therefore, are not released.
No native mobile device app is available for plan access. The ease of use and user interface are
repeatedly mentioned by customers as being lacking, requiring strong IT knowledge to
administer the product and being nonintuitive for end users. Ease of customization is the second
lowest of all vendors included in this Magic Quadrant; drag-and-drop capability is not supported.
Exercise management is provided through a separate module, not through the C/IM module.
BCM standard self-assessment compliance tracking is not available as an out-of-the-box feature,
but the product can be configured to align with many BCM standards. CMS does not have an
internal reporting engine; it requires the use of SAP Crystal Reports. To use the survey capability
for BIAs, users must buy the BIA Professional module (what SunGard calls BIA Lite is included in
the core LDRPS product). There is no risk register, but risk views can be created via reporting.
Return to Top
Virtual
Virtual is headquartered in Budd Lake, New Jersey. A privately held company, it has an employee
head count of 28 dedicated to the BCMP product. The BCMP product version evaluated for this Magic
Quadrant was Sustainable Planner v.2.6; the current version is 2.8. The vendor reports that version
3.0 is scheduled for 3Q13 release. With a BCMP offering in place since April 2005, the reported
number of BCMP product customers for this evaluation period was 35. The key markets supported are
healthcare, insurance, government and financial services. The product is offered using the following
delivery models: hosted/SaaS, on-premises and hybrid. The product architecture is based on
Microsoft ASP.NET and Visual Basic .NET, and an SQL Server or Oracle Database. Note: Virtual uses
the term "templates" to refer to configuring Sustainable Planner for specific purposes (e.g., incident
management, IT DRM, business recovery and other operational risk management capabilities), rather
than just a form or report template.
Strengths
Virtual is very strong in understanding the BCM requirements of its key target industry sectors
of healthcare, insurance and financial services, as well as in its overall BCM consulting practice.
The vendor is also making headway into government, retail, research and academic BCM
programs. In addition, Virtual is the creator of the Business Continuity Maturity Model (BCMM).
Customer references report that a key reason for choosing this product is Virtual's Completeness
of Vision and ease of configuration.
Sales partnerships are many and across multiple geographies, with stronger support in Latin
America.
guarantee. Operations failover is fully automated. Recovery test results are audited by a third
party.
In terms of specific product features, ease of customization is high, with templates created to
support unique requirements, such as alternate work site resource reservation and
management. There is good BIA capability. Data in transit is encrypted using SSL v.3. EMNS
capability is through top-tier EMNS vendors. The user interface supports French, Spanish,
Portuguese, Italian and German. The multiple templates provided in Sustainable Planner align
with NFPA 1600 2013 Edition, ASIS SPC.1-2009 and ISO 22301. The Sustainable Planner
product includes two BCMM assessment templates supporting BCMP program metrics, including
standards compliance.
Comparison pricing is on target with the median pricing example. The vendor's pricing model is
based on the number of named users those requiring a user ID and password. Virtual offers a
multiyear pricing discount, as well as SMB and nonprofit pricing options.
Cautions
The user interface is old looking; the vendor reports that version 3.0 has a new look and feel.
The product does not support drag and drop. The product does not have an internal reporting
engine; it requires the use of Crystal Reports. Data at rest is not encrypted. There is no native
mobile device app for plan access. There is a very limited BCM standard self-assessment
compliance tracking capability. A few of the navigation elements (e.g., Previous Page and Next
Page) of the user interface are hard-coded and cannot be changed into local language.
Reports are only in PDF format, although data can be exported to Excel, Word and RTF files for
manipulation. Workflow needs improvement and automatic notifications for user action-taking.
Return to Top
Vendors Added and Dropped

We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets
change. As a result of these adjustments, the mix of vendors in any Magic Quadrant or MarketScope
may change over time. A vendor appearing in a Magic Quadrant or MarketScope one year and not the
next does not necessarily indicate that we have changed our opinion of that vendor. This may be a
reflection of a change in the market and, therefore, changed evaluation criteria, or a change of focus
by a vendor.
Return to Top
Added
Not applicable this is the first Magic Quadrant for this market.
Return to Top
Dropped
Not applicable this is the first Magic Quadrant for this market.
Return to Top
Inclusion and Exclusion Criteria

Inclusion in the 2013 BCMP Magic Quadrant was based on the following criteria:
The product met the Gartner definition of a BCMP product (see "Hype Cycle for Business
Continuity Management and Disaster Recovery Management, 2012").
Products must have been generally available as of 31 December 2012.
Products must be deployed in at least 10 customer production environments (preferably one
from North America, one from EMEA and one from the Asia/Pacific region)
Each vendor had to supply at least five references available to contact.
Value-added resellers and product distributors are not included.
Exclusion was based on the following criterion:
The vendor's BCMP product was developed and used primarily for small businesses.
Return to Top
Evaluation Criteria
Ability to Execute
Ability to Execute is ranked according to a vendor's ability to provide a BCMP product to the market
that meets customer feature/function capability requirements, as well as the vendor's ability to
deliver and service the product with a high level of service guarantee and customer support.
Product/Service compares the completeness and appropriateness of core BCMP technology
capability as well as service delivery operations, except those noted in the Offering/Product Strategy
evaluation criterion category. We weighted this category High.
Overall Viability considers the vendors' demonstrated commitment in the market regarding staffing
changes except for sales, company ownership and revenue growth between 2010 and 2012, as
compared with the rest of the market using a median three-year revenue growth percentage of
17.5%.
Sales Execution/Pricing compares the depth, breadth and strength of a vendor's sales channels,
including direct and indirect geographic distribution channels, the change in sales and marketing
staffing, current sales comparison for the percentage of prospects evaluating its BCMP product, the
typical size of its customers, new contract signings, the deep and breadth of its sales channels, the
largest and most complex customer implementation, the average revenue percentage for vertical
industry coverage, and pricing, including the percent change in the vendor's deal size, its overall
pricing complexity and a product pricing comparison.
Customer Experience is a combined rating of service-level agreement guarantees, the vendor's

support and service process, the preparedness and completeness of the vendor in delivering the
Magic Quadrant demo to Gartner analysts (a vendor's execution with Gartner is a direct reflection of
its execution with customers), and customer reference feedback directly from the vendor and Gartner
customers.
Table 1. Ability to Execute Evaluation

Criteria
Criteria
Weighting
Product/Service
High
Overall Viability
Standard
Sales Execution/Pricing
Standard
Market Responsiveness/Record
No Rating
Marketing Execution
No Rating
Customer Experience
Standard
Operations
No Rating

Return to Top
Completeness of Vision
Completeness of Vision is ranked according to a vendor's ability to show a commitment to BCMP
technology developments in anticipation of user wants and needs that turn out to be on target with
the market, as well as the ability to show integration into the broader BCM, EMNS and C/IM markets.
Market Understanding is ranked through observation of the degree to which a vendor's products,
road maps and missions anticipate leading-edge thinking about buyers' wants and needs. Included in
this criterion are how the vendor supports specific industry verticals, how buyers' wants and needs
are assessed and then brought to market in a production ready offering, and the vendor's competitive
assessment of its own product in the market.
Sales Strategy examines the vendor's strategy for selling products, including the role within the
customer organization it typically sells to and its partnerships within the BCM marketplace, as well as
in complementary markets.
Offering (Product) Strategy is ranked through an examination of the product road map,
investment back into the vendor's operations, product deployment support and the software
development model. Also included in this criterion are an innovation score and the three features
Gartner recognizes as those that BCMP product prospects and customers are seeking: the ease of
customization of the product, the ease of use via the user interface and the ease of reporting. We
weighted this category High.
Geographic Strategy examines the vendor's strategy to direct resources for customer service and
support engineers to meet the specific needs of geographies outside the home or native geography,
either directly or through partners. In addition, data center geographic distribution was considered in
this evaluation criterion.
Table 2. Completeness of Vision

Evaluation Criteria
Evaluation Criteria
Weighting
Market Understanding
Standard
Marketing Strategy
No Rating
Sales Strategy
Standard
Offering (Product) Strategy
High
Business Model
No Rating
Vertical/Industry Strategy
No Rating
Innovation
No Rating
Geographic Strategy
Standard

Return to Top
Quadrant Descriptions
Leaders
Leaders have products that work well for Gartner clients in midsize and large deployments. They
excel in the combination of market understanding, product features and functions, and overall
viability as a firm. Their BCMP products may be well-known to clients and frequently found on RFP
shortlists, and have a presence at tradeshows. Leaders publish market-related white papers, conduct
webinars and maintain high-quality information channels with their customers, etc.
Return to Top
Challengers
Challengers have competitive visibility and execution success better developed than Niche Players.
Challengers offer all the core features of BCMP, but typically their vision, road maps and/or product
delivery is narrower than that of Leaders. Challengers may have difficulty communicating or
delivering their vision in a competitive way outside of their core industry sectors.
Return to Top
Visionaries
Visionaries make investments in broad functionality and platform support, but their competitive clout,
visibility and market share don't reach the level of Leaders. Visionaries make planning choices that
will meet future buyer demands, and they assume some risk in the bargain because ROI timing may
not be certain. Vendors that pursue visionary activities will not be fully credited as Visionaries if their
actions are not generating noticeable competitive clout, and are not influencing other vendors.
Return to Top
Niche Players
A Niche Player ranking is assigned when the product is not widely visible in competition, and when it
is judged to be relatively narrow or specialized in breadth of functions and platforms or, for other
reasons, the vendor's ability to communicate vision and features does not meet Gartner's prevailing
view of competitive trends. BCMP Niche Players include stable, reliable and long-term players. Some
Niche Players work from close, long-term relationships with their buyers, in which customer feedback
sets the primary agenda for new features and enhancements. This approach can generate a high
degree of customer satisfaction, but also results in a narrower focus in the market (which would be
expected of a Visionary). Also, a Niche Player can be one that did not provide answers to all the
questions asked in our vendor survey.
Return to Top
Context
In addition to a financial statement or strategic plan, a recovery plan is an organizational document
that is most likely to result in lost revenue, damaged reputation or worse if it is not current or is
unavailable (or nonexistent) at the time of a business disruption. And, like all organizational policies
and procedures, the best recovery plan can rapidly become obsolete. Therefore, organizations must
consider the recovery plan a living document that needs a continuous review and update process:
At a minimum, annually for a cyclical program management best-practice review
When there are major business or IT changes such as operational risk profile shifts, or business
or IT process re-engineering
When industry regulations change, requiring tightened focus on response and recovery
capabilities
When recovery plan exercise results or actual business disruptions show a gap in recovery
capability versus current recovery expectations
Many organizations look to automation to help them develop and maintain up-to-date recovery plans.
There are two views of what such automation should provide.
Some organizations want only a document management system that helps them manage their
complex web of recovery plans. They are typically firms without a strong commitment to BCM
program management, those that have developed their own highly customized BCM practices
and think that BCM-specific automation cannot help them, or those that don't have the
resources to manage a specialized tool for BCM purposes. These firms use office automation
products (such as word processing, spreadsheets and flowcharts) and turn to a document
repository approach such as SharePoint to store their recovery plans.
Other organizations want an automation tool to manage the BCM program for the entire
enterprise, as well as its parts, in a dynamic manner that allows for effective recovery plan
creation and management as well as for in-depth BCM program data analysis. These firms will
have a strong commitment to BCM, often due to regulatory compliance or an enterprise focus on
risk management. It is this kind of organization that looks to implement a BCMP product.
At its most basic level of implementation, a BCMP product can reduce the very real risk of out-of-date
recovery plans by enforcing a regular update procedure. BCMP products can also benefit organizations
that need to document and manage a comprehensive view of their response, recovery and restoration
preparedness policies, expectations, capabilities, and procedures. Most well-managed BCM programs
capture a lot of rich data about the organization and its recovery capabilities, but coordinating,
analyzing and managing large amounts of availability information is almost impossible to do without
automation. These BCM programs want to leverage this information and identify gaps in recovery
capability; in essence, they want to make meaning of the data that they have so painstakingly
obtained.
BCMP products can also help to mature the BCM program faster (see "ITScore for Business Continuity
Management, 2013," "ITScore for Business Continuity Management: Results Through January 2012
Show Midlevel BCM Program Maturity" and "Learn From the Experiences of Mature IT-DRM Leaders").
Gartner predicts that, by 2015, 80% of organizations at a Level 4 maturity level for their BCM
program will be using BCMP products to help them perform recovery plan and exercise management
as well as to analyze and manage BCM program metrics.
BCMP capabilities are offered from two types of vendors, both included in this Magic Quadrant
research:
Pure-play vendors that have been in the BCM market for some time, typically as BCM
consultants, who developed a product for such purposes and then decided to turn it into a direct
offering with development, implementation and sales support
GRC vendors with customers that take an operational or enterprise view of their organizations'
risks.
Return to Top
Market Overview
Methodology
In the first edition of the BCMP Magic Quadrant, 24 vendors were contacted, including those surveyed
in "MarketScope for Business Continuity Management Planning Software" (Note: This document has
been archived; some of its content may not reflect current conditions.). After reviewing our inclusion
criteria, 18 vendors were selected to be ranked. We used the following vendor rating approach.
Vendors were evaluated on the basis that they were responding to an RFP, and were ranked on their
ability to document and qualify their strengths and features. It is important to remember that the
Magic Quadrant does not solely rate product quality or capabilities and features. A Magic Quadrant is
not just about a vendor's product; it is also a scenario chart that maps a vendor's overall position in a
specific market. While the product portfolio is an important part of the rating, the vendor's ability to
acquire customers and expand its presence in the market is also important, as is its ability to grow
product and service revenue. A vendor that offers a strong, technically elegant product, but is unable
or unwilling to invest in marketing and sales to increase revenue and improve profitability, will find
itself unable to invest in future development.1
Vendors that did not provide responses to critical questions were ranked, wherever possible, from
other sources of information supplemental public information sources, public records of projects
and clients, and the opinions and experiences of the Gartner analyst community. In the detailed
vendor comments, we highlight the major evaluation criteria for which the vendor did not provide a
response. For those vendors that did not provide responses due to their judgment that the
information is proprietary to them, we scored them lower on those questions.
In addition to the vendor survey, in-depth vendor briefings regarding product, portfolio, strategy and
messaging were conducted with each vendor.
Customer reference comments were taken from the 62 completed surveys we sent to the customer
references provided by the vendors themselves. In addition to the customer reference comments
from the Magic Quadrant analysis, placement on the Magic Quadrant is influenced by the hundreds of
conversations conducted annually with Gartner clients on the topic of BCMP.2
The vendor strengths and weaknesses noted in this Magic Quadrant cover those evaluation criteria
where the vendor is above or below average. We did not provide commentary on every evaluation
criteria nor for those where the vendor's capability did not stand out from the others; where no
commentary is provided, prospects and customers should assume the capability is adequate for most
organizations' needs.
The key markets reported in the vendor introduction are those where the vendor reported 5% or
more of revenue coming from that industry. Each vendor markets and sells into more industries than
reported in this section.
Our review was for the BCMP business only. Therefore, a vendor that is in multiple BCM software
markets (EMNS, C/IM and BCMP) might have a better overall company rating when taking all
products into account versus what has been provided for just the BCMP portion of their business.
Gartner considers external partnerships to be very important for increasing market presence and
sales performance. Partnerships with first tier and second-tier consulting firms are some of the best
partnerships to have, as they take an enterprise approach to risk management and can leverage
BCMP products into their engagements. Industry-specific partners are also excellent if the vendor is
focusing on specific industries. BCMP vendors that sell only through their own channels consulting,
IT services, etc. were given lower scores.
As more organizations adopt BCMP products, vendors need to consider their geographic footprint for
functions such as sales, customer call centers, support engineers and data center operations
(geographic distribution of data centers is also important for resilience and privacy concerns). They
also need to consider that users of the product will need to have the product displayed in their native
language. We gave higher scores to vendors that had: (1) data centers in multiple locations, with a
bonus for cross-coastal and cross-continent centers; (2) multilingual support of their user interface;
and (3) sales, customer call center and support engineers located in multiple countries. We assessed
this category for internal staff and external partners.
Return to Top
Key Findings From the 2013 BCMP Magic Quadrant Analysis

The BCMP product is a specific and detailed set of functionality that needs to manage complex
business and BCM processes within all types, sectors and sizes of organizations (see "Toolkit:
Business Continuity Management Planning Software RFP Template, 2012"). After listening to our
clients on inquiry calls and reviewing the responses to the questions in the Magic Quadrant vendor
survey, we recognized that there is no one perfect BCMP product. All BCMP vendors can provide most
of the basic functionality (such as business impact analysis, resource management, dependency
mapping, custom fields for customer-specific requirements, some level of custom reports for
customer-specific needs, recovery plans in multiple views and formats, etc.). Small to smaller midsize
organizations will be quite happy with a product that provides basic functionality they typically do
not have a strong need to do a lot of customization to the product to accommodate organizationspecific BCM processes. However, larger midsize to large organizations tend to need more
customization to the product to accommodate complex business processes as well as alignment to
their current BCM program processes the latter point being the major barrier to most organizations
finding a BCMP product that is a close to perfect fit (and the reason why some organizations will
continue to use office automation products or develop their own internal products and deal with the
consequences of out-of-date plans, BIAs, risk assessments, dependency maps, etc.).
Therefore, what became clear in our analysis is that the more important evaluation point was how the
vendors provided the functionality. Based on that, we made the following criteria more important in
the scoring process:
The ease of use in the hands of business users, not IT or BCM professionals only
The ease and extent of customization through configuration (not code changes) by the
customer, not the vendor to your organization's production operations/continuity hierarchy,
branding and terminology. The specific points we considered in this evaluation criteria are:
The ability for the customer to customize the look and feel of the product to align with the
organization's branding, etc.
The extent of the need for vendor support in product configuration
Terminology customization
Drag-and-drop capability for report formatting
The extent of database changes required for changes in the organizational hierarchy (a
subset of the production operations/continuity hierarchy)
The ease of reporting, including modifying report formats provided by the vendor and creating
new report formats
Native mobile device support (smartphone or tablet) for recovery plan access and execution at
the time of a business disruption
We made these criteria more important by (a) moving them to the Offering/Product Strategy
evaluation criterion, as there are product/technology architecture decisions to be made in order to
make these products easier to configure and implement; and (b) giving a higher scoring weight (3
rather than 1) to the Offering/Product Strategy criterion. To balance the product feature/function
analysis, we gave Product/Service a higher scoring weight of 3 as well.
BCMP product pricing is so varied that it is hard to do a detailed pricing comparison between vendors
using the survey pricing model descriptions and examples. We only scored vendors for their SaaS
offerings some offer perpetual software licenses for organizations that want to buy the software
and implement within their own IT infrastructure. Therefore, we scored vendors on their SaaS pricing
in four ways.
Average deal size growth between 2011 and 2012 large growth rates improved the vendor's
pricing scores
Proximity to the median pricing of $48,100 for 50 plan administrators (which characterizes a
large organization) lower than the average improved the vendor's pricing score and higher
than the average reduced the vendor's pricing score
Overall pricing model complexity, which was scored on the following criteria:
Base pricing (unlimited users, employee head count, named users [those requiring a user
ID/password regardless of their role in using the product or the amount of time they use
the product], read-only users, approvers and risk assessment/BIA users rarely use the
product, so their usage is light; product administrators and plan owners tend be heavier
users of the BCMP product) or a pricing model based on specific pricing components, such
as a core system fee, the number of product administrators, plan administrators,
concurrent users, plans, BIAs, sites/locations and others. Overall, the more simple the base
pricing approach, the better the pricing complexity score
Complicating factors (such as additional software licenses for things like Crystal Reports, a
fee for a user that needs to submit help desk tickets, setup or training fees not included in
the subscription fee); we increased the complexity score in these cases
Pricing incentives, such as a multiyear pricing discount, nonprofit pricing and SMB pricing
options, which improved the vendor's pricing score
Based on customer reference feedback to a 23-question questionnaire, the top three reasons why
organizations use a BCMP product are:
Complexity of plan management is growing and plans cannot be managed in a manual mode
any longer: 69%
Internal requirement to mature the BCM program: 55%
New management focus on BCM: 42%
This feedback supports what Gartner has been reporting for a number of years: BCM is becoming a
senior-management-level topic, and the complexity of the business means that recovery plans and
BCM program management are no longer manageable through manual methods.
A very important theme emerged from customer reference feedback the two greatest barriers to
implementing a BCMP product are lack of internal resources and commitment to the process; 52% of
customer references reported this concern.
Based on customer reference feedback, the top four reasons (two are tied at 13.5%) why a vendor's
product was not selected by prospects are:

Too expensive: 23%
Lack of ease of use (end user and admin): 14%
Lack of flexibility/too much customization: 13.5%
Lack of features/functions: 13.5%
Return to Top
2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced
or distributed in any form without Gartners prior written permission. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines for
Gartner Services posted on gartner.com. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all
warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This
publication consists of the opinions of Gartners research organization and should not be construed as statements of fact. The opinions expressed herein are subject to
change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research
should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered
in Gartner research. Gartners Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research
organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see
Guiding Principles on Independence and Objectivity.
About Gartner | Careers | Newsroom | Policies | Site Index | IT Glossary | Contact Gartner

Magic Quadrant For Business Continuity Management Planning Software

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Magic Quadrant For Business Continuity Management Planning Software

Hochgeladen von

Copyright:

Verfügbare Formate

Magic Quadrant for Business Continuity

Management Planning Software

STRATEGIC PLANNING ASSUMPTION

Table 3. Hype Cycle Benefit Rating Four-Point

Enables new ways of

Enables new ways of

vertical applications that

will result in significantly

Figure 1. Magic Quadrant for Business Continuity Management Planning Software

difficult to translate into

Source: Gartner (August 2013)

EVALUATION CRITERIA DEFINITIONS

Source: Gartner (August 2013)

Vendor Strengths and Cautions

Customer Experience: Relationships, products and

differentiation, functionality, methodology and feature

including its own EMC Consulting practice.

Fusion Risk Management

Quantivate is headquartered in Woodinville, Washington. It is currently a privately held company. The

Rentsys Recovery Services-EverGreen

access controls provided by the product cannot be modified by the customer.

SunGard Availability Services

Vendors Added and Dropped

Inclusion and Exclusion Criteria

Customer Experience is a combined rating of service-level agreement guarantees, the vendor's

Table 1. Ability to Execute Evaluation

Source: Gartner (August 2013)

Table 2. Completeness of Vision

Offering (Product) Strategy

Source: Gartner (August 2013)

Key Findings From the 2013 BCMP Magic Quadrant Analysis

product was not selected by prospects are:

Das könnte Ihnen auch gefallen