Toolkit — BCM Program Foundation | eBRP Suite
Toolkit — program foundation

The architect’s workspace for building and governing your resiliency program.

Toolkit is where BCM programs are designed, structured, and governed. From PPTDFS entity modeling and BIA through risk assessment, plan development, GIS, and 350+ reports — Toolkit is the powerhouse that drives every other module in eBRP Suite.

See Toolkit in action View full suite →
PPTDFS
Entity data model
350+
Customizable reports
GIS
Google Maps native
All
Plan types supported
Core capabilities

Everything your program needs. One structured environment.

Toolkit covers the full program build — from defining your organizational structure through BIA, risk, planning, and reporting. Every capability is connected through the same PPTDFS data model.

Entity modeling & risk assessment

Risk embedded on every entity. Not in a separate register.

The PPTDFS model — People, Premises, Technology, Data, Functions, Suppliers — is the data foundation of the entire suite. Risk assessments live directly on each entity record, creating a live, contextual risk picture that feeds automatically into plans, dashboards, and eRMA intelligence.

  • People · Premises · Technology · Data · Functions · Suppliers catalogued as live entities
  • Risk per entity: Threat → Vulnerability → Impact → Likelihood → Mitigation status (Open / WIP / Closed)
  • IT service dependency mapping: Application → Servers / Databases / Networks / Sites / Vendors
  • Regulatory compliance mandates mapped to Process and Application entities
  • Risk propagates through dependency chain — one high-risk supplier surfaces all affected services
  • Customizable metadata attributes — adapt Toolkit to your organization’s language and hierarchy
PPTDFS entity model — risk & compliance embedded
People — Teams, contacts, skills, availability. Risk: human dependency, key-person exposure
Premises — Facilities, sites, locations. Risk: geographic, physical, access threats
Technology — Applications, servers, DBs, networks. Risk: cyber, availability, vendor
Data — Systems, records, repositories. Risk: integrity, confidentiality, recoverability
Functions — Processes and activities. Risk: single points of failure, regulatory compliance gaps
Suppliers — Vendors, partners. Risk: concentration, contract, geo-political dependency
eBIA — business impact analysis

From survey to approved BIA parameters — automatically.

Toolkit’s eBIA engine transforms the most manual process in BCM into a structured, automated workflow. Configure surveys, publish to the right stakeholders, and let weighted-average computation do the aggregation — so planners focus on decisions, not data entry.

  • Configurable BIA surveys published to role-targeted stakeholders
  • Capture RTO, RPO, criticality tiers, recovery strategies, and seasonal impact ratings
  • Weighted-average computation auto-populates BIA parameters from survey responses
  • Structured approval workflow — reviewed, validated, and signed off before plan development
  • BIA results feed directly into the Process Model — driving plan prioritization and impact dashboards
  • Financial, regulatory, reputational, and operational impact assessments captured per process
eBIA workflow
1. Configure — define survey structure, impact categories, RTO tiers, and weightings for your organization
2. Publish — deliver surveys to targeted stakeholders via MyToDo and unified notification engine
3. Auto-aggregate — weighted-average computation populates BIA parameters from responses
4. Review & approve — structured workflow ensures governance before parameters are finalized
5. Feed downstream — approved BIA auto-populates plans, dashboards, and eRMA intelligence
Plan development & adaptive plans

Executable playbooks for every disruption scenario.

Plans in eBRP are not documents — they are structured, sequenced task playbooks with duration, predecessor dependencies, and responder assignments. And when activated, they adapt. Toolkit lets you create any plan type from a single engine, from templates or from scratch.

  • Any plan type: BC · IT DR · Crisis Management · CISRP · EH&S · Active-shooter · Storm-preparedness · custom
  • Sequenced task playbooks with duration, predecessors, and responder team assignment
  • Adaptive plans — task workflow, assignments, and sequencing modifiable in real time during activation
  • Best-practice templates plus ad-hoc creation — both produce the same executable format
  • Plans directly tied to BIA risk analysis — ensuring real-world relevance, not generic templates
  • Tabletop, functional, and scenario-triggered exercises — all orchestrated from Toolkit with audit logs
Plan types supported
Business continuity plans (BCP) — process, function, and service continuity
IT disaster recovery (DR) — application, data centre, cloud recovery
Crisis management (CM) — incident command, stakeholder communications
CISRP — cybersecurity incident and supply chain response
EH&S / Life safety — active-shooter, storm-preparedness, evacuation
Custom plan types — any organizational requirement using the same plan engine
GIS & geospatial intelligence

Google Maps natively integrated for geospatial situational awareness.

eBRP Suite has Google Maps natively integrated — not as an add-on, but as a core platform capability. Every PPTDFS entity is geo-located and mappable. Draw polygon cordons, overlay storm cones, run what-if scenarios, and visualize cascading impact geographically.

  • PPTDFS assets mapped natively on Google Maps — facilities, people, technology, suppliers
  • KML overlay support — storm cones, hazard zones, critical infrastructure, NOAA/NWS/FEMA feeds
  • Polygon cordon drawing — define geographic impact zones, instantly see all affected assets and services
  • What-if scenario analysis — model multi-asset, multi-vector impact before activation
  • Political and jurisdictional boundary overlays — state, province, country borders for multi-jurisdiction analysis
  • Scenarios activate directly into CommandCentre — no re-keying, no data loss between planning and response
GIS use cases
Storm preparedness — overlay hurricane cone, identify all facilities and staff within impact zone, activate storm plan
Cyber geo-impact — polygon cordon around data centre, surface all dependent processes and services
Supply chain disruption — map all supplier locations, identify geographic concentration risks
Multi-site incidents — view impact across global footprint simultaneously with real-time asset status
Regulatory jurisdictions — overlay political borders for DORA, state, or country-specific compliance mapping
Reports & dashboards

350+ reports. Every phase of the program lifecycle.

Toolkit includes over 350 user-customizable reports output in multiple formats — from BIA outputs and risk posture to plan readiness, exercise history, and compliance evidence. Every report is role-filtered, exportable, and schedulable.

Risk status reports
Open, WIP, and closed mitigations across Sites, People, Processes, and Technology — formatted for CRO and executive review.
BIA completion & gap reports
Real-time BIA completion status across all business units — who has responded, who is overdue, and where the program gaps are.
Plan readiness & completeness
Plan completeness scoring, unassigned responders, missing predecessor tasks, and RTO misalignments vs. current BIA data.
Exercise & test tracking
Exercise coverage by plan type, business unit, and date. Audit-ready logs for regulatory compliance evidence and program maturity assessment.
RTO vs. RTC capability analysis
Recovery Time Objective vs. Recovery Time Capability gap analysis — visualizing exactly where the program meets commitments and where it falls short.
Compliance evidence packaging
eRMA-assisted compliance evidence packages for DORA, ISO 22301, FFIEC, NIST, HIPAA — structured for audit submission and regulatory review.
Enterprise data integration

Connect to your authoritative data sources. Eliminate manual maintenance.

eBRP Suite integrates with enterprise systems of record via scheduled API and ETL/XTL synchronization — keeping PPTDFS entity data current without manual updates.

CMDB integration
Technology entities — applications, servers, databases, networks — synchronized from your authoritative configuration management database. Changes in CMDB reflect in eBRP automatically.
Scheduled API · ETL
HR systems
People entities — team structures, contacts, roles, organizational hierarchy — kept current from your HR system of record. Onboarding and offboarding reflected automatically.
Scheduled API · XTL
Active Directory / SSO
Authentication, organizational structure, and user provisioning via SSO and PKI. The Security Access Manager (SAM) provides fine-grained permissions at entity, workflow, and task level.
SSO · PKI · AD sync
Security & governance

Enterprise-class security built in, not bolted on.

Toolkit enforces institutional-grade security across all workflows — meeting the infosec policies of Federal agencies, financial institutions, and large enterprise procurement requirements.

SSO & PKI authentication
Single Sign-On, PKI certificate-based, and enterprise authentication methods — flexible to meet your infosec policy.
Role-based access (SAM)
The Security Access Manager enforces fine-grained permissions at entity, workflow, and task level across all Toolkit operations.
Encryption & data integrity
Industry-standard encryption protocols and data integrity safeguards applied across all Toolkit workflows and stored data.
Full audit trail
Every action, change, approval, and access event is logged with timestamp — complete audit trail for compliance, governance, and regulatory evidence.

See Toolkit build a live BCM program.

Request a demo and watch Toolkit model a PPTDFS entity structure, run a BIA, and generate a plan — using your industry as the context.

Request a demo View full suite →