As we all know, 2020 has been a rough year that forced us adapt to unprecedented changes rather quickly. One of the biggest changes was businesses having to figure out how to keep their employees safe while still being able to conduct business. Some businesses were forced to reduce its workforce, close for good or were able to adapt using technology. Everywhere you turned businesses were scrambling trying to get a handle on this.
This widespread panic got me to thinking how much easier the process could have been if business conducted Business Continuity Planning on a regular basis. They say its better to be over prepared than under prepared. Maybe that’s why the CISO of my previous job was able to have a beach vacation at the start of this pandemic instead of running around trying to figure out how the business would respond. Learning and reviewing business continuity from him, I decided to explain it’s importance and some of the steps involved.
With clients demanding that businesses have a high up-time, it is importance to be able to bounce back in the event of an interruption. That is where the concept of a Business Continuity Plan (BCP) comes into place. Having a BCP ensures that an organization can continue operation or quickly return to functioning capacity in the event of an interruption or natural disaster. The BCP will outline the steps needed to return business functions as well as the responsibilities for personnel.
Business continuity planning starts with identifying business assets (equipment, people, data, systems, etc.) to determine how critical they are to business functions. This is usually done when an organization conducts a Business Impact Analysis (BIA). The BIA not only identifies the critical assets, it also helps determine the impact it would have on the business if that asset is lost. This is the first step of a BCP because it allows the organization to prioritize their assets for restoration.
Once the BCP is completed it is important to review and test it periodically. As your business grows your critical assets can change. Testing will keep everyone’s memory fresh about the BCP process and let you know what areas need improvement. Once the BCP testing is complete, the results should be reviewed and approved by management such as a CTO and CTO. In my experience is good practice to test your BCP annually. Always keep a copy of your BCP test results available in case clients or an auditing firm asks to see them. It is fine to redact sensitive information like asset names or IP addresses from the BCP test results.
As we can see having a BCP and regularly testing it can be beneficial to any organization. Interruptions to business activities can be difficult to navigate if you don’t have a plan. Hopefully this pandemic has made organization consider implementing a BCP.
Feel free to comment and share your experiences with Business Continuity Planning.
Here are some links to BCP resources:
https://www.investopedia.com/terms/b/business-continuity-planning.asp
