BCP

Conclusion: Pandemic planning is a strategic approach to business continuity that anticipates and prepares for a widespread outbreak of an infectious disease.

Business continuity planning can have an over-emphasis on short-term technology platforms failing, but as part of business continuity planning consideration needs to be given to the potential risk of an outbreak of a disease that could spread and may not be resolved quickly. The time of risk may go over several months or longer. Some forecasts for the coronavirus speculate it could take 12 to 18 months to come up with a vaccine.

The impact and planning needs to consider both internal and external factors; that is, how the pandemic event may impact employees and the organisation’s ability to keep its business operating. External factors will include the impact of the pandemic event on external service providers, suppliers and customers.

Conclusion: The increased proliferation of critical digital services has resulted in ransomware attacks becoming one of hackers’ means to make money. As a consequence, many organisations have become the victims of such attacks. IT organisations should implement a full recovery strategy to restore IT services in the event of ransomware attacks. The recovery strategy should become an integral part of the disaster recovery plan. This will raise business stakeholders’ trust in the service security and reduce the spread of this type of IT organised crime.

Being prepared: IBRS has created a BCP checklist to help you create and/or update your business continuity plan.

This diagram is to be used in the following ways:

  • A checklist to ensure all BCP steps have been actioned and/or updated as required
  • An easy reminder to update key supporting documents to the BCP to remain current which include:
    • Enterprise risk frameworks
    • Business impact analysis documents
    • Evacuation and lockdown procedures
    • Recovery plans and testing of these plans
    • IT disaster recovery plans
    • Communication plans
    • Regular executive reporting

Conclusion: Australian organisations must have strong disaster recovery plans, be it for natural disasters or man-made disasters. The plans need to deal with the protection and recovery of facilities, IT systems and equipment. It is also critical that the plan deals with the human side of the impact of a disaster on the workforce. What planning needs to be done, what testing will be done, what will happen during a disaster and what needs to be done after a disaster?

This planning can be complex and confronting. Whilst testing the failover of IT systems can be relatively straightforward, testing the effectiveness of the workforce side of a plan will be difficult, and may even disturb employees who may prefer to think “surely it will never happen to us”.

Related Articles:

"ICT disaster recovery plan challenges" IBRS, 2019-08-03 20:43:12

"What are the important elements of a Disaster Recovery Plan?" IBRS, 2016-08-30 01:17:08

Conclusion: Two key supporting artefacts in the creation of pragmatic incident response plans are the incident response action flow chart and the severity assessment table. Take time to develop, verify and test these artefacts and they will be greatly appreciated in aiding an orderly and efficient invoking of the DRP/BCP and restoration activities.

Related Articles:

"ICT disaster recovery plan challenges" IBRS, 2019-08-03 20:43:12

"Pragmatic business continuity planning" IBRS, 2018-08-01 09:12:08

"Testing your business continuity plan" IBRS, 2019-05-31 13:39:29

"Top 10 considerations when running an incident response drill" IBRS, 2018-09-04 13:29:16

"What are the important elements of a Disaster Recovery Plan?" IBRS, 2016-08-30 01:17:08

Conclusion: The adherence to the recently introduced guidelines under ISO:31000 20181 is key to every ICT manager’s responsibilities and leadership remit as they are key in driving and leading the adoption of risk management guidelines across an organisation due to the overarching responsibilities of creating and protecting value. These new risk management guidelines have been deliberately rewritten to be simplified and based around a new reviewed set of principles, framework and processes. Greater emphasis is now placed on leadership to ensure risk management is more integrated and to ensure more actions and controls are in place at critical stages of projects as well as business operations.

Related Articles:

"Risk management – Tips and techniques" IBRS, 2017-10-02 22:35:45

"Testing your business continuity plan" IBRS, 2019-05-31 13:39:29

Conclusion: ICT disaster recovery plans (DRPs) have been in place for many years. Fortunately, invoking these plans is rare, but just like insurance plans, it is wise to ensure the fine print is valid, up to date and tested on a regular basis to minimise restoration of business services reliant on the complex range of IT enablers in place. Adoption of general Cloud services and the ever-changing ICT asset landscape requires careful alignment with the DRP to be ready when the restoration is required.

Conclusion: In times of business disruption, the value of a pragmatic and accessible incident response plan (IRP) will become the main tool in getting the business back to normal operation, and minimising loss of revenue, services and reputation. This holds true during the time of stress when attempting to get back to normal operations. Using the analogy of taking out insurance, insurance is usually highly recommended or great to have, but hopefully rarely required and of little or no use when you need it to find it is out of date and/or incomplete. The same principle applies when you need to activate the IRP to quickly get that critical business function operating to sufficient levels.

Related Articles:

"Pragmatic business continuity planning" IBRS, 2018-08-01 09:12:08

"Testing your business continuity plan" IBRS, 2019-05-31 13:39:29

"Top 10 considerations when running an incident response drill" IBRS, 2018-09-04 13:29:16

"What are the important elements of a Disaster Recovery Plan?" IBRS, 2016-08-30 01:17:08

Conclusion: Regular testing of the business continuity plan (BCP) has many benefits which go beyond ticking the mandatory compliance box to keep audit off the back of executives. Effective testing exercises ensure the BCP has been updated and includes sense-checking the completeness of resources required in the recovery strategies of critical business functions. Running regular BCP exercises also has the benefits of raising the importance of identifying weaknesses, aligning restoration time expectations and ensuring continuous improvement.

Related Articles:

"Pragmatic business continuity planning" IBRS, 2018-08-01 09:12:08

"Top 10 considerations when running an incident response drill" IBRS, 2018-09-04 13:29:16

"What are the important elements of a Disaster Recovery Plan?" IBRS, 2016-08-30 01:17:08

Conclusion: Conducting effective business impact analysis details the business functions and provides further insight into the relative importance of each function and its criticality. The information is then used as the main source to develop business recovery strategies, the priority of restoration and identification of resources to aid in the restoration of business services. However, there are many challenges in performing this critical step in order to be best prepared when those business disruptions do occur.

Related Articles:

"Business continuity planning challenges" IBRS, 2019-03-04 13:41:18

"Pragmatic business continuity planning" IBRS, 2018-08-01 09:12:08

"Top 10 considerations when running an incident response drill" IBRS, 2018-09-04 13:29:16

Conclusion: IT organisations responding to mergers & acquisitions or migrating to multi-sourced environments of Cloud and service contracts should establish service providers governance frameworks that favour federated organisations’ principles. It requires maintaining central consistency (e. g. policymaking) whilst allowing local autonomy in certain areas (e. g. hardware purchases). This will leverage the economy of scale, allow the acquisition of local services and products more efficiently, and permit the introduction of new geographies whenever needed in a consistent manner.

Conclusion: Organisations need to plan to quickly and successfully recover business operations by creating and updating business continuity plans (BCPs) supported by disaster recovery plans (DRPs). However, there are many challenges to overcome in order to keep these plans useful in readiness when business disruption eventuates.

Conclusion: Keeping business continuity plans (BCP) succinct, up to date and easy to read will reap rewards when they are required during a business disruption.

Related Articles:

"Astute Leadership needed in a crisis" IBRS, 2017-01-01 10:35:45

"Investing in Business Resilience Planning - the CIOs hardest sell" IBRS, 2012-08-31 00:00:00

"Running IT-as-a-Service Part 40: Aligning business continuity and IT disaster recovery plans" IBRS, 2018-03-31 06:56:00

Conclusion: Effective risk management, whether it is for a change initiative or for ongoing business operations, will ameliorate harm or at the very least reduce the impact of harm. Leaders must understand risk management, and plan and engage with risks and mitigate the risks as appropriate on an ongoing basis.