A lot has happened so far in 2020. If you are like most companies, you have quickly deployed a remote workforce. As we pivot into our new normal, we are having a lot of conversations about their Business Continuity Plans (BCP). In many instances, they simply didn’t exist or they need some work. Let’s explore that a bit below.
I’ve spoken with some companies that implemented their existing Business Continuity Plan (BCP) and it went relatively well for them. They had the right policies, procedures, and stake holders in place and things for the most part were rolled out as planned.
Also, in conjunction with their BCP and trusted advisors, they were able to identify critical business processes, implement appropriate security measures, understand the impact of disruption and established realistic recovery objectives to the departments effected most. They had a plan in place, and they rolled it out with minimal disruption, loss of revenue and production.
Unfortunately, for others it was unexpected and ill planned. As a result, it became an arduous task that led to all kinds of Cybersecurity vulnerabilities, confusion, disruption and tremendous loss of revenue and production.
As all the data emerges regarding the impact of such an event comes in, we can start to wrap our heads around how our company performed. It is time for a debrief. We might ask ourselves, did our Business Continuity Plan work? Did we do a good job documenting our successes and our failures? Did it work just like the tabletop exercise/simulation we performed last quarter? Did we even have one?
In my opinion, a lot of great things are going to emerge from this period. I have no doubt we will become more resilient, secure and better prepared in the future.
That being said, let’s us not forget and or put aside these valuable lessons. Every organization should have a Business Continuity Plan (BCP), accompanied by a Disaster Recovery plan (DRP) and Business Impact Analysis (BIA). We must have a solid plan in place to remediate and mitigate these unexpected events, or we are just rolling the dice.
Next Steps:
BCP: Create or review documented, actionable and responsive procedures to keep your company in business and for recovering IT and operations within acceptable time frames.
BIA: Identify critical business systems processes, understand the impact of disruption, and establish realistic recovery objectives.
Recoverable Assessment: An assessment of your recovery controls to identify “gaps” between the business requirements and recovery capabilities.
Recovery Strategy and Selection: Review alternatives and select the solution that best fits your needs.
There is a lot that goes into an effective BCP. So how do you go about protecting your organization against Murphy’s Law and all that could go wrong? Equally as important, do you have a Trusted Advisor/Cyber Security Expert in your corner to help you navigate the myriad of confusing new, latest, greatest, and next Gen solutions offered? Do you have help with the Remote Workforce challenges we are now faced with and solutions to combat the unforeseen? As we well know, it’s not will that happen to us but if/when it does, how well will we be prepared.
Move Forward Action: If you have concerns, questions and are struggling with any of these situations, let’s have a discussion and get your BCP and Cybersecurity plans moving.