Business Continuity

Companies must test their business continuity plans in the wake of storm Emma this month. A recent survey reveals that only 51 per cent of UK organisations are confident that their business continuity plan is up-to-date
The recent snow storms to hit the UK, should act as a warning for organisations to test their business continuity (BC) plans. Storm Emma brought huge disruptions to the UK’s transport network, notably impacting how people were able to commute to and from work. Because of this, a lot of organisations would have been forced to invoke their BC plans to remain operational.
According to latest research, only 51 per cent of organisations have a BC plan in place, that is up-to-date and have been tested in the last 12 months. This suggests that as the storm intensified, many organisations would have been left exposed to severe business interruptions, simply through poor BC management.
Business continuity is no longer a luxury insurance policy; it’s absolutely essential for all businesses no matter their size and must be updated and tested on a regular basis.
A good BC plan sets out how an entire business will respond to and recover from any incident, enabling it to get back to business as usual, as fast as possible. Critically, an effective plan should include a Business Impact Analysis (BIA). There are some free templates available on the web. This is where the bulk of good BC planning takes place. It determines and evaluates the potential effects of an interruption to critical business operations, resulting from an incident. The objectives an organisation should look to address during their BIA are:
•The types of impact an incident might have on a business; whether that be financial, regulatory or legal impact, for example.
•The business functions and services, that support these services (storage & servers, networks, protecting against threats and facilities).
•Assigning ‘criticality’ to those services.
•From this a firm can then work out the dependencies that will affect an organisation’s ability to deliver these services and functions – for example, power needed to remain operational or suppliers needed to deliver goods.
•Finally, you can then outline your recovery objectives, including your justification for this.
Once a firm has a plan in place you need to ensure that it can be executed. Testing your plan is critical but often the opportunity to actually do this is rare. Instead, firms should look to capitalise on known events to test their plans – ie between Christmas & New Year, when there are just skeleton staff and most of the UK companies are closed for business.
It is important to remember that writing a BC plan is not a one-off project – It’s a working document that needs to be constantly updated.

This entry was posted in Security and Malware and tagged , . Bookmark the permalink.

Comments are closed.