Business continuity planning is a crucial part of cyber security, but does your organisation have a system that accounts for its four phases?
The threat of data breaches looms over all organisations. A significant incident could cause irreparable damage and attract the attention of regulatory authorities. This is why all organisations need a BCP (business continuity plan). It contains a set of processes that helps organisations respond to disruptive incidents, including cyber attacks and other relevant threats such as power outages and adverse weather.
An organisation’s BCP should contain four phases:
- Initial response
The first thing you must do after discovering a disruption is work out the severity of the damage. What systems and locations are inaccessible? Has any sensitive information been compromised?
Your BCP will list the actions that need to be taken in different scenarios, so all you need to do is align the damage with the appropriate response measures.
The next step is to move affected areas of your business out of harm’s way. For example, if your infrastructure is damaged, you need to move equipment into another part of your office. The same is true for employees: if their workspaces are unavailable, you must find somewhere else for them to work.
As with the initial response, your BCP should include specific details based on each scenario. This will probably include things such as setting up temporary offices, or asking employees to share desks or work from home.
With the affected area of your organisation isolated, it’s time to fix the problem. You can deal with some disruptions yourself, but there are times when you might need to bring in experts (as will be the case with fires, floods or disruptive weather events).
On other occasions, the recovery process might be out of your hands. For example, an electrical outage will probably need to be dealt with by the local power provider, and when disruption is caused by snow, you will simply have to wait for the weather to pass.
Once the recovery process is complete, your organisation can return to business as usual. You first need to confirm that the recovery was successful, which can be done by performing a test. If that goes well, you can move everything and everyone back onto the premises and resume work.
Want to know more?
You can learn more about how to successfully respond to disruptions by reading our free green paper: Business Continuity Management – The nine-step approach. This guide explains:
- How you can implement a BCP;
- What you need to consider at each step of the process;
- How to measure, monitor and review your plans;
- The roles your staff will play; and
- How you can conduct a business impact analysis.