As far as business disruptions go, the old adage ‘if you fail to plan, you are planning to fail’ by Benjamin Franklin rings true. Any business small, medium or large cannot foresee or prepare for all unexpected events. However, when one does occur, they need to react as quickly as possible in order to minimize direct or indirect financial loss. The actions in the first 24 hours following a business disruption are often the most important and can decide the very survival of the organization. The actions need to be methodical, swift and successful in order to be effective.
Extensive business continuity and disaster recovery planning is key in order to succeed and organizations need to evaluate and protect all aspects of the business. Good businesses, using either internal resources or external business continuity services need to create policies and procedures that allow for rapid response to disruptive events.
According to the 2019 Travelers Risk Index Cyber was the #1 concern across all businesses. The report goes on to say that 54% of businesses believe that their company will be a victim of a data breach or cyber-attack. According to the Travelers report, since 2015, the number of large, medium and small businesses reporting a breach have increased by 73%, 100% and 200% respectively.
Source: 2019 Travelers Risk Index
Top 5 Steps for an Effective Business Continuity and Disaster Recovery (BC/DR) plan:
- In order to succeed, it is important to begin with evaluating the risks and exposures of your business. This process involves identifying, assessing, evaluating and documenting the predominant areas of interest. Performing this task manually using spreadsheets, Word documents, SharePoint and the like, can be extremely time consuming, inefficient and fraught with issues related to data integrity, duplication, lack of access control and does not provide a holistic view.
Using a good business continuity and disaster recovery solution would not only take care of these issues and significantly reduce the effort required, but also help centrally manage the entire BC/DR lifecycle in an integrated manner. - Once the relevant information has been captured and collated, the next step would be to determine the most likely threat areas, their criticality to the business and likely consequences of disruption. These findings would form the baseline of you BC/DR roadmap and can be used as the foundation for your enterprise business continuity and disaster recovery solution.
- The next steps cover Business Impact Analysis (BIA)
In this phase we collect of information on: - critical business processes and their interdependencies (both external and internal)
- process workflows
- critical personnel, skill sets, backups including primary and secondary contact information
- recovery assumptions, including Recovery Time Objectives (RTO), Recovery Point Objectives (RPO) and Mean Time to Recover (MTTR)
- future commitments that may impact recovery
- BC/DR plan development and strategy
- After capturing, collating and documenting the information the BIA should be signed off by Executives so that the task of creating an actionable BC/DR plan can commence.
- Developing department, division and site level plans and reviewing the plans with key stakeholders ensures accountability and support from the respected areas
- Validating that recovery times and assumptions are achievable and ensuring the plans are readily available and accessible to staff in a disaster is key.
- Once the plans have been developed and reviewed, it is recommended that the management team review and sign off on the plan.
- Regular plan testing and maintenance
The final key element that determines whether your BC/DR plan fails or succeeds relies on periodic rigorous testing and regular maintenance. Performing simulations and table-top exercises to ensure that key stakeholders are comfortable with the recovery procedures and the lessons learned are critical to improving the outcomes.
A good enterprise BC/DR solution would be immensely valuable in ensuring all the above steps as done successfully and efficiently.
To learn more, request a demo, discuss a free trial proof of value or simply start a conversation drop an email to contact@maclear-grc.com.
Share This Blog
Related Blogs
What should a good GRC framework and architecture include?
The pandemic has shown how businesses are complex, interconnected and constantly evolving.
How to Build a Strong FCPA Compliant Compliance Function – 8 Core Components
All businesses irrespective of size face some degree of compliance and it has never been...