Business Continuity Management (BCM) is a process designed to protect organisations against the unexpected.
Fire, floods, natural disasters, terrorism and crippling cyber-attacks are unexpected threats that most businesses face. Data breaches cyber attacks are perhaps less unexpected. Most IT security experts would say that they are actually inevitable, therefore having business continuity plans in place to handle cyber incidents is essential.
Preparing for these isn’t as difficult as you might imagine, and it shouldn’t cost a fortune. Technology is making BCM a more cost-effective option for most businesses, even small and medium enterprises.
Getting Started With Continuity Planning
Planning for BCM means considering the following questions:
- What are your key products and services? What do you need to keep producing/doing to survive an unexpected disaster?
- What mission-critical activities and resources do you need to continue to delivering these?
- How would you keep delivering these in the event of the unexpected?
- And what are realistic threats that could mean you need to implement an emergency continuity plan?
- In the event of one of these threats materialising, how can you keep delivering these products/services?
In almost every scenario imaginable, the majority of businesses will need IT services to continue. Email. Phones. Cloud-storage. Websites. Basic services that your team are going to need to access, even if your primary operational site is inaccessible.
IT Business Continuity
Since 2004, The Civil Contingencies Act has designated front-line responders (municipal authorities, fire, police, army) in the event of a local or national emergency. Communication channels can be used to alert people, get those affected to safety and support organisations that need assistance.
However, maintaining business IT operations is very much the responsibility of each private company. Thanks to advances in cloud computing and storage, continuity arrangements can swing into force quickly and effectively. With most employees and contractors using smartphones, IT services, including business contact numbers should be accessible wherever your team are working in the event of an emergency.
IT teams and partners need to put together the following to ensure a successful BCM plan:
- Business impact analysis. Assess the threats - particularly those from cyber attacks and physical threats to IT operating spaces, including cloud-servers and storage
- Set a recovery time objective for mission-critical services and systems
- Within this plan, assume one or more parts of the overall system are down. Create workarounds, so that even if critical hardware is down there are still ways to become operational again.
- Review security and backup procedures with all third-party providers, so that you know if anything happens at those facilities your business can still get back to work. If those arrangements aren't satisfactory, then it might be worth look at moving your backup storage, servers and services to another facility.
- A clear plan to ensure data will be restored and recovered, in the event of anything destroying site-based servers and storage. This is even more important with GDPR coming into force. Cyber attacks are usually implemented to steal data; therefore you need to know, in the event of an emergency, if anything has been duplicated or removed.
- Designated parties and staff members. Make sure you know who's responsible for implementing and running this plan, including outsourced IT partners.
- Ensure, in the event of a disaster, that all users who need it can access critical services; it helps to have secure, cloud-based password management software to prevent security breaches.
For many organisations any downtime, even when disaster strikes, can cause even significant problems, even threatening the viability of the business. A key part of ensuring your IT network and systems are back up and running quickly, allowing employees to access them remotely if your primary site is inaccessible, is to partner with an IT provider offering technology services such as network and infrastructure management as well as IT support services.
To discuss any of the subjects raised in this blog post, or to explore how resilient your organisation is to unexpected incidents, contact me on 0845 643 6060 or email firstname.lastname@example.org