Closer collaboration between departments such as business continuity and information security could help raise the necessary staff...
In an ideal world, your business would rise effortlessly to the pinnacle of its industry, wowing clients and customers alike. In reality, no business, no matter how successful, is without its challenges and it is often the ability to mitigate and eventually overcome these challenges where a business proves its mettle.
One of the ways that organisations can prepare for disruptive events is through business continuity management (BCM). This involves the deployment of Business Continuity Management Planning software and business procedures in order to continue operating when the unexpected occurs, whether that’s a minor hardware failure or a natural disaster. As such, business continuity management does include disaster recovery measures, but it is also about identifying, managing and preventing issues before they occur.
Of course, deciding to implement continuity management measures is not the end of the story and this process comes with its own challenges. The first of these is understanding why you are implementing it in the first place. For some businesses this will simply be a case of doing the minimum amount of continuity planning required in order to meet regulatory or auditing standards. However, this approach is unlikely to provide robust or reliable risk management. It may sound obvious, but in order to deploy effective business continuity management you must first identify what it is your company is looking to achieve as a result of its implementation.
Once that has been determined, companies then face the challenge of identifying the scope of their BCM measures. What business processes will be covered? Are some more critical than others? Is the budget available to cover everything that we need to? All of these questions are more complex than they first appear and answering them requires a thorough understanding of your business. In order to achieve this, many IT managers carry out a business impact analysis (BIA).
A BIA helps businesses identify what processes can remain inactive and for how long in the event of disaster without causing significant financial losses, regulatory fines or customer dissatisfaction. In effect, it tells managers what a business cannot be without in order to survive. By understanding the consequences of not performing each function, businesses can classify each one based on their recovery priority. Business operations encompass many difference aspects, from marketing to finance, and while they are all important in their own way, some are more time-sensitive than others. Once businesses have carried out a thorough BIA they can implement effective back-up and recovery procedures with much greater focus.
In terms of software approaches to BCM, companies must employ tools that can adapt to a threat landscape that is constantly evolving. In order to cope with this, businesses must regularly assess and update their security software and ensure that it delivers not just on an individual device or user level, but enterprise-wide. The growth of cloud computing has meant that company resources can be accessed from anywhere and across any network and in order to prevent cyberthreats, business continuity management must keep this in mind.
As well as being adaptive, business continuity management must also be integrated across the entire company and engrained within employer and employee culture. Risk workshops can be an effective method of raising awareness across the company and it’s important that all members of staff, even c-level employees, are involved. Crisis communication plans should also be distributed and continuity tests should be carried out in order to assess your company’s ability to cope with a genuine crisis. In addition, a wide range of employees should be trained to carry out emergency functions, as disruptions usually occur without warning.
Convincing managers and executive level staff that business continuity management is necessary can, at times, be a hard sell, particularly if a business has yet to experience a serious disruptive event. If it isn’t broken, why fix it? However, this approach is extremely short-sighted and it only takes one crisis to damage a company’s reputation irreversibly. However, if businesses feel that they do not have the capability or expertise to carry out effective business continuity management, there are third party suppliers offering support.
At Sungard AS, we have experience of more than 100,000 recovery tests over a 30-year period. Throughout this time, we’ve adapted to new threats and ensured that our clients remained connected and functional even during their most disrupted moments. Business Continuity Management does come with a number of challenges, but with the right third party support, there’s no reason that these can’t be overcome.