Business Continuity Planning (BCP) During a Crisis
What is BCP?
BCP is a course of action that any organization will take if any unexpected situations occurs. BCP covers events like natural disasters, pandemics, an economics crisis, data breach and more.
As the novel corona-virus has increased the impact on our global communities and businesses, many organizations are recommending their employees to work from home (Teleworking) and cancel non-essential business travel.
This new “virtual reality” is putting a pressure on normal business operations at the same time hackers are trying to exploit various vulnerabilities.
I believe that staying vigilant and having a security-first business continuity plan is critical to running your company in the event of an emergency.
- Teleworking policies
- Security implications
- Customer implications
- Crisis communication
- Vendor emergency plan
Get the right people in the right room
- CEO: Primary leader
- COO: quarterback
- CMO: marketing: internal and external crisis communications
- CTO/CIO: Technology stability assessment
- CISO: Security risk Assessment
- CFO: AP and revenue continuity
- CPO: Employee Relations
Conduct your Risk Analysis
Let’s discuss and identify critical buckets of risks across your organization that you will need to address in the event of an emergency as:
Prepare Work from Home (WFH) Policies
- Do you have a documented WFH policy?
- Have your teams and managers been trained?
- Do you have communication methods in place —zoom, slack, hangouts, skype, etc.?
- Do you have physical network limitations? What about VPN?
- Do you have Identity Access management (IAM) solution for secure application access?
Do you have Smart Authentication mechanism in your environment?
Let’s consider both internal and external communications as:
- Choose a consistent method of communication –email, slake, zoom, Skype
- Define a singular place for employees to go for information
- Daily team stand-ups
- Define communication channel and frequency based on solution – email, slake channel, blog, social media
- Consider white-glove phone calls for key customers
- Provide in-application notifications (if applicable)
Prepare crisis communication Examples
Prepare service disruptions and technical dependencies as:
- Evaluate technical point-of-failure
- Cloud technology vs. On-premises technology
- Data center diversity and redundancy
- Reliability and scaling
- Mission critical vendor’ BCP
- Can your employee securely access applications remotely?
- Do you have password policies in place?
- Are you using multi-factor (MFA) authentication?
- Are your employee potential targets for breaches?
- Are you communicating potential threats to customers and employee?
Response phases and example procedures for BCP
Steps 1 Disaster detection
- First res-ponder –assess and response
Steps 2 Disaster declaration
- Invoke the plan –notify leadership teams, alert comms, and set timeline
Steps 3 Mobilization
- Inform team leaders – assign tasks, communication cadences, status updates
Steps 5 Ongoing crisis management
- Action and recovery –strategic decision-making, emergency funding, timeline to resolution, consistent communication
- Document, finalize, and version your plan
- Involve legal to get their sign-off
- Get the buy-in of key stakeholders and leaders
- Develop document release procedures for employees and customers
Finally, Protect your brand, customers, and reputation stay vigilance stay safe!
Shree is based in Butwal, Nepal. Shree holds a degree in M.Sc. (IT) and began working at New Horizons, Nepal Center in 2007-2012. After that Shree contributes to various reputed firms in Kathmandu with his years’ of experiences in Teaching, IT administration, Management and Consulting Services especially in Payment/Software industries (IT infrastructures and Security solution). Check about page for details!