Challenge
Business continuity (BC) is about minimizing disruption to the company’s operations and making sure that business is still viable during the force majeure, like of today, the COVID-19 outbreak. BC has a significant foot in the camp of cyber resilience. This is because any info systems disruptions caused by cyber or any other form of threat are central to what BC is about today.
TOP-6 disruption threats:
Cyber attacks
Data infringements
Adverse weather
Unplanned IT failures
Interruption of supply chains
Pandemic
What is ISO 22301 and Business Continuity?
The ISO 22301 business continuity management standard talks about critical business functions that need to be defined to ensure that business is still viable in force majeure.
It focuses on the maintenance of the continuous process of management and involves a thorough business impact analysis and risk assessment. After you identify potential threats that could lead to the disruption of your business, the next step is to analyze what potential damage it could pose, whether financial, reputational, or any other.
Useful and timely reaction to incidents and elimination of outcomes make a BC strategy that involves the identification and implementation of the continuity procedures.
Creating a Business Continuity Management System for Your Organization
Four fundamental principles of BCMS:
1. Getting management support
For the initiative to be successful, it must be supported by C-executives or board management. Support from management ensures that the company will have all the necessary resources to start on creating and implementing the BCMS and that it will be consistent with the overall business strategy of the company. Management support will also help to promote continuous improvement of the BCMS and support throughout the organization.
2. Risk evaluation
Consider damage scenarios that may cause process disruption. They should be very specific to your organization. Here you should end up with the risk score that includes two points: the seriousness of an incident and likelihood of its occurrence.
3. BIA (Business impact analysis)
Identify your essential activities and resources and then define levels of severity of the business impact if those activities were disrupted or those resources unavailable. This will help you to further determine priorities for recovery after a disruption: how quickly will it take you to resume each activity after an incident.
4. Business Continuity Plan (BCP)
You will develop a BCP based on your risk evaluation and BIA. Its goal is to reach the stability of the situation after the disruption of the business process.
A BCP will include the following:
Contact details for suppliers, authorities, and other interested parties;
Call trees featuring key staff to ensure availability of the right competence;
Step-by-step checklists in case of specific events.
5. Practical Implementation of BCMS
You can successfully apply all the steps described above with ServiceNow Security Compliance solution. It will allow you to holistically and efficiently create and manage your BCP.
Rede Consulting specializes in ServiceNow - Security, Compliance and Automation. Contact us at info@rede-consulting.com for your implementation / development / support / staffing needs.