As risks evolve, is your business continuity plan up to date?
As your business reviews its response to risk this year, be sure to ask one key question: “Is our business continuity plan up to date?”
Last year, a number of events in Canada demonstrated the importance of having a business continuity plan that adequately assesses current and emerging threats.
Business leaders should ask some hard questions about their company’s cyber preparedness – specifically, whether the control environment is aligned with the level of risk the business believes it has accepted. Unfortunately, many will discover they are not as prepared as they thought.
Another recent example is the global uncertainty caused by the COVID-19 pandemic. This event has highlighted challenges with the control environment and cyber security, and disrupted numerous businesses and industries.
Business continuity plan objectives
To help ensure your business is well prepared for a variety of risks, consider the following questions:
Is your business continuity plan current?
This might seem like an obvious question. However, more often than not, business continuity plans are duplicated each year with little thought given to how new exposures might impact what is already in place.
A business continuity plan should be a living document that is reviewed after any change that could impact it, even if the change is relatively minor.
The culture around risk within a business plays an important part in the overall success and relevancy of a business continuity plan. Ideally, business leaders should use a business continuity document as they make changes to the business, to ensure they are constantly building in business resilience as part of the development organization. It’s about having fewer hazards, less threats and less loss potential.
What technological changes are you making this year, and what is your formal management of change process for this modification?
It’s crucial to think about how any changes you make will impact your overall business resilience and ability to recover from an unplanned outage. However, when it comes to technology and its potential impact on a business continuity plan, you are never really “done”. New technical vulnerabilities are discovered every day, and every business process change can create unintended process or system vulnerabilities. The cyber risk exposure needs to be effectively managed, utilizing effective loss prevention techniques with the help of specialist advice.
Within your organization, do you have clear responsibilities and accountabilities?
Minor changes can have a big impact on business continuity planning if you’re not aware of threats or the consequences to your business. We are observing more than ever the need for effective oversight of these challenging risk areas.
Within your organization, does your management of change process effectively identify supply chain changes that could significantly impact the resilience of your business – for example, the merger of two independent suppliers into a single supplier of a key raw material?
With the increased usage of technology, including web interfacing products, does your organization have adequate business resilience in the event of an issue with a technology solution – for example, a synchronized independent backup mirror web system facility? What about the ability to manually process customer orders in the event a technology system has an extended period of unplanned downtime, such as a cyber ransomware attack?