- Development of basic normative documents regulating the relevant issue.
- Conducting an analysis of the impact of crisis/incidents on the company’s operations and processes.
A complete picture of the company’s activity is made; a list of processes/functions is compiled, and the type of impact on business (material, economic, reputational), dependence on information resources, and maximum downtime are determined. - analysis and assessment of risks.
Such activity provides understanding and acceptance of potential threats, as well as their consequences and sources, identifies vulnerabilities of the company and allows finding possible options to avoid or eliminate such threats or consequences.
The risk assessment is a basis for further development of the business continuity strategy and optimal scenarios of its implementation.
- Company strategy development.
Strategies will include model scenarios, the consequences of which negatively affect the company, block or limit its activities. Typically, these scenarios cover issues of inaccessibility of premises, personnel, limited use or loss of IT resources, etc. Scenarios provide an objective view of the company’s operations, prioritizing areas/processes, minimum resources needed for recovery, and measures to minimize the risks of such scenarios.
- Development and implementation of business continuity plans.
The plans are a clearly defined list of actions and responsible parties that ensure the emergency recovery and, if possible, the normal functioning of the company after an incident/crisis/disaster. International best practices identify three elements for creating an effective and efficient plan – response, incident/crisis management and business recovery.
The U.S. National Institute of Standards and Technology (NIST) has developed a methodology that defines and describes model business continuity plans, emphasizing that the plans should not just provide technical solutions, but should contain a clear organizational model for behavior in crisis situations.
- Plan testing and training.
Testing and training are indispensable elements of the continuity process, because awareness, awareness and practice of the plans help to avoid certain mistakes during the crisis and, in a certain way, to minimize the recovery time of the company.
- Updating the plans.
Updating is done on a regular basis, also in cases of changes in structure, technical conditions or requirements, legislation, the identification of vulnerabilities during testing.
Considering the above, business continuity is quickly becoming an important and integral element of any company. Therefore, it is worth emphasizing a few basic points that define the development of this activity, as well as its important elements.
Business continuity is a set of predetermined actions that a company applies to prevent and respond to threats. This process ensures the company’s ability to continuously provide services, minimize the impact of crisis situations on its activities and reduce the possible losses from these situations.
Business Continuity is a complex mechanism, the operation of which requires the application of not only organizational, but also technical measures. In any case, the issue of continuity is global. That is, protection is required for the company as a whole, but not for a separate element. Modern approaches and solutions can not only ensure the continuity of IT resources, but also provide an opportunity, albeit sometimes limited, for the operation of the company, protection of personnel and access to necessary resources.
It is indisputable that when forming the continuity process, one of the key elements is the issue of information security, in particular the resources used by the business (data, hardware and software complexes, appropriate personnel).
Defining only the technical means will not ensure the proper functioning of business continuity process. Moreover, it is required to define critical business processes which will be restored by technical means, the impact on business, risk analysis and, directly, the formation of business continuity process itself.
Almost every stage of continuity is implemented thanks to the staff and employees of the company. That is, the presence of qualified, trained employees is the key to effective implementation of business continuity plans. And training and informing the personnel about the measures and actions to restore functioning should become an integral element of the company’s daily work.