BUSINESS CONTINUITY LESSONS FROM 2020

[vc_row][vc_column][vc_single_image image=”1846″ img_size=”large” alignment=”center”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]2020 was a tough year for many organizations where we faced a global pandemic and increase in cyber activity among other disruptions.

Here are the lessons we look at from the year 2020 when it comes to Business Continuity Planning.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_single_image image=”1841″ img_size=”large” alignment=”center”][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”Evaluate existing controls” font_container=”tag:h5|text_align:left|color:%2381d742″ google_fonts=”font_family:Montserrat%3Aregular%2C700|font_style:700%20bold%20regular%3A700%3Anormal”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Most organizations have structures to mitigate risks, however the probability of some risks materializing is very low. This does not prove that the controls are effective, it is simply good luck. It is important to test effectiveness of controls over time to ensure that when the disruption will inevitably occur, we will be prepared to deal with the impacts.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”Conduct a Business Impact Assessment” font_container=”tag:h5|text_align:left|color:%2381d742″ google_fonts=”font_family:Montserrat%3Aregular%2C700|font_style:700%20bold%20regular%3A700%3Anormal”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

A Business Impact Assessment enables organizations to assess the impacts of disruptions to business functions and gathers information needed to develop recovery strategies.

The key questions of the Business Impact Assessment are:

  • What are the critical/ prioritized operations
  • The minimum operating requirements you need to maintain those operations.
  • The core systems and service providers that those functions are reliant on

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”Stakeholders Involvement.” font_container=”tag:h5|text_align:left|color:%2381d742″ google_fonts=”font_family:Montserrat%3Aregular%2C700|font_style:700%20bold%20regular%3A700%3Anormal”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Most organizations have a risk department and assume that the role of disaster recovery and Business continuity planning is a risk department affair. However, every member of the organization is a player in Business Continuity planning, roles should be defined, and management should show commitment.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”Scenario Based Planning.” font_container=”tag:h5|text_align:left|color:%2381d742″ google_fonts=”font_family:Montserrat%3Aregular%2C700|font_style:700%20bold%20regular%3A700%3Anormal”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Planning requires us to think in a ‘What if?” manner and also be ready to improvise. Nominating a Crisis Management Team is critical, the team should involve the right people with the right skills.

The scenarios should be used to evaluate the adequacy of the controls in place to ensure continuity of operations.

Do not Wait for a Disaster to plan. We all watched as COVID-19 hit China before it spread all over the world most countries never planned until the first case was reported.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”Communication” font_container=”tag:h5|text_align:left|color:%2381d742″ google_fonts=”font_family:Montserrat%3Aregular%2C700|font_style:700%20bold%20regular%3A700%3Anormal”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Communication is vital for every Business Continuity Management System. Every organization should determine the communication requirements for all interested parties and tailor the communications to best suit them.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”Test Recovery Capabilities” font_container=”tag:h5|text_align:left|color:%2381d742″ google_fonts=”font_family:Montserrat%3Aregular%2C700|font_style:700%20bold%20regular%3A700%3Anormal”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

The business should conduct tests that simulate the unavailability of enablers for the critical operations and the plan in place in the event of such a scenario.

Always start with the simple tests then incrementally increase the scope.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”Brian Kipkoech, Consultant” font_container=”tag:h5|text_align:center|color:%2381d742″ google_fonts=”font_family:Montserrat%3Aregular%2C700|font_style:700%20bold%20regular%3A700%3Anormal”][/vc_column][/vc_row]

  1. Very interesting read. Concerning the cyber space, we do have unanticipated risks happening especially when there is world wide crisis. On such scenario how do we balance the economic and mitigation process?

    Comment by Cheruiyot Timothy on March 11, 2021 at 11:25 am

  2. The purpose of risk management is to determine the potential organizational impact if the risk materializes. We conduct a risk analysis and evaluation prior to coming up with a mitigation plan. We must determine the risk level and it’s mitigation cost before treating the risk. Controls are cost implicating so is risk ignorance.

    Comment by Brian Kipkoech on March 16, 2021 at 8:22 am

Latest Posts

×

Hello, Thank you for contacting Sentinel Africa. How may i assist you?

Sentinel Africa Consulting

× WhatsApp