Intelligent Issue 25 | Page 42



PLAN SHOULD BE A HIGHLY COMPETENT DISASTER RECOVERY PROCESS . gathering information and making sure that you have covered all the bases . With a framework in place , the task is then one of regular revision and review . Developing and framework and plan is the responsibility of the CIO , who will work alongside other key personnel within the organisation .
Setting out a Business Continuity Plan
The first steps in setting out a cyber-related Business Continuity Plan revolve around understanding what it should include – and that ’ s every single aspect of technology that ’ s used within the business .
Don ’ t just list items , but make sure you know the suppliers , the service level agreements ( SLAs ) and any arrangements for alternative provision due to outages . If there are no arrangements for such provision , ask why not and if you think such arrangements should exist , put them in place .
Make sure that all the contact information needed to invoke any special measures is recorded and can be accessed if the computer system goes down . Imagine how frustrating it will be to know the information you need is recorded but it is not reachable .
Even with every ‘ t ’ crossed and every ‘ I ’ dotted in a Business Continuity Plan , the worst might still happen and ‘ business as usual ’ could be a few days away or even longer . The plan should include some practical measures for keeping going in this kind of situation . What are your critical services and how can you continue to provide these ? If some processes can revert to paper systems , do you have this set up in such a way that people can start using them immediately ?
The Disaster Recovery process
Knowing what you have , who is responsible for it , how to retrieve those elements and which systems you can run on a temporary basis to get you by is central to a strong Business Continuity Plan .
Inevitably for many businesses , a central pillar of getting up and running post-crisis will be recovering IT services and systems . So central to the Business Continuity Plan should be a highly competent Disaster Recovery process . You might need to require the ability to recover to a different site if your main premises are inaccessible .
You might need to specify an incremental recovery system which brings critical systems and data on stream first and ancillary ones later . You will certainly need assurances from your provider that Disaster Recovery can bring systems back online as fast as possible and that any malware which can facilitate ransomware and other cyberattacks isn ’ t simply restored with everything else .
Keeping it fit for purpose
The great challenge with Business Continuity Planning isn ’ t getting the right processes in place . Yes , it takes time and requires resources , but the procedures and processes required are well documented and there is professional help available from specialist external organisations .
. tech
Intelligent SME . tech