Developing a business continuity strategy is a time-consuming and labor-intensive process. Organizations must gather...
and validate massive amounts of data and develop and validate procedures to keep data available and protected at all times.
Employees must be trained on the business continuity plan, as well as their roles and responsibilities when a disruptive incident occurs. Senior management must be aware of the plan and be involved with its development.
The following list of common mistakes, if addressed early enough, can improve your chances of developing an actionable business continuity strategy.
Lack of senior management support. When you consider how much goes into a standards-compliant business continuity plan, a lack of senior management support could result in an inability to start the planning process. And without a budget and funding approved by senior management, your project could be a nonstarter.
Failure to comply with standards. Not only do standards provide an excellent framework for building a business continuity strategy, they can also help increase your chances of passing a future audit or an evaluation by an existing or prospective customer.
Not performing a business impact analysis and risk analysis. A business impact analysis (BIA) identifies the most important business processes; the technologies, data and staff needed to perform those processes; recovery time objectives; priorities when recovering critical processes and systems; and vital records and other required documentation.
The risk assessment (RA) helps identify internal and external threat situations and operational vulnerabilities that could cause disruptions to the critical processes identified in the BIA.
Failure to define strategies for response, recovery, restoration and resumption of business activities. These are developed from BIA and RA results and describe how the company will prevent incidents from happening, respond to them if they do occur, mitigate the severity of an incident and resume business operations as quickly as possible.
Not defining incident response and damage assessment activities. When an event occurs, a fast, organized response can help protect human life, minimize damage and reduce incident times. It's important to identify and properly train employees who will serve on incident response, emergency and damage assessment teams so they can perform their duties quickly and efficiently.
Not exercising plans on a regular basis. BC exercises help ensure that data contained in the plan is accurate and up-to-date, and that emergency procedures are correct and in the proper sequence. Once BC plans are exercised, an after-action report identifies what worked and what didn't work, and recommends changes to improve the business continuity strategy.
Not maintaining and reviewing plans regularly. BC plans are only useful to an organization if they are up-to-date, procedurally accurate and periodically reviewed for content and other relevant metrics. Assuming plans are also audited, it's essential to design them using the frameworks contained in BC standards to ensure that plan controls are consistent.
Don't forget vendors when completing business continuity plans
Business continuity plan decision: Colocation or cloud?
Take data breaches into account during business continuity planning