As the first month of 2025 draws to a close I am going to add one more article to Diana’s “Get Organised” project, this time looking briefly at business continuity. This is a companion piece to:
Get Organised – Incident Response | Octagon Technology
It is probably best if you read that one first.
Business Continuity Plan – What is it?
I have seen some truly monumental business continuity plans and I have also “seen” some that were just not there. But for a Business Continuity Plan to work for your organisation it should make it easier for you to recover from an incident. Remember that an incident does not start and stop with a cyber incident but covers anything reasonable that will disrupt your daily operations. I am not sure there is a plan for alien invasion but I do have one for a red weather warning.
Business Continuity Plan – What do I need?
As with an Incident Response Plan, a Business Continuity Plan does not have to be complicated – it just needs to be able to support your organisation through a crisis. Here are some of the headline points plans I have been involved with have covered:
• Designate people to roles
• Instruct other staff as to their actions and responses
• Alternate communications
• Alternate/replacement location
• Alternate/replacement equipment
• Media and Stakeholder communications (templates)
• Access and recovery of back-ups
You will notice that there is some duplication between the two plans – that is because there are some key points that need to be addressed in both plans to keep your stakeholders onboard.
Again, this is not a full plan but it does show what needs to be included so an organisation can still make its widgets and preserve its cash flow.
Training and Testing
As with the Incident Response Plan, testing and training is essential to a successful Business Continuity Plan. Actually getting your team to work their way through the parts of the plan they are responsible for is a good way to make sure your organisation is prepared. A plan just in a binder on the shelf or saved in SharePoint is not a plan.
Business Continuity Plan and Change
Your incident Response Plan needs reviewing from time to time but it is probably even more critical that your organisation reviews the Business Continuity Plan as any major flaws in it could stop you getting back up and running. Change is part of any normal business so having a way for your team to report changes to the “Keeper of the Business Continuity Plan” is important so it can remain relevant.
Ask yourself this question…
…do you have a working Incident Response Plan and a functional Business Continuity Plan?
If you don’t then it is not too late to make a resolution for 2025 to create them. We can help.
Clive Catton MSc (Cyber Security) – by-line and other articles
Get Organised Month
Get Organised Month: Make a Vision Board
Get Organised at Smart Thinking Solutions
Get Organised Month: Contracts Protect Your Business
Get Organised – Incident Response
Get Organised – Business Continuity and Recovery
Further Reading
UK weather likely to remain stormy and unsettled for rest of winter – BBC Weather
Photo by Suzy Hazelwood
