Fall is always a good time to review, refresh and update your Business Continuity Plan (BCP) - plus test this plan. A plan isn't a plan if no one is aware, or knows what to do.
Many of the BCP plans I review has one big flaw - we forgot the people. If there is a major incident in your metro area, and your employee can not get to the office, the plan calls for remote access. Good deal! What happens if the incident impacts your employee directly, their first priority is their family safety and security. Your BCP plan needs to take into account you may not have all your employees available to deal with your business continuity plan.
This brings a few things into account, one is that if you have multiple locations, staff need a copy of your plan so they can help you from remote. You also need good documentation on how your systems, infrastructure and facility operate so remote employees or contract employees can keep your business in operation. One of the biggest mistakes is to forget that your employees maybe impacted by the same situation that has impacted your business.
Therefore, your test needs to include bringing some contract employees in and see if they understand your plan, can follow it and get your systems, infrastructure, and business process back into operations. A complete Business Continuity Plan is People, Process and Technology.
One more reminder, keep some copies of your plan off site and easy access to your staff - the plan needs to include emergency contact information for employees, vendors, partners, and contract staff.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
About Me
- Scott Arnett
- Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.
No comments:
Post a Comment