What’s your BCP plan?

July 3, 2020

The COVID-19 pandemic revealed the weakness of many organizations’ business continuity plans. Many companies learned too late that their plans were inadequate, lacking interoperability with other critical plans for crisis management, disaster recovery, and pandemic readiness.

Who is responsible for a BCP in an enterprise, how often do you test it and how does it relate to ESRM?

Overall, business resilience is a company-wide priority. A business continuity plan, in its simplest form, is the way that an organization can put a plan together to make sure it can continue doing business, no matter what happens.

However, many enterprises may not have one because it’s considered an expense. And many business continuity plans are either too high-level to offer any real actionable detail, or they consist of content that is out of date. In other instances, BCP plans place too much emphasis on short-term disturbances and neglect to take into consideration long-lasting disruptions.

How do you create one? The first step is to assess your risk. What do you have to protect, what critical functions need to continue?

Who is responsible for a BCP? It can sit anywhere within an enterprise, although it likely should belong to the security team that understands enterprise risk and assets. Some enterprise place the responsibilities under facilities, or HR, and that will differ from enterprise to enterprise. All that matters is having a plan in place to recover and to get back to business.

Another key factor with a BCP is testing it. You cannot create one and then put it on a shelf. And exercising and testing it should not be complicated. One easy option is a thought exercise that involves a few people and where you ask questions about how they would respond. But if you don’t test it, it won’t work when you need it. And the testing is best if it’s done in a fictional scenario versus real life.

A BCP also ties into ESRM for an organization, as it enables the enterprise to get in front of security risks; to understand what’s at stake and what could be lost if a company is not prepared. ESRM is a critical way for businesses across the globe to improve the solutions and programs they have in place to mitigate their security risks.

Overall, business continuity is a piece of resilience that brings the operations of the enterprise back to normal, whatever that may be.

Diane Ritchey was former Editor, Communications and Content for Security magazine beginning in 2009. She has an experienced background in publishing, public relations, content creation and management, internal and external communications. Within her role at Security, Ritchey organized and executed the annual Security 500 conference, researched and wrote exclusive cover stories, managed social media, and authored the monthly Security Talk column.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

What’s your BCP plan?

Recent Articles by Diane Ritchey

John Clark: Securing Loudoun's Schools

Joey Hunter: Securing Banning

Luke Manuel: Doing Good in Healthcare

Treyler Ray: Securing the Skies

Christopher Schleder: One-Team Mentality

The latest news and information

Content written for business-minded executives who manage enterprise risk and security

What’s your BCP plan?

Recent Articles by Diane Ritchey

Related Articles

Related Products

Related Events

The latest news and information

Content written for business-minded executives who manage enterprise risk and security