All of us face natural hazards such as hurricanes, flooding, and snow storms while we witness technological accidents involving our transportation systems, blackouts, bridge collapse or from manmade attacks from terrorist. The question is…. does your organization have a program or a process to maintain survivability and continuity that will sustain your organization’s bottom line at a healthy level?

In early 2017, owners of 15 local businesses were destroyed in 4th-alarm blaze in Flushing, New York City. Each of these businesses had to figure out what to do next. Even if you own an eating establishment such as a deli or a bagel store, and was exposed to a small amount of smoke, the local health department will close you down. And that’s just the beginning of many headaches to come.

And where were you during the latest coastal storm? Were you and your staff able to get to work? Could they telecommunicate? Could you even communicate with them?

Equifax - 2017

Cybercriminals penetrated Equifax, one of the largest credit companies in the U.S, and stole personal data of nearly 145 million Americans. Considered the worst breach of all time due the amount of sensitive data stolen, including Social Security information. What is disturbing is the company only announced the cyber-attack two months later. It will have an impact for years because the stolen data could be used for identity theft. The question is where was the needed protection? Are you protected; prepared?

Cyber Security (defined): measures taken to protect a computer or computer system against unauthorized access or attack.

Are you familiar with such threats as = Phishing where the internet user is duped into revealing personal or confidential info = Malware and Ransomware to name a few? Has your business, regardless of size, conducted a live penetration test, vulnerability scan and/or and security awareness training?

Business Continuity will assist your business in developing and distributing emergency preparedness plans to maintain operations, logistics, and your company’s integrity within the supply chain, as well as personnel safety and protecting critical assets.

The goal of the resulting plan(s) will guide all employees, including Chief Executives to protect life and property while keeping the ability to support business and customers’ needs in the event of a threatening disruption.

According to the Federal Emergency Management Agency (FEMA), almost 40 percent of small businesses never reopen their doors after a disaster.

Business continuity planning functions will :

• Help you conduct an organizational profile of each department

• Review staffing and skill sets

• Portray all company facilities and their locations

• Identify critical assets (your personnel and things)

• Review / describe / identify critical processes and applications

• Review and evaluate existing plans and policies (if any)

• Establish an effective project management to guide the development of all BCP functions

• Identify department point personnel

• Review time line and goals

• Monitor and tracks progress of all efforts through senior level tracking reports

• Develop companywide BCP worksheets

   

Here are some components to a Business Continuity Plan:

• Executive summary 

• Organizational structure

• List of critical staff with associated positions, skill sets 

• Communications

• Operational strategies 

• Disparate procedures

• Activation processes 

• Critical customers

• Major / critical assets such buildings, supply chain items, computers and personnel

• Alternate locations 

• IT applications

• Vital records 

• Vendor list - Relations with first responding agencies 

• Safety procedures - Supporting organizations (utilities)

   

Your business continuity planning should result with some of the following:

1. Produce an appropriate Recovery Point Objective’s (RPO) = ask how long can a function / activity be suspended? Try to limit important to six activities (such telephony, emails, access to facilities, etc.)

2. Produce acceptable Recovery Time Objective (RTO) that any critical process / activity / function can afford to be out of service

3. To project the Maximum Time Period of Disruption (MTPOD) for each department, facility and critical process for the resumption of time sensitive operations and services when disasters and/or emergencies occur. 

Part of the process of business continuity planning is the Business Impact Analysis (BIA). This process collects all plans and critical process information from each department. It should further:

1. Document the potential impacts resulting from disruption of business functions and processes

2. To provide presumed scenarios based on threats that will create significant business interruption

3. And should categorize functions into such levels and maximum times limits as critical importance, high, medium, or of low importance

Once developed, the BIA reporting process will assess each department with their functions, processes, and operations, resulting in terms of the following assessments:

1. Time and durations of loss to operations

2. What is the maximum level of financial impact?

3. What could be the operational impact?

4. Evaluates a comparison with the costs for recovery strategies.

5. What could be the effect of public and client reputation?

Here are some of the current standards for Business Continuity Planning: 

• The new ISO 22330 standard for business continuity management

• The British standard is BS 25999 for business continuity management

• National Fire Protection Association 1600 for Disaster/Emergency Management and Business Continuity Programs

• ANSI/ASIS SPC.1-2009 for organizational resilience and ISO 22317 for Business Impact Analysis.

Is your organization prepared?

For any further questions or inquires please contact:
rich@rotanzandassociates.com
631 905 5651