Building a Business Resilience and Continuity Plan

David Allen: business resiliency planning is a critical tool for ensuring an organization is prepared for threats and disasters such as pandemics and data breaches. David Allen: hi I’m David Allen a prevalent. David Allen: like many of our customers and partners we’ve had an increased focus of not only our resiliency planning but also that of a vendors in supply chain during the current situation. David Allen: this involves capturing processes and systems to ensure an organization can continue operations after an impactful event. David Allen: the goals of resiliency planning how to identify continuty after a disruptive event how the organization can continue business operations how to protect revenue expectations during that company customer data is secured and also the health and safety of team members. David Allen: can move forward with this by creating a business resiliency plan and includes anticipated disaster scenarios for potential failure points and for each one detail recovery plans potential mitigations and alternatives. David Allen: it’s helpful to find opportunities for precautions and preventative steps. David Allen: the audience for a business resilience plan. David Allen: apart from internal stakeholders includes potential and existing customers and clients investors and shareholders. David Allen: also what it is it’s often a requirement for certification or compliance mandates. David Allen: the plan should identify internal contributors and stakeholders and the roles that they will fulfill during a disruption. David Allen: any equipment in location including offices that may be impacted with slowly suppliers vendors partners and inventory. David Allen: company and customer data is also an important consideration. David Allen: you’ll need to detail potential threats that may impact business. David Allen: you also need processes in place for reviewing tracking and testing your plan. David Allen: make a note of internal stakeholders and their roles in resiliency planning so typically include a business resiliency coordinator and also a committee that they would work with to meet their responsibilities. David Allen: this includes assembling all pertinent data communication with the appropriate parties reporting on incident statuses and being the main point of contact for the senior management team. David Allen: difficult roles would include the senior management team would advise indirect operations. David Allen: they also act as an intermediary between the other defined roles in the board. David Allen: engineering and operations team are involved in protective and recovery activities involving service. David Allen: cloud applications in hosting. David Allen: corporate Council will handle any legal matters related to business resiliency such as communications contracts working with law enforcement. David Allen: marketing and public relations teams coordinates all communications of the customers partners in the media including requests for interviews with internal subject matter experts. David Allen: they should also maintain draft communication plans and statements which can be customized and distributed quickly in case of disruption or delay. David Allen: customer support team provides bulletins and technical guidance to customers in the case of service impacts include security concerns product functionality and operational changes. David Allen: ensure that your plan details the financial summary for your organization. David Allen: this is a factor in the ability to overcome setbacks. David Allen: good information about ownership investors and financial backing business growth and liquidity in financial statements if applicable. David Allen: your plan should identify and prioritize potential threats in their impact scenarios. David Allen: each potential threat may require unique recovery steps. David Allen: also consider the cascading effect of multiple overlapping threats and how that will evolve recovery actions. David Allen: review your organization’s functions and activities for potential impacts during your crisis. David Allen: this could include a production outage reduction in the available workforce the loss of an executive team member or facilities and office space. David Allen: well the failure of third-party vendors and suppliers. David Allen: then for each of these right the impact of disruption or loss and describe risks and how they could be mitigated. David Allen: here’s an example. David Allen: we’ve identified a critical supplier is pay diem. David Allen: pay via Moffett services for payroll and personal time off tracking. David Allen: working with our resiliency committee we’ve decided the impact to our business could be medium risk being we’d be unable to execute payroll or track an employee’s personal time off. David Allen: as an industry leader we believe the possibility of a catastrophic event with pay diem is remote. David Allen: however were they to experience such an event our organization could process payroll manually until a new vendor is selected which there are many readily available variety in hosted application services. David Allen: perform a business impact analysis to determine the criticality the. David Allen: functions and activities assigned values to these functions for their recovery after an impactful event. David Allen: the recovery point objective for our PA is a maximum targeted period in which data may be lost due to a major incident. David Allen: the recovery time objective our RTO is the acceptable amount of time to restore the business function after a disaster. David Allen: there many standards available to support business continuty planning and management. David Allen: on the assessment side the prevalent compliance framework will PCF a shared assessment sync and other assessments all contain a business continuty section. David Allen: these quickly determine whether an organization has built a continuty plan with suitable minimum business requirements contingency recovery planning and testing. David Allen: many impacts to the organization based on loss of stuff and wider supply chain impact. David Allen: your appellant we’re committed to working closely with our customers partners and the broad of risk management community to reduce risks during these uncertain times. David Allen: we’re here to help. David Allen: check out our website and blog at WWF Lent for more information including a free pandemic business resilience assessment questionnaire templates and other tools. David Allen: thanks for your time today.