By RICHARD LONG
Business continuity professionals have been justifiably absorbed in dealing with the COVID-19 pandemic, but the usual threats are still out there and it’s time to restart any regular BCM activities that were put on hold.
In today’s post, we’ll look at what business continuity management offices need to do to get back in the saddle in terms of carrying out their regular BCM activities.
IT’S NOT THE PANDEMIC OFFICE
Based on what our professional lives have been like over the past few months, anybody who works in BCM can be forgiven if they’ve begun to think that they work in the pandemic office rather than the business continuity management office.
I’m here to remind you that it really is called the business continuity office and that pandemic planning is only one aspect of what we do.
THE USUAL THREATS ARE STILL OUT THERE
All of the usual threats that organizations face are still out there. We might be in the midst of a pandemic, but a data center problem, data breach, natural disaster, vendor loss, or brand issue could still be just around the corner.
If you have your doubts about this, just ask the people whose businesses were damaged in the recent civil unrest.
However much we might hope those other problems will take a break until we get past the COVID pandemic, they won’t. Some risks might even be greater now, due for example to the increased vulnerability of confidential client data when people work at home.
LETTING OUR GUARD DOWN
Still, many organizations have been so absorbed in dealing with the pandemic they’ve let their guard down in other areas. I know of many organizations where regular BC activities have been put on hold. At others, initiatives that were underway to close gaps in readiness have been allowed to languish.
In addition, the measures put in place in response to the pandemic have created new realities that need to be looked at from a business continuity perspective.
RESUMING YOUR REGULAR BCM ACTIVITIES
That’s why, at this time, my advice to our clients and to readers of the blog is: it’s time to get back on track and resume your regular BCM activities. Resume your BCM schedule, pick up where you left off with your roadmap.
I would even suggest that you conduct a mini current state assessment, to look at where you stand in terms of readiness in light of any arrangements put in place at your organization since the pandemic started.
In doing this mini assessment—and in resuming your regular activities—I recommend you look in particular at the following four areas:
1. Plan maintenance.
You should review your recovery plans based on the current situation. Look especially at any changes that might be advisable based on people’s work locations and their use of technology, including collaboration tools such as Zoom. Collaboration tools have never been more important and our reliance on them creates a significant new vulnerability. Look both at the current situation and at the anticipated new normal as the tightest phase of the quarantine ends and your organization moves toward an intermediate, hybrid footing (between completely shut and business as usual).
2. IT/DR environment.
Make sure the IT/disaster recovery environment is up to date. Is it in sync with changes that might have occurred in production in response to the pandemic? Has your capacity changed now what you have more people working remotely? Does your DR environment have the same remote access capability and capacity that your remote environment does? What about your increased use of the cloud?
3. Mock exercises.
Recently I was scheduled to participate in a mock exercise with a client and they canceled the exercise at the last minute. Generally speaking, we should all be past the point of canceling exercises because of the pandemic. I recommend that organizations either stick to or resume their mock disaster schedules. I also suggest you conduct scenarios that are not related to the pandemic. Do exercises that encompasses the state you are currently in, but make the scenario about some other problem, whether it’s a security breach, an application recovery, or a brand issue. By the way, managing a crisis remotely is different from holding a routine meeting remotely, as you will find out as soon as you try it.
4. Workforce location.
Has your company sent a large number of people to work at home? If so, you need to look at how that affects the various aspects of your business continuity planning and readiness. This includes everything from recovery planning to IT/DR to crisis management. If your former alternate location is now your primary location, what is your new alternate work location? You can’t assume that because everyone is working remotely, you are no longer vulnerable to disruptions based on geography. What if there is a metro-wide internet outage?
GETTING BACK ON TRACK
In the past few months, the pandemic has understandably blotted out almost every other concern in terms of business continuity management. But it’s time that BCM offices get back on track with regard to carrying out their regular activities. In assessing where our programs stand now—and in resuming our regular BCM activities—it’s especially important to look at recovery plan maintenance, the IT/DR environment, mock exercises, and workforce location. All the usual threats remain, and we need to make sure that if any of them strike, our organizations will be capable of shrugging off the blow and quickly resuming productive operations.
For more information on resuming BCM activities, the coronavirus pandemic and other hot topics in business continuity and IT/disaster recovery, check out the following recent posts from MHA Consulting and BCMMETRICS:
- Double Trouble: How to Handle Multiple Business Disruptions
- Emerging from the Lockdown: 6 Things to Think About for the Next Phase
- Working Remotely over the Long Haul: Living with COVID-19 as a Business
- Ready or Not, Here It Comes: 5 Steps to Protecting Your Company Against Coronavirus
- Telephone Train Wreck: Crisis Call Chaos in the Time of COVID-19
- When the Quarantine Ends: How to Be Ready to Reopen Your Company
Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.