September is Education Month for the Business Continuity Institute (BCI). Details on the many activities and events for this month can be found here
During September we seek to raise awareness of business community. ISSA Barbados has a number of members certified in business continuity from the BCI or the Disaster Recovery Institute International (DRII). These individuals have both knowledge and experience in business continuity and disaster recovery. As such, we are in a good position to push the benefits of both business continuity and disaster recovery.
What is Business Continuity?
Business continuity is a discipline which deals with implementing a formal plan designed to allow an organisation to survive in spite of disasters, regardless of if the disaster is physical (fire, flood, hurricane, earthquake), technical (IT or communications failure), civil (war, terrorism, strike), logistical (e.g suppliers gone, shipping shutdown) or something else. It deals with identifying risks to an organisation and developing wide-ranging strategies to manage these risks in such a manner that the business can survive if negative risks are realised. Disaster Recovery, which deals with allowing the IT and communications environment to recover after a disaster, is a key component of business continuity. While some people use the terms business continuity and disaster recovery interchangeably, disaster recovery deals with getting the technical systems back on line, while business continuity deals with getting the organisation as a whole back up. This will include the technical systems. Disaster Recovery is therefore primarily a technical exercise, while business continuity is a business exercise, and is ideally led by leaders who understand the operational and technical requirements of the business.
Why Do We Need Business Continuity?
Disasters will happen. While in Barbados we tend to focus on hurricanes, disasters such as fire, flood, power outages, Denial of Service (DOS) attacks and related cyber attacks are actually more likely, and often just as detrimental. We cannot prevent all disasters, no matter how much we spend. We therefore need detailed strategies which would allow us to survive after a disaster. By survive I mean being able to function in spite of the goodwill, revenue, property, intellectual assets, and reputational losses. Business continuity plans allow us to prepare before a disaster strikes, and this includes preparing media statement templates, restructuring the organisations, creating operational procedures, developing network diagrams, deploying specialised hardware and software, training staff, collecting key documentation, creating response plans, negotiating agreements with service providers, fortifying physical structures, and testing individual disaster recovery plans.
Research has shown that organisations which do not have business continuity plans are likely to go out of business after a major disaster. Organisational leaders who have the best interest of their organisations at heart therefore need to seriously look at implementing a business continuity plan. Regardless to if it is a small family business, a charity, or a large conglomerate, you need to put a business continuity plan in place to provide for the longevity of the organisation.
What Is The Responsibility Of Business Continuity Professionals?
As experts in the field, we all need to do our part to promote the practice of business continuity in Barbados. We need to not only promote it within the organisations where we work or the organisations which we consult to, but we also need to spread the word to the general public when given the opportunity. Business Continuity is not something which we learn about in school, or which we inherently know. Those skilled and educated in the discipline therefore need to use their knowledge to educate not only the various organisations across the country, but also the general public. It is also useful to educate those IT and Information Security professionals who are not versed in business continuity.
As cyber-attacks, war, and natural disasters proliferate in this world, business continuity will become more and more important. While things like Ebola, war, civil unrest, or hurricanes may not have hit us recently, the nature of business continuity means that you must start putting your plan in place a year or more before the disaster strikes. Organisations therefore cannot wait to see if and when they are hit by something big – they have to start putting the plan in place now. Business continuity professionals need to increase visibility and promote the discipline more in the country. Fortunately, the BCI and the DRII both provide resources to their members and interested parties to help with this endeavour. These two organisations can be reached at the following links:-
http://thebci.org/ – The Business Continuity Institute
https://drii.org/ – The Disaster Recovery Institute
I encourage all business continuity professionals to use security awareness articles and resources (from the BCI, DRII and other security associations) to help promote this necessary discipline, as well as to educate and interest your information security colleagues in it.
David Gittens, MSc, AMBCI, CISSP, CISA, CISM, HISP
David Gittens is an information security professional who over the past several years has worked in various areas of his field, including disaster recovery and business continuity. He is currently employed as a security consultant with a global bank. He is also the past president of the ISSA Barbados chapter.