〈   Business Continuity
Factors behind the success of a BCP

Chapter 2.2

Involving all the teams

A. Management buy-in

Management’s adherence to the BCP is crucial. It is essential that all managers be involved in risk management. The issues require decisions that cannot simply be made by an IT manager on behalf of the whole company. These are business decisions in which each sector must be involved.

One of the prerequisites for this is clear messaging from experts. IT professionals must be able to appropriately communicate the relevant terminology, which is sometimes rather too technical for non-specialists, and must transpose not only what business continuity means into the company’s culture, but also the impact it has on each of the businesses. They may do this, for example, by carrying out, on a regular basis (perhaps once a year), an exercise drawing on one of the scenarios defined in the BCP.

If management is not visibly and credibly involved in this continuity plan, there is a substantial risk that employees will not play ball during the tests.

Another issue is budgets. If management is not fully convinced of the importance of the BCP, it may be reluctant to release the required funds.

B. Involving all the teams

Beyond the vital communication provided by management and managers, colleagues’ involvement essentially consists of exercises or drills. The tests should check whether the envisaged responses work properly, not only at procedural level but also in relation to employees. To bring about improvement and instil the necessary responses to these challenges, the drills must be repeated at least once a year.

It is well worth already familiarising teams with preventive tools. To implement adequate responses, there are large models and frameworks such as the NIST (the US National Institute of Standards and Technology) Cybersecurity Framework which include these resources. Therefore, these elements must be integrated without waiting for a crisis to happen and the teams must be trained in their use. After all, if nothing has been thought out and prepared beforehand, there is a considerable risk that when an event occurs, individuals not trained in the use of these tools will panic and reach for inappropriate solutions.

2023 © Trust Valley. All rights reserved.