unsplash-image-hhq1Lxtuwd8.jpg

FAQs

Answers to some of the most asked commonly questions in Business Continuity Management can be Found Below. If you have a question that is not included, please email your question to: info@4r.consulting

Is Enterprise Resiliency the same as Operational Resiliency?

No, Enterprise Resiliency (ER) covers more areas/ functions than Operational Resiliency (OR). For instance it includes, Succession Planning, Board of Directors, Strategy and Mergers & Acquisitions to name a few. OR is about increasing the recovery, and therefore, resiliency of day-to-day operations that supports client facing functions and revenue generating functions.

Do we still need Emergency Response Plans, with staff working from home?

The face of Emergency Response has changed dramatically as a result of COVID-19. But it has not simply disappeared into the unknown. Emergencies will still happen. Earthquakes will hit unexpectedly and storms can still take out power lines. Emergency Response Plans should now be location based, NOT site based. When the next quake hits California, your office may be vacant, but your staff are still working and impacted!

COVID-19 has proven that everyone can work remotely. Why do we still need plans?

Working from Home is only 1 recovery option. A method of decreasing risk associated with a Denial of Access event, but it does not include Denial of Service, Third Party Risk or significant decrease in resources. In fact, what happens when your site is unavailable AND your employees have no power to work from home? Can you rely on the WiFi network at the local Starbucks to secure your staff’s connectivity and YOUR data?

What’s the point of conducting a Business Impact Analysis when we already know what’s critical?

A BIA does not only collect critical process data, but it also prioritizes recovery of those processes, should a crisis prevent the recovery of ALL processes. When Hurricane Sandy hit the US East Coast in 2012, public transportation was shut down and power was unavailable for days to millions of consumers. Many firms were not prepared. The ones that were, had conducted BIAs and were prepared to prioritize in order to recover and thrive.

Isn’t Business Continuity the same as Disaster Recovery?

Business Continuity evolved from Disaster Recovery; but they are two distinct areas. Disaster Recovery is focused on the recovery of systems, infrastructure and networks. Business Continuity focuses on Business Processes; which includes staff, internal dependencies, vendors and recovery prioritization. Business Continuity INCLUDES Disaster Recovery, it does NOT equate it!

Should Privacy requirements & regulations be considered when developing plans?

Historically, Privacy laws & regulations have been addressed through Information Security and business procedures. However, with the global increase in Privacy regulations, a data breach could mean significant fines and/or reputational impact to a firm. As such, Data Privacy incidents MUST be considered in a Business Continuity Plan along with risk mitigation strategies to combat a Privacy Violation.