Could Mother Nature disrupt your business? This is an old tale for many companies who make their homes in states that regularly experience extreme weather ? but what about the rest of us?
The past year brought some of the most severe weather on record including Hurricane Irene, which tracked over the Northeast this past August, leaving behind some of the worst flooding and storm damage the region had experienced in over 70 years.
Then, in October the Northeast was hit again with an unseasonable blizzard that left 32 inches of snow and 1.6 million without power. The South and Midwest have been plagued with droughts and tornados, and even warm weather climates like Hawaii reported snowfall last year.
As extreme weather becomes more widespread, we need to prepare our businesses, just as we would our homes, for the unexpected. Having a disaster preparedness plan, including backup and recovery for critical systems, will help your organization mitigate risk and maintain corporate compliance, even in the event of a natural disaster.
Is Your Business Prepared?
Could your business recover in the event of an extreme weather occurrence or natural disaster? Plenty of companies think they are doing the right things in terms of governance, risk management and compliance (GRC). They are conducting regular business continuity business impact analyses (BIAs) and putting disaster recovery plans in place for their key applications, but often these activities are standalone processes with outputs held by business owners in emails, filing cabinets or limited file shares.
IT security or risk management teams likely have little visibility into this documentation, and as a result, have no easy way to identify emerging risks that might affect business continuity or disaster recovery planning. More serious still, senior business executives often lack insight into the recovery process and the impact on the business if critical processes go down.
Requirements for GRC Preparedness
A GRC approach to disaster preparedness calls for greater control and visibility. It?s important that organizations disaster planning as a business function ? not just an IT function.
In GRC terms, an important part of disaster recovery planning is to be able to differentiate between your organization?s critical and non-critical functions and activities. You should be able to measure the value of your business processes and IT assets in order to risk-rate them according to the potential impact of an outage. How will this effect revenues, brand image, stakeholder confidence and customer loyalty? By doing this risk-rating, you can focus your disaster recovery plans on critical or high-value systems and processes and tie them to the company?s bigger risk concerns.
Another cornerstone of GRC is centralization of all of your analyses, plans and related documentation in a single repository. Centralization is not just about improving access and control, but also about making it easier to standardize by bringing everything together in one place so you can more easily view and respond to any overlaps, inconsistencies and gaps. Furthermore, it helps improve reporting by providing a holistic view of your business resilience program at any point in time.
As we?ve learned with all the events of this past year, Mother Nature can be fickle. Even with plenty of warning of what?s coming, you can?t always be sure your assets will be protected. Your best option is to have a solid plan that keeps your most critical operations running and that you have a team of people trained to implement it.
Committing to Change: Don?t Be Afraid of What You Find
Once you have identified what your company needs and you have committed to making the required changes to your current business resiliency, disaster recovery and crisis management program, some of the things you discover, may surprise you.
Some examples of typical problems:
- Disaster recovery plans are missing, incomplete, or not fully adequate
- There is a significant gap between the risk and business strategies
- Vague plans for on-call / emergency coverage
- Lack of staff training / expertise for disaster recovery plans
Ultimately, most of these issues can be resolved with proper planning and clear communications across business functions. IT, finance, legal and the business departments all need to be on the same page when it comes to disaster planning. What is important to the marketing department, for example, may not be viewed as a high-value business process by IT and as a result may not be tiered appropriately ? leaving the marketing department out of luck in the event of an outage.
Without clear, deliberate and well thought out plans, the risk to both businesses and employees increases and the recovery process takes more time than it should ? eating away at revenue and reputation.
How Can You Make Sure Your Company Is Ready?
Once you have identified how to improve your BC/DR and crisis management plan, you are well on track to ensuring the readiness of your company.
As I touched on earlier ? communication and collaboration is of the utmost importance. You need to ensure a common understanding across departments of the processes, assets and functions that are the important to the business and, therefore, to its customers. This understanding is what will underpin the risk-rating and BIAs that will drive your preparedness planning.
Next is tying together people, processes and technology to avoid conflicts, gaps and wasteful overlaps. Specialist software tools can support this effort by streamlining workflows and making it easy for non-technical users to carry out activities like running real-time reports. These tools also typically provide the central repository you need for all your documented output.
Finally, training and testing are absolutely vital to a solid disaster preparedness plan. What good is a robust plan, if no one knows what to with it?
True preparedness depends on knowing exactly what to do, when to do it and how to do it. There is no second chance when a disaster strikes, only lessons learned.
**********
Alex Bender is director of security management and compliance marketing programs for?RSA?and?EMC. Leveraging his 18 years of experience in enterprise software ? he?s held key positions at Archer Technologies, McAfee and UNICRU among others ? he?s responsible for SMC marketing campaign strategy, program execution and driving the direction of the eGRC product portfolio to deliver this collaborative capability alongside the technology platforms that assure compliance, even in today?s increasingly virtualized data centers.
Source: http://www.corporatecomplianceinsights.com/grc-preparedness-in-a-changing-climate/
tampa weather motorola razr buckyballs buckyballs gilad annie hall jon lester
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন