Cyber Resilience: Take action before disruption

Business Continuity Plan (BCP)

The BCP is designed to help your business respond to, manage, and recover from disruptions. The BCP will define the key assets, roles, responsibilities, and processes required by the business to ensure ongoing operations. The BCP may also define which specific plan(s) to invoke depending on the type of disruption (e.g. DRP or IRP). This plan should be used proactively, ensuring that continuity considerations and activities are embedded throughout the organisation in regular processes. As such, it should be periodically reviewed and updated as the organisation and its continuity requirements evolve over time.

Disaster Recovery Plan (DRP)

The DRP is a formal document that describes the steps required to guarantee your business operations continue in the event of a major disruption. The plan should define the key individuals and teams required, their roles and responsibilities, and the process to follow to recover critical operations as quickly and safely as possible.

The DRP should also specify recovery objectives for all critical assets and functions (these may be specified in the BCP or within DRP itself) that will minimise the loss or impact to the organisation, including:

Recovery Time Objective (RTO) – how long the business can operate without this key asset. For example, a retailer may be able to sustain operations without logistics for a day or two, but only a very brief (i.e. hours) downtime of their point-of-sale systems or online store.

Recovery Point Objective (RPO) – how much (of the information or product of this asset) can the organisation tolerate losing. For example, a stock trading business may be able to afford the loss of days or even weeks of public website analytics information, but even a few moments of lost transactional data could have a disastrous impact to their organisation.

While this plan will be used reactively (i.e. triggered by a disaster event), to ensure it is effective in a real disaster scenario, organisations should periodically test their DRP to ensure staff are practiced and prepared, and that the DRP is updated to close any identified gaps.

Incident Response Plan (IRP)

An IRP formally defines how the organisation will identify, manage, and respond to an incident. It should have clear guidance on when this plan should be enacted, which teams or individuals are required, their responsibilities, and key steps to follow.

An effective IRP will cover the entire incident life cycle, from detection, triage and classification through to post-incident activities and reporting. For an organisation to be truly prepared, the plan must also be tested periodically, this ensures that your people have walked the steps and will be better practiced should a real incident occur. Testing and periodic reviews also help uncover areas that can be improved and potential gaps in documentation.

With the changes going on in the world, along with how we work with others, it’s more important now than ever before to consider where the critical elements of your business are, and how to manage disruptions to them. Through effective planning, and practice, you won’t get caught on the back foot for the next major disruption and your team will be ready to recover and maintain operations efficiently, thereby minimising impacts, interruptions, costs and damages of any future disaster or crisis that may occur.

Don’t wait for the next pandemic or cyber-attack, take action now! Be prepared and practiced and when the next major incident hits, you’ll discover how resilient you can be in the face of adversity.