A Business Continuity Plan (BCP) defines how unplanned circumstances will be managed so organisations can continue running and, for ISO27001, maintaining the confidentiality, integrity and availability of Information Assets. Coronavirus could have an impact on many organisations. Staff may need to ‘self isolate’ and work from home for extended periods. In the worst case, key resources may not be available to perform business-critical tasks at the required time (‘single points of failure’). A BCP should cover what would happen in these circumstances and the steps required to activate and use the plan and then return to business as normal.
Things that should be considered in a BCP for the above include:
- Governance – who can activate the plan, what sources of information about stopping the spread of Coronavirus will be ‘trusted’ and who can decide when to return to business as usual
- Resourcing – identifying any single points of failure and putting alternatives in place
- Communications – keeping staff informed on what is being done, how they should be doing their work and how to escalate issues or concerns. Using remote working for extended periods will be a cultural issue for many organisations
- Communications – keeping clients and key suppliers/third parties informed of how business is being handled
- Communications – who will deal with any press enquiries, and informing staff to pass any suspected or actual press enquiries to the designated team/person
If an organisation needs to prove its commitment to good business continuity practices, they can get certified against the ISO22301 standard.
Get in in touch for advice on business continuity planning or the testing of plans.
t: +44 (0)7941 188462