Information Technology Risk Management

Business Continuity: How Exactly Did We Get Here?

The Difference Between Regulation and Reality

Sadly speaking, I knew what was coming next. Here were the findings from the audit they recently went through.

The organization has not conducted any meaningful Business Impact Analysis (BIA) before developing the Business Continuity Plan for the organization.
The focus of the plan is primarily on system recovery. The overall business continuity, including facilities restoration, people re-location and process re-alignment is not addressed in the plan.
The testing of the plan was limited to table-top exercises.
Pandemic planning has not been addressed in this plan.
The board of this institution has not been briefed on the state of their Business Continuity Planning in the last two years.
Is it the lack of understanding of the BCP process on these institutions' part or is it simply a matter of lack of resources and overall complacency? 

I am not convinced, but it sounded like that this friend of mine didn't have any doubts about the marching orders she will be following for months to come. I will share with you what I told her in the next issue of this blog. What got me thinking and I am eager to hear from the community - 'So, how did we get here?' Based on my experience in the industry, they are not alone in the industry going through this. Many institutions I regularly speak with have had one or more issues (and sometimes other issues) listed above. Is it the lack of understanding of the BCP process on these institutions' part or is it simply a matter of lack of resources and overall complacency on the management's part?

Stay tuned to learn more about what I told my friend.



About the Author




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.