By Christopher Hartley, Director at Sikich‘s Cybersecurity practice
Historically, organizations have looked at an existing business continuity (BC) and disaster recovery (DR) plan through the lens of natural disasters and terrorism that would affect the physical location of an organization’s headquarters or data centers. Their main focus was on being able to relocate those services to another location to restore business capabilities within a pre-defined amount of time. With a pandemic, the focus is shifted to supporting employee health and safety while still providing goods and services to maintain the business. Pandemic planning should incorporate many of the steps that would go into traditional BC/DR planning, except you will want to address moving from a physical to a virtual work environment. The following guidance focuses on what you should consider in a pandemic plan.
Perform a Business Impact Analysis
Just as an organization would want to understand what systems are critical to the business, the cost-per-hour if a system was down due to an event and the time it would take to recover, a business impact analysis (BIA) is essential for understanding how a line of business would be impacted if the workforce was forced to work remotely due to quarantine orders from the state or federal level. A BIA will also help define which employees are essential to the line of business to prioritize for capacity planning for remote work. The organization can use the BIA to identify costs associated with failures to systems, processes, or the like, such as a loss of revenue, lost salaries, and so on. A BIA helps quantify the importance of business components and can suggest the appropriate level of funding for protective measures.