In recent years, corporate governance has taken on increased significance in the U.S. as more and more legislation, regulations, and external standards require organizations to provide proof of control measures to external auditors and assessors.
Compliance with these laws, regulations, and standards is a key concern of business continuity planning/disaster recovery (BCP/DR) personnel. There is a silver lining to the requirements outlined in these mandatory regulatory frameworks: A safer and more responsible organization!
Think of your business as your home. Compliance and business continuity requirements are your list of household chores. We all feel the same about chores. Nobody likes doing them even though they must be done. Why? Perhaps we feel we could be better spending our time on other things. Maybe we are not very good at doing it. It is not enjoyable work. Ironically, these are some of the same arguments against implementing compliance processes within the company.
Yet compliance and business continuity management are not optional if we are to foster safer business practices that protect our businesses.
Surprisingly, business continuity management and planning is not always as complicated as it seems at first glance. The perception is that a lot of time and money must be spent implementing processes, technology, and personnel with expertise in compliance. Oftentimes, however, a bulk of the work is expanding existing corporate policies to ensure there is accountability and oversight.
Organizations not only must have disaster recovery plans, but full business continuity plans to ensure that key parts of the organization—not just the IT systems, but also the personnel, functions, and processes—can continue operating in the event of an emergency. By creating a comprehensive plan accounting for the following questions, you would be well ahead of the pack from a business continuity management standpoint:
- Who is responsible for which aspects of the business continuity procedures and plans?
- How disasters will be avoided and mitigated?
- Which risks have been identified?
- How will various scenarios (flood, fire natural disaster) be handled?
- How will employees be evacuated and to where?
- How will medical emergencies be handled?
- Where are you alternate site locations and how will they be used?
- What are your internal communications/notification procedures?
- How will the business continuity plan be tested, updated, reviewed, and approved?
This routine “housekeeping” is not expensive to do and should be the first steps taken to become a more compliant organization. All it takes is the time and willingness to put in the effort!
If you are still thinking “I hate chores!” thankfully you are in luck. Managed service providers like INAP have the technology and expertise in house to help businesses of all sizes incorporate compliant systems and processes for Business Continuity solutions like cloud backups and DR as a Service. A good MSP acts as an extension of your internal support teams, having 24/7 support and services backed by Service Level Agreements (SLAs). Some even go so far as to provide complementary documentation and emergency services. If you feel that compliance and business continuity is a “chore,” think about reaching out to INAP to schedule a consultation on how we can help you become more compliant with a rock solid business continuity strategy!
Updated: January 2019