Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

11) Is your organisation's Business Continuity Plan based on a current risk assessment of your business?

January 30, 2023
Business Resilience
Business Continuity Security

Answer yes if your organisation has assessed the potential business-disruptive risks and used this assessment to inform your Business Continuity Plan. This process may involve conducting a Business Impact Analysis (BIA) for certain scenarios. Please provide the business continuity risk summary as evidence or reference a section of a previously provided document in the notes section.

A documented Business Continuity Plan (BCP) should provide all the information your business needs in order to manage an immediate incident, continue operations during the incident as far as practicable with the facilities available. This can be complimented by a Disaster Recovery Plan (DRP) designed to support restoration of critical business activities back to a normal state.

The BCP should define or refer to business disruption risk assessments. The scope of risks arising from disruptive threats can include delivery of commitments to clients and other stakeholders; the impact of critical supplier and service provider disruptions and disruptions to logistical facilities that underpin normal operations.

The risk assessment will inform options for risk reduction to minimise disruption, your response to whatever crisis situation is encountered, and options for contingency and recovery actions in your DRP.

How to implement the control

When developing or updating your BCP, you should consider a variety of business disruption scenarios and the impact they may have on your organisation’s operations. As part of this, you should identify dependencies within your business, particularly for your most critical operations. You should use this risk assessment to inform your BCP, tailoring your plan to ensure it will be effective in enabling you to continue your business operations during a crisis situation.

For larger organisations, or organisations that provide a critical service to their clients, a business continuity expert should be engaged to conduct a formal Business Impact Analysis (BIA) for critical systems, services and suppliers. As part of the assessment they will evaluate and recommend improvements to your BCP and DRP.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.