COVID-19 business continuity plan (BCP)

How to Upgrade Your Business Continuity Plan (BCP) in a COVID-19 World

Reading Time: 6 minutes

The majority of the large organizations have business continuity plans, or their equivalent prepared to tackle human-made disasters and natural disasters such as power outage, terrorism, IT infrastructure failure, floods, cyber-attacks, earthquakes, hurricanes, and so on. Nevertheless, most organizations are not prepared to handle the threat that COVID-19 presents.

The COVID-19 pandemic poses new and unique sets of challenges for most organizations. Not only does the coronavirus spread from one person to the other, and has no geographical focus, its destructive influence is vigorously changing without concern for boundaries. For global companies to remain competitive, build enterprise resilience, and preserve their business continuity, organizations have had to be analytical and proactive in their policy-making to preserve their business community, consumers, employees, and teams.

EC-Council’s disaster recovery professionals (EDRP) certification can help with administrative continuity planning efforts. It offers DRP training that provides IT professionals or cybersecurity experts with the needed knowledge for formulating organizational communications and executing remote work programs, evaluating the organization’s remote workplace preparedness, and designing enhanced remote work programs.

What is a business continuity plan (BCP) in cybersecurity?

Cybersecurity remains a major concern for organizations. Imagine getting to the office and realizing that most of your critical systems and networks are not properly working because of a cyber-attack. The important question is, “are you ready for an emergency or a disaster?” And more importantly, “can your cybersecurity solutions adjust and function effectively in an altered business environment?”

BCP or business continuity plan covers the entire critical business operation that can be affected during an emergency or disaster. In cybersecurity, business continuity plans lessen the risk associated with technological loss or the loss from IT infrastructural downtime. Your business continuity plan is a proactive tool that can be adapted for the complete restoration of all your business operations following an attack. A well-crafted BCP includes IT disaster recovery strategies and incidence response solutions.

When your computer or network has been compromised, it leads to a temporary or perpetual financial loss, reputational damage, loss of software and sensitive data or information, and so on. An organization’s cybersecurity mitigation procedures, together with its IT disaster recovery and business continuity plans, protect essential integrated equipment, averts hacking and other related cyberattacks, and guarantees business continuity.

Business Continuity in the new WFH Culture 

Who is responsible for a business continuity plan (BCP)?

A business continuity coordinator (BCC) or a disaster recovery professional (DRP) is saddled with the responsibility of designing, updating, and testing your IT disaster recovery and business continuity plans. An EDRP works intimately with critical business units to comprehend their operations, detect risks, assess incidence response preparedness, and mitigate the loss from potential cyberattacks. BCPs are typically developed with the input of departmental heads and key stakeholders.

The target of an EDRP is to ensure the continuity of business operations during and following disaster recovery efforts. To craft an adequate and useable BC/DR plan, a DRP must undergo disaster recovery and business continuity training. They must also have enough knowledge about:

  • IT infrastructure
  • Supplies and suppliers
  • Equipment
  • Documents and documentation such as Business documents and Procedure documentation
  • Locations and whereabouts of organizations and backup sites or work area recovery (WAR).

Are you interested in becoming an EDRP? Check out our business continuity management certifications.

What is included in a business continuity plan (BCP)?

Well-crafted business continuity plans sketch out a variety of disaster situations and the possible approaches the business can apply to specific emergency or disaster incidents to restore the organization to its normal trade environment. DRPs craft the business continuity plans before the incident, including precautionary measures to be implemented.

Creating a detailed disaster recovery and business continuity plan is a process prepared to tackle a set of anticipated eventualities to identify and mitigate possible damage to your companies throughout the hostile situation. The BCP consists of business impact analysis (BIA), threat intelligence analysis (TIA), and impact scenarios.

1. Business impact analysis

A detailed BIA distinguishes between critical and non-critical business operations. The criticality of a business operation is dependent on government regulations and compliance requirements. The components of a BIA include electronic or physical documents, IT systems, human resources, and physical assets, such as workstations, laptops, mobile phones, and so on.

2. Threat intelligence analysis

Threat intelligence analysis or risk assessment is an evaluation of potential risks or threats. Common cybersecurity risks and threats assessed include cyberattack, IT outage, data breach, DNS, computer virus, computer worms, DDoS and DoS, phishing, SQL injection attack. Common natural threats include hurricane, flood, epidemic/pandemic, fire outbreak, floods, and other major storms.

3. Impact scenarios

Impact scenario describes a management tool intended to permit organizations to assess the usefulness and adequacy of their business plans, strategies, and approaches, under a variety of imaginable real-life events or imminent environments. Your impact scenario planning is a significant add-on to the company’s risk management solutions since it tackles the possible impacts of substitute situation on the business’s risk profile.

In short, it is the ideal solution in the face of the increasing trend in cyberattacks and the COVID-19 pandemic. Impact scenarios should cover the broadest conceivable impacts.

To learn more about impact scenario testing, sign up for our EDRP certification course.

What are the steps in the business continuity planning process?

Due to the COVID-19 pandemic, organizations across the globe are making efforts to confront the effect it has had on critical and non-critical business functions. Even though the risks are extensive, there are certain aspects that businesses can develop resilience to and reshape their business policies to restore their entire business operation both during and after the crisis.

Step One: Re-imagine business continuity plans

While it is unmanageable to plan for every potential destructive incident or disaster, it is probable for disaster recovery teams and other incident response teams to be communicated with and reinforced to craft out new procedures. Initially, when the crisis began in Wuhan, supply chain disruptions were only felt by organizations that had dealings with China. However, due to the current extensiveness of the COVID-19 pandemic, almost every business is experiencing operational challenges and shifts in consumer behavior.

Since the coronavirus is yet to show signs of abating, the implication of this is that organizations must continue to work while acclimatizing to the newest IT disaster recovery plan, decision-making processes, and different systems of collaborating. Companies should adopt the following strategies to tackle these challenges:

  • Review the organization’s risks and exposures and respond adequately.
  • Assess temporary liquidity to be able to envisage cash flow demands and respond as quickly as possible.
  • Consider other substitute supply chain options to minimize the impact of the pandemic on your business operation.
  • Conduct possible impact scenarios for your financial plans to know the likely influence of the pandemic on your financial performance and evaluate its probable duration.

Step Two: Concentrate on your human resources and technical needs

Organizations need to ensure seamless transitions during this pandemic era. The safety of members of your human resource is critical, including both your permanent and temporary employees, contractors, suppliers, consumers, and so on. Organizational staffs have high expectations from their employers and management team. They need some sort of guidance on what to do.

You can exploit different digital collaboration solutions for continuous communication across different business units and teams. Companies are required to meet their employees’ demands and resolve consumer’s uncertainties. This can be achieved via tremendous transparency in critical business functions and service delivery strategy. This will ensure an effective shift from unpredictability to reliable relationships.

Step Three: Communicate all new directions with key stakeholders

Communication is key for crafting successful business continuity plans. When formulating a plan that will reshape and sustain continuous support from consumers, partners, employees, suppliers, creditors, and other human resource teams, you need a strong, timely, and transparent communication pattern.

  • Keep your customers up-to-speed of any impacts the pandemic or other disasters may have on your products and service delivery.
  • Communicate regularly with your suppliers to find out the availability of the materials you need and whether they can deliver them during the COVID-19 pandemic.
  • When communicating with your employees, your communication tools must strike a balance between being thoughtful and having a business continuity perspective.
  • You may also want to communicate with your legal teams to understand governance risks and compliance to avoid when communicating with key stakeholders. The aim is to avoid incurring legal charges.

Step Four: Develop resilience while preparing for potential alterations

After you have observed steps one to three, it is time to build your business resilience. Business resilience suggests the ability of an organization to endure the alterations made to its environment while continuing to conduct regular business activities/functions. An organizational resilience could either mean that you’ve developed a capacity to withstand environmental alterations without permanently having to acclimatize or being compelled to acclimatize a new working system that is more fitting to the new environment.

Your BCP would have to be revised based on the new modifications stated above while observing the ongoing fluctuating scenario. IT disaster recovery teams and DRP teams should give timely reports from their findings to ensure that organizations would affect the modifications. You should document your findings, lessons learned, and contingency plans to create resilience for impending scenarios.

About EDRP Course: EC-Council Disaster Recovery Professional (EDRP)

EDRP courses offer IT professionals, cybersecurity professionals, BC/DR consultants, CISOs and IT Directors, and other cybersecurity enthusiasts, with a robust understanding of business continuity and disaster recovery ideologies such a, developing policies and procedures, formulating risk assessments, conducting business impact analysis, and executing an effective plan. EDRP has four training options designed or your convenience including iLearn (Self-Study), iWeek (Live Online), Master Class, and Training Partner (In Person) training. EDRP courses are updated with a restructured curriculum that attempts the BC/DR domain with the newest trends and technologies, best practices, and encompasses modern industry gaps. To begin your certification journey with EC-Council, click here.

Similar Reads: 

8 Things to add to your Cyber Disaster Recovery Plan Checklist
AI and Machine Learning In Disaster Recovery 
3 Tips for building a strong disaster recovery plan
8 Steps to a successful disaster recovery plan
Is your cyber disaster recovery plan equipped to handle the latest cyber threats?

Watch Now:

How a DoS attack can affect business continuity
Make sure your Disaster Recovery Plan works when you need it 

get certified from ec-council
Write for Us