Business success is often couched in terms of growing and maintaining the customer base and launching innovative products. 最近, these business growth strategies have been complemented by a focus on business resiliency. 具体地说, how does the business continue to attract new customers, retain existing customers and launch new products and services when faced with disruption? Put this way, business resiliency starts to sound a lot like business continuity/disaster recovery.
IT auditors are no strangers to business continuity. During the risk assessment phase of the audit planning process, auditors collaborate with the business to identify challenges to meeting organizational objectives. 具体地说, 在业务连续性讨论期间, details around recovery times of applications/systems; awareness and education through tabletop exercises or drills; and business impact analyses (BIA) are refined. A useful but also challenging tool in business continuity planning is consideration of different scenarios. 澳门赌场官方下载必须决定, of all the possible scenarios that it could face, which scenarios should be included in the business continuity plan and how should the selected scenarios be prioritized? As long as enterprises have used scenarios, a struggle has existed between the reality of available resources and a desire to be prepared for anything through inclusion of all possible scenarios in the business continuity plan – which is just not feasible.
Not making the struggle any easier is the ongoing global pandemic. Some enterprises had included pandemics in their business continuity plans while other organizations had not. For those enterprises that had not considered pandemics, COVID-19 reinforced the known challenge of not having resources to plan for everything yet wanting to be prepared for everything. As enterprises attempt to reconcile the reality of available resources and the desire not to be caught off guard by an unplanned event, 以下是一些注意事项:
- Take a high-level look at scenarios and identify commonalities rather than assuming a granular approach. 例如, if similarities were identified for pandemics and natural disasters, a common assessment of disruption in service from suppliers and third-party vendors (供应链)可以执行. 类似的, common identification of any potential single points of failure related to geography could be made.
- 利用云的优势. Cloud has been adopted by most enterprises in some form (e.g.(SaaS、PaaS或IaaS). Examples of frequently cited reasons for cloud adoption are increased application/data accessibility or potential cost savings under payment structures where payment is only made for resources used. 除了这些好处, there is opportunity to view those cloud computing perks as part of business continuity scenarios.
- 教育. Keep people informed and maintain a notification system to reach those who need to act and those who need to be aware. Having the mechanisms to bring people together when an impact occurs allows you to rely on the experts, even if a specific scenario was not imagined ahead of time.
During the recovery phase of an event (if the hecticness of that time allows), the enterprise has an opportunity to use the existing business continuity plan for future planning. Assessing the successes and the areas for improvement identified during an event can be very valuable. Coupled with a balanced approach to scenarios, this use of real-time knowledge of a current event can contribute greatly to business resiliency.
编者按: For additional resources on this topic, download ISACA’s new IT Business Continuity/Disaster Recovery Audit Program.
