Business continuity and risk management during pandemic crises
Pandemic situations are among the events, which can seriously compromise business continuity and safety and security. In these cases, the biggest operation risk is availability of employees due to sickness and the change of labour-related rules and regulations by governments. Organizations needn’t just to prepare the sudden changes or unavailability of business processes, but also for the IT-related security of telecommuting and to reduce the extent of the sicknesses.
Some Business Continuity risks of a pandemic crisis:
- Due to the unavailability of key employees, the most important business and IT Security processes will be compromised, therefore redundancy is needed in terms of human resources.
- During home-office, IT Security-related education is needed, as telecommuting personnel are more prone to social engineering and phishing.
- During remote office work, the traditional controls are not enough, therefore they need to be custom tailored to the changed environment.
Black Cell’s Risk Management and Compliance department can help or clients with the following regarding this pandemic situation:
- Business impact and risk analysis with Black Cell’s unique Crown Jewels Analysis. With this we can identify the business-critical processes, procedures and personnel impacted by the pandemic crisis. By doing this, we can recommend an action plan to keep the integrity of the CIA triad via organizational, technical and administrative means.
- To protect the critical processes and IT systems, we can create a business-continuity framework, what contains the following: BCP (Business-continuity plan), DRP (Disaster Recovery Plan) and CCP (Crisis-Communication Plan)
- To keep telecommuting secure, updated IT security processes, data protection regulations and best practice principals are needed in a Home Office regulatory framework, to help employees at home office to ensure the confidentiality, integrity and availability of corporate data.
- Educating the employees regarding the information security and data protection regulations for home office, to augment security consciousness.
- Establishing a monitoring framework during home office, to ensure the efficient and transparent control over the employees work when they are at home, in compliance of the GDPR laws.
During a pandemic crisis, Black Cell’s Risk Management and Compliance department can help support the IT Security stakeholders (DPO, CIO/CISO, etc.) of an organization, regarding decisions about the IT Security and Data Protection aspects of planning, designing and managing work from home projects.