6 Critical Questions to Plan for Enterprise Business Resiliency

Best Practices

Traditionally, business continuity management was used to address how organizations should respond in the event of an attack or breach. Today, however, the BCM framework, or business resiliency, takes a more proactive approach in identifying an organization’s risk of exposure to internal and external threats.

You should consider several key questions when planning the next iteration of your enterprise business resiliency plan, such as:

1. What are my suppliers’ resiliency plans?

While your organization may have a strong enterprise business resiliency plan in place, your suppliers may not. If your supplier’s business experiences an interruption, it could put your organization at risk of a data breach or outage which could have a financial or reputational impact on your organization. After all, your Business Resiliency Plan is only as strong as its weakest link.

To start, organizations should identify and carefully monitor their tier-one third-party relationships to understand their business resiliency plan and mitigate any potential risks. Organizations can then work their way through tier-two and tier-three third-party relationships. 

2. What does my concentration risk look like?

Choosing not to diversify your suppliers, either by company or region, bears an additional risk. To mitigate against concentration risk, organizations should look at spreading their operations across a higher number of locations and providers to avoid single points of failure and increased exposure due to regional outages.

3. Do your staff have the tools, technology and training they need to work effectively?

Many organizations have permanently changed their operations to adapt to the “new normal”. In fact, 74% of companies intend to move at least 5% of their former on-site employees to work from home permanently and nearly a quarter of firms plan to keep at least 20% of their workers out of the office post-pandemic.

If the majority of employees are working remotely, organizations will experience heavier traffic on remote connectivity networks, potentially causing bandwidth and access issues and inhibiting employee productivity.

As pandemic-related phishing attempts have skyrocketed, organizations also need to ensure that employees are well-versed on how to spot phishing attempts and are reminded not to click suspicious links. As employees work from home on less secured networks and on personal devices, organizations need to consider that there are considerably more end-points to secure.

4. Do you have consistent access to critical information?

Employees who are working remotely need to be able to access their critical information. Does your organization encourage employees to store their information on a shared server? A quick transition to working remotely could affect employees who have all of their work saved locally to their desktop computer in the office.

Organizations also need to consider succession planning should a member of the team take leave or not return to work. Can the organization make decisions in that employee’s absence and can their information be accessed by those who need it?

5. Are you prepared for changing regulations?

With the pace of change globally in response to the pandemic, regulations are being revised to reflect the new normal that most organizations face. Organizations need to adopt policies, procedures and controls to address any new or magnified regulatory compliance risks.

6. What new knowledge can you apply to future outages or interruptions?

The global pandemic has propelled many organizations to accelerate their digital transformation plans throughout 2020. While organizations hurry to adapt to new processes, operations and regulations, they should take some time to reflect on lessons learned and apply the new knowledge they have from this shift to their future resiliency plans.  

By adding an enterprise-wide risk lens to your business resiliency or business continuity management plan along with a crisis management strategy, Iceberg is able to help you understand where issues lie across the entire organization and put a plan in place to remediate when the need arises. Iceberg helps enterprises plan and prepare for Enterprise Business Resiliency by providing the capabilities to understand both the internal and external emerging risks that may impact an enterprise and by putting a plan in place to remediate when things occur.

Start your GRC journey.
We’ll be your trusted partner.

Start your journey