Everyone needs a resilient operating model, and the pandemic has been the reality check showing how necessary it is to have a plan. Was your small business or corporation prepared for the shift to remote work in early 2020? If not, you probably realized that business continuity is more than having the right systems and applications in place. The most important factor is people. Although both large and small enterprises have accommodated and adapted, smaller organizations with fewer resources and time have faced equal or greater hurdles when it comes to this type of planning.
On a recent episode of the ISACA Podcast, Kevin Keh, IT Professional Practices Lead at ISACA, joined Cindy Baxter, Director of What’s the Risk, LLC, to discuss the importance of having a business continuity and resilience plan for your business.
Baxter shared that two of the biggest challenges for small and medium sized companies regarding business continuity are:
- Time: With fewer employees, there can often be a crunch of time. “Making sure that time is allocated to do proper planning for disaster recovery, and for business continuity in general, is critical,” Baxter said.
- Adequate personnel: “It can be tough to make sure that the critical disciplines are covered by employees, or even vendors, who can manage the risks of something going wrong and react quickly enough so things continue as they ought to without impacting clients, regulations or other key factors.”
Baxter also discusses consistently updating your crisis team and notification systems, the importance of allowing an auditor to fully understand your business, accepting critical feedback throughout the entire audit process vs. waiting for the final report, and more.
“Whether it’s a risk assessment, full audit or a test, I do believe the most successful ones are those that are a healthy conversation over the course of the [project] that’s being done so that when you get down to the formal finding, nobody is caught off guard,” said Baxter. “It truly is a discussion to fine tune, and ultimately, work that the business will accept. When the business accepts the findings, that means they’re willing to adopt.”
For more information on this topic, listen to the podcast and download ISACA’s IT Business Continuity/Disaster Recover Audit Program.