Business Resiliency and Disaster Recovery (DR) are critical for any organization, but these activities are particularly vital for financial services firms. Sensitive data and compliance requirements create additional pressures to safeguard systems and ensure data recoverability. Furthermore, the reputational damage caused by data loss or an extended outage can be catastrophic. In today’s uncertain atmosphere, it’s important to note that a disaster can come in many forms — such as a company that is suddenly under quarantine that doesn’t have the infrastructure in place to support remote operations. Taking the following steps can help assure operational continuity and data protection. If your firm does not currently have an experienced internal IT team, a trusted partner should be engaged to provide guidance.
1. Establish a Business Continuity Plan (BCP):
- Meet and collaborate with leadership from all teams to identify and document critical data, systems, and applications.
- Perform a risk assessment of this list. Identify any potential internal and external threats, the likelihood of each, and the severity of impact.
- Classify data and applications according to criticality.
- Consult with business line managers to define recovery objectives for each classification.
- Identify and document any compliance requirements for data backups and disaster recovery (DR).
- Include considerations for potential scenarios including but not limited to office closures and quarantines.
- Determine the appropriate tools and processes to meet the identified requirements.
- Select at least one Point of Contact (PoC) and secondary contacts to execute and oversee the BCP in a disaster scenario.
- Include names and contact details for all BCP team members.
- Document and communicate the plan. Ensure that all stakeholders and dependent personnel are informed of the BCP and have access to it.
2. Test Your Business Continuity Plan
- Review the results from the last test. Confirm gaps have been remedied.
- Perform a walkthrough with your BCP team, IT provider, and cyber/risk consultants to ensure everyone is clear on their role and the plan as a whole.
- Execute the plan and document any newly discovered gaps, challenges, and improvements.
- Make relevant adjustments, if needed.
3. Validate Vendor Readiness
- Verify the ability of critical service providers to support your business during a disruption.
- If a service provider is not prepared, consider an alternative vendor or work with them to see how you can assist.
- Develop alternative processes (e.g., manual or in-house) to ensure the continuation of critical business operations.
4. Ensure Remote Access Capabilities for Essential Personnel
- Provision laptop computers for personnel who are essential to business operations.
- Require employees to carry laptop computers home each day.
- Confirm remote access solutions like VPN or VDI are operational and that personnel are trained in usage.
- Test employees’ ability to work remotely (e.g., rotate staff to work remotely on selected days during the week to identify issues proactively in anticipation of a facility closure or quarantine order).
5. Conduct Training
- Conduct a webcast or to review the BCP with your entire organization.
- Ensure BCP team members understand roles and responsibilities during a business disruption.
- Conduct tabletop exercises in preparation for office closures, quarantines, and health emergencies as well as public transportation and critical service provider disruptions.
- Ensure employees understand how to work remotely and who to contact regarding access issues.
By following the above steps your firm will be prepared for business disruption and will be positioned to minimize the impact. If you or your firm needs any assistance with developing a business continuity plan, IT strategy, cybersecurity solutions or compliance reporting, Coretelligent is here to help. Contact our team of experts at 855-841-5888 or via email to firstname.lastname@example.org to schedule your complimentary initial consultation