The target is always moving when it comes to risk management planning.
The cycle of business continuity planning is one that is constantly evolving, requiring a commitment to the ongoing tasks that provide for the best risk management at the enterprise level.
As seen in the recent post, Achieving Resilience with an Integrated Risk Management Solution, there are foundational aspects of business continuity planning that change frequently.
As new threats emerge, other threats evolve, and new risks to the enterprise are identified. The urgency and threat of each risk can also change over time. This free-flowing evolution is why business continuity planning is a moving target.
The Business Continuity Planning Cycle
There are six fundamental phases to risk management planning. To review, they are:
- Planning for the objectives, scope, tools, and roles
- Identifying foreseeable risks, along with the causes and effects
- Assessing and analyzing each risk’s probability, prioritizing those risks, and the collective risk
- Developing responses for each risk and the collective risk, identifying costs, and assigning responses
- Monitoring the responses and communicating risk assessment
- Reviewing the risk identification and responses and adjusting
Consider, for example, a hypothetical continuity risk at a hypothetical organization. Imagine that a cyber-hijacking attack has hit a multinational organization by sending phishing messages to hundreds of employees. The attack is using a new strategy but is thwarted by discerning employees who believe the emails to be suspicious and alert IT. However, a few workstations are infected, though the attack is not able to access systems due to monitoring that alerts the number of access attempts and initiates safety protocols.
All in all, company leaders breathe a sigh of relief. However, the incident still reveals the need for review and assessment of response.
The company’s assessment finds that the risk was indeed foreseeable and real; cyber attacks are a common issue, but this approach is new, meaning new responses need to be identified to prevent it from occurring. Patches need to be deployed.
While some users were alert to the phishing attempt, a few got through and were clicked on by unsuspecting employees, enough so that other protections needed to be activated. That meant responses to the risk; in this case, better employee training was needed to make sure that awareness and actions were clear when faced in the future.
Monitoring and response seemed to work well, but would need to be fine-tuned to identify patterns quickly and prevent serious damage.
Business continuity management requires regular assessment and evaluation of risks and responses.
Responses Catching Up
The challenge of business continuity planning is that the technologies common in business today are evolving rapidly, along with the threats. New technologies are emerging in the way business systems are managed, for example, with a significant increase in cloud-based infrastructure, app development and hosting, and data storage.
New technologies, such as virtual reality, augmented printing, and artificial intelligence, are challenging organizations to adopt and adapt.
To remain effective, organizations need solutions that help to facilitate the risk management cycle and stay proactive in their business continuity planning. At Continuity Logic, we provide the software platform that enables companies to protect and enhance their brand. Contact us to learn more about how Continuity Logic can help your company remain prepared for known and emerging risks.