Business continuity, organisational resilience, disaster recovery: The key focus in the pandemic


Business continuity, organisational resilience, disaster recovery: The key focus in the pandemic

Sandeep Sengupta
Director - ISOAH Data Securities


Key priorities for 2021
Information Security has become a business risk, rather than an IT risk. CIOs are now part of the board, influencing decisions. The new normal brings unknown risks. Digital hygiene is now getting embedded into company culture.


Adopting Work-From Anywhere
Business continuity, organisational resilience, disaster recovery have been the key focus in the pandemic. These were mostly neglected in pre-COVID scenarios. With unavailability of infrastructure and people, disruption in supply chain and vendors; organisations are doing RTO & RPO for each and every process within the organisation. ISO 22301 (Business Continuity), BS 65000:2014 (Guidance on organizational resilience) are the standards in demand, superseding ISO27001 (Data Security) or ISO 27701 (Data privacy). To achieve business continuity, we have observed a massive adoption of cloud technologies, usage of VPN with MFA. Adoption of BYOD has also increased. HR has played an active role in the psychological wellbeing of the workforce. 


Redesigning IT & Security strategy
First, the companies that invested in perimeter security assuming everything will remain secured within the office, had a problem to solve while everyone was working from outside the office. They had to redefine their budgets to accommodate end-point security, BYOD security, VPN security, etc.

Data protection and privacy became another concern for the companies with European GDPR and many other countries adopting regulations similar to GDPR. With government and regulatory bodies tightening the noose against the companies with stiff penalties against data breaches; the chance of data breach skyrocketed with companies trying to adapt to a new normal and in understanding the new risks.


Few offbeat Recommendations for businesses:
1. Procurement of department needs to ask vendors to submit their DR drill reports, business continuity policy during vendor empanelment. 
   Merely an undertaking of business continuity is not enough any more. Either the vendor needs to be ISO22301 certified by trusted 
   certification bodies; or send questionnaires on basic BCMS to understand their BCMS maturity.
2. Use job rotation to create a robust succession plan. People’s unavailability is an acute problem.
3. Get ISO22301 best practices implemented in organisation and get certified by a trusted certification body. External assessments add a lot of value to dig out risks which otherwise would have remained undetected.
4. Focus on data protection and privacy well in advance. IDPR will come into force sooner or later. Being ready will give any organization a market advantage. Being unready and waiting till the last moment can bring a 15 crore penalty in case of a data breach.


Copyright @1999-2022 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : |