New approach to business continuity plans
In a severe operational crisis, it is critical to have an efficient plan. But why do companies’ response plans rarely work well? This is a question that Syndis’ staff asked themselves after attending tabletop testing and real incidents with many companies over the years.
After a thorough analysis of where the plans break down, Syndis developed a new approach to Business Continuity Framework that makes the plans easier to use. The result is a holistic and user-friendly plan that can be implemented or adapted to existing plans.
The following are the main challenges with Syndis’ plans and design assumptions.
One of the challenges with business continuity plans is that they are rarely used. So one of the most important characteristics is to make it user-friendly. Syndis therefore emphasized on making the plan simpler in navigating and in human understandable language.
Best practices and good advice built-in
The best advice you can get is to take advantage of the experience of others. Few are able gain experience in response management so many companies’ response plans are not based on actual experience. This vast experience, on the other hand, is a key ingredient in Syndis’ program.
Many plans that are otherwise strong in the field of technical response lack in communication with staff and the media, what issues should be decided in advance and what can be prepared.
Clear and simple structure
The right responses in the right order is often crucial in critical situations. Syndis’ plan is in human understandable language and aims to guide participants through the process in the simplest way possible with clear responsibilities, roles and steps.
Connects managers and information technology
The plan is holistic for the company. It covers all key personnel who may be involved and creates a channel for all stakeholders to work together. Top executives often view serious operational and safety incidents as technical problems and do not consider themselves to have the knowledge to apply them. The framework gives them tools and guidance on how to best use them.
Comprehensive but simple
A complete plan includes incident management, recovery plan, communication plan and specific instructions. The plan is comprehensive in that it meets all the main requirements, e.g. the GDPR, NIS Directive, sectoral requirements, e.g. EBA, PCI-DSS etc.
The plan is suitable for both large and small companies because it is easy to use parts of it if it is better suited to the company’s operating environment. It is available in English and Icelandic and can be adapted to the existing plans without much work.
Create a “positive” experience from an incident
What is a good plan? In Syndis’ opinion, a good plan is all that has been mentioned here. The goal should always be to get out of incidents as efficiently as possible with minimal consequences or harm. But good plans can even make a positive experience out of incidents so that companies are left with an improved reputation.
What to expect
- A usable, human centric plan to guide employees through incidents and crisis
- Emphasis on involving top management in IT incidents
- Simple yet comprehensive plan
- Best practices and tips based on years of experience
- Fulfills the requirements of most current regulations/standards, e.g., NIS Directive, GDPR, PCI-DSS, EBA, etc.