Coronavirus (COVID-19) & Business Continuity Planning (BCP)

As we all know the World Health Organization (WHO) has declared a global health emergency over a new coronavirus which causes an illness officially known as COVID-19 that has spread over 73 countries with 90,00 confirmed cases and killed more than 3,000 people worldwide.

For awareness – Interactive Coronavirus Map

Interactive Corona Viris Map

An interactive map can be viewed by clicking here or on the above image

Risk to Human Life :

This pandemic has a direct impact on human life on a global scale and all life sporting utilities.

We have seen similar pandemic SARS in February 2003 – SARS was first reported in Asia. The illness spread to more than two dozen countries in North America, South America, Europe, and Asia before the SARS global outbreak of 2003 was contained.

Since the outbreak of Coronavirus, I have helped few small business & charities with their BCP plan’s, and i been thinking to share my thought’s on how businesses across the globe can prepare or bring good practices like business resilience and business continuity planning (BCP) into practice.

Effect of global pandemic or threat to businesses :

Businesses all over the globe are directly impacted whenever this type of pandemic or any natural disaster hits. The threat arises and spreads quickly, cause public panic, but can also impact global markets and businesses everywhere.

What has become clear is that the fear of a new, unknown virus, which has been declared a global health emergency, could greatly impact business operations across the globe.

This situation has drawn the attention of many businesses and is forcing an evaluation of their preparedness to the potential impact an illness or global event, like (previously named 2019-nCoV, now designated COVID-19), may have on their operations and supply chain. 

How to prepare as an individual or a group?

As an individual or group, there is very good guidance from the World Health Organization website (WHO) on how to protect yourself from Coronavirus. There is also technical guidance for internal business operations.

How to prepare as a business ?

I am going to share, how businesses should prepare for readiness – by using the Business Continuity Plan (BCP) and Continuity of Operations Plan (COOP).

I have done very extensive study & work on many of these type of plans and mythologies. We should avoid these plans to get too complicated and loose the real meaning. But, so far the best baseline is set by NIST – we can easily use this to meet any business BCP requirements.

My recommendation is to read up on NIST SP 800-34 rev 1 publication. Which, clearly define the different types of plans included in resiliency, continuity and contingency planning.

The picture shows the relationships of the different types of plans to the organization.

No alt text provided for this image

NIST SP 800-34 Revision 1 provides more clarity to the role and function of various contingency and continuity plans.

This guide addresses specific contingency planning recommendations for three platform types and provides strategies and techniques common to all systems.

  1. Client/server systems
  2. Telecommunications systems and
  3. Mainframe systems.

This guide defines the following seven-step contingency planning process that an organization may apply to develop and maintain a viable contingency planning program for their information systems. These seven progressive steps are designed to be integrated into each stage of the system development life cycle.

  1. Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan.
  2. Conduct a business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organization’s mission/business processes. A template for developing the BIA is provided to assist the user.
  3. Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.
  4. Create contingency strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.
  5. Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the system’s security impact level and recovery requirements.
  6. Ensure plan testing, training, and exercises. Testing validates recovery capabilities, whereas training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps; combined, the activities improve plan effectiveness and overall organization preparedness.
  7. Ensure plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements and organizational changes. 

Summary :

Business resilience is not rocket science.

Business owner should work with business units to draw up the plan and practice on regular basis. Refer to NIST SP 800-34 Revision 1 for setting up your baseline. You can also download free samples of BCP and many other plans.

In the end it’s human who will benefit from these plans.

I am happy to assist if you need help, please drop me a line via LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked *

three − 3 =