7.13 Participate in Business Continuity (BC) planning and exercises

Business Continuity is the art of keeping the business operational during a disaster, while Disaster Recovery is the art of getting it back to normal.

We must ask

  • What processes and functions must remain operational for the business to function?

  • What threats could attack these processes?

  • Are there any third-party risks from vendors or partners?

  • How do we ensure that our processes continue to operate in the event of a disaster?

  • How can we test our processes to ensure that they remain operational?  Can we simulate a disaster and measure the effect on our processes?

Some specific threats

  • We lose some data due to ransomware, accidental deletion, malicious deletion, a failed back up, etc.  How do we recover the data?

  • Power outage

  • Natural disaster

  • Communications failure