Remember way back in 2019 when you laid your head down each night, content in knowing that your institutional disaster recovery plan had been tested and would keep your company running? Do you also remember in March of 2020 when you found out the shortcomings of your respective plan, and that most of the procedures within the plan would only work for a handful of situations? Do you remember how you had to come up with a way to get all of your employees out of the office, and you had to use a combination of remote desktop, TeamViewer, LogMeIn, and some software nobody has ever heard of but it seemed to work?
Yeah, I remember that too. Don’t worry, you weren’t alone. There are still thousands of companies that have not begun to legitimize their remote working environment or have corrected the deficiencies from their original DR/BCP program aside from the band-aids needed to keep their operations running. To ensure that your business can survive the next wave of operating interruption, you should begin to act now to correct the issues. This may seem to be a daunting task, like the old proverb of eating an elephant…but the one bite at a time approach can at least put you on the path to success and ultimately preparedness. Schedule a Post-Mortem Meeting What is a Post-Mortem meeting? It’s quite simply a “what did we learn” meeting that usually concludes a project. An effective roster for a post-mortem meeting would be comprised of a delegate from each functional group, and the primary audience would be the IT and service delivery staff. This can easily turn into a blame-game meeting, so have a designated moderator and an agenda. Keep the meeting open, in the form of a roundtable, but make sure to keep the topics focused not only on what did not work, but also what worked well. Obviously, COVID-19 proved to be an almost textbook exercise in business continuity, so reflect on the whole process as a project. Keep the meeting relaxed and allow for an open forum for your employees to express what has happened to them, and how they are affected by the changes. Conduct a GAP Analysis, and Compare the Notes to the Existing Plan Take detailed notes of the post-mortem meeting and compare the real-world results to the documentation you have. Your business continuity plan and procedures should outline how you should operate in the event of a disruption, and chances are that your old plan and how you operated during COVID are not completely aligned. Analyze your current operating environment, and if the procedures or current operations you are using now better align to your strategy, modify your existing plans and procedures accordingly. Prioritize Changes According to Risk not Reward When looking at changes that need to be made to your plan, remember you are most vulnerable to an attack when your defenses are down or weakened. This is especially true in the event of a business disruption. When making the changes or planning on the resources needed to make the changes, be sure to address clear security issues first. We know that upgrading the VPN connections or migrating to Azure Virtual Desktop isn’t as sexy as creating a new online portal for your customers, but the investment in your infrastructure will pay dividends the next time there is a disruption. Your systems are only as good as your weakest link, so make sure that security and your infrastructure receive proper attention when it comes to investment. Allow for Some Calculated Ambiguity in your Plan Flexibility to adapt and be agile is what separated a lot of companies during the onset of the COVID shutdown. Instead of being paralyzed by having to relocate their entire staff out of the office, the companies that were progressive in their work from home policies were the least impacted. While I wouldn’t advocate a policy that everyone can do as they wish for the sake of keeping operations running, giving some key employees the ability to tactfully deviate policy allows the company to remain agile and open. Be sure to delegate this power to some associates that understand security and the risk related to their decisions. Create a Committee that Governs the Process If you haven’t already, create a business continuity committee that is empowered to take the necessary steps to keep the business operating in the event of a disruption. From operations, service delivery, and human capital management, it is a big job to plan an alternate work environment…and the bulk of the work shouldn’t fall upon your IT department. Allow and demand, that this group meets periodically to review changes in the operating environment and updates the plan and procedures accordingly. A goal without a plan is a wish, so make sure to spend ample time on preparing a well-documented plan for when this arrangement happens again. While we can’t predict the future, we can prepare for a future that may not look like it does today. The steps listed above are not exhaustive but are quite simply steps you can take to get your business thinking about how to handle a disruption should it happen again in the future. If you feel you need help orchestrating this process or would like to have a consultation to discuss how MAI can help correct the gaps in your plan, please contact one of our advisors today at [email protected], or visit us online at www.maitechsolutions.com.
3 Comments
|
ArchivesCategories |