The basic backup procedures are in place but have not been tested
The complexity of recovering from cloud-based services
Lack of DR site availability
Limited Budget and Resources
Follow an ISO 27001 ISMS approach and methodology
Carry out a business impact analysis and identify the key BCP requirements
Identifying the business risks and likelihood is a critical consideration
Must provide a core capability to address a Cyber Security Incidents
Establish current recovery capabilities; relocation of key services that need to be provided
Workshop DR scenarios and discuss viable practical solutions with stakeholders
Carry out workshops with key stakeholders (including decision makers) to make sure that everyone understands the requirements and challenges.
Ensure that security is maintained in a DR situation.
Aid include BCP requirements within the ICT Strategy.
What did we learn?
Building the most appropriate and efficient business continuity capability involves a large investment in time and budget. In most cases this will require careful budgetary planning which in most cases will delay the implementation.
Taking a practical approach and identifying the inherent capabilities within existing systems might not deliver the most comprehensive business continuity solution but it can provide partial recovery and protection to the business.