Business continuity: things to consider

Let’s continue with business continuity. Today I would like to review some points to be taken into account during the implementation of a Business Continuity Plan, which I consider essential to achieve a successful outcome:

1. The scope.

2. Senior management support

3. Investment

4. Setting the objective recovery times.

And with this extremely short introduction, let’s go into the matter.

1. The scope

The first aspect that we must take into account is the scope of our Business Continuity Plan (BCP), in two different areas. On the one hand, in an horizontal sense, it is necessary to clearly define which services, activities or processes are going to be included in the BCP, if we also intend to certify the management system in ISO 22301 standard. Although from a BCP’s usefulness point of view the most logical thing is to include the entire organization, especially in small companies where the infrastructure is shared for all the organization, it is also possible to choose a reduced scope that covers relatively independent elements (a local branch or the company’s headquarters, for example), or simply include those processes that are known beforehand to be the most critical for the organization’s continuity, such as production or logistics in a more industrial company, or the web portal in a purely e-commerce company.

[Read more…]

La nube conoce a la continuidad del negocio

Aprovechando el post introductorio de hace unos días, y para no perder el impulso, vamos a seguir hablando del cloud, en un ámbito en el que parece especialmente útil: la continuidad del negocio. Entre otras medidas, es cierto que la existencia de datacenters distribuidos por todo el mundo (¿alguien dijo GDPR?), el escalado flexible de los sistemas y el despliegue casi instantáneo hacen una infraestructura en la nube (en igualdad de condiciones) más resiliente que una infraestructura on premise. Claro que la disponibilidad no es el único factor a considerar, pero de eso hablaremos otro día.

Sin embargo, para hablar de las bondades del cloud los proveedores se bastan y se sobran. De lo que quiero hablar es de algunos de los aspectos que deben ser considerados antes de migrar una infraestructura al cloud (aunque algunos de estos puntos también son aplicables al PaaS y al SaaS). Es decir, los problemas.

[Read more…]

Business continuity in ISMS?

This article analyzes what has changed in the ISO 27002 series of standards regarding business continuity.

Introduction

This article discusses the possible overlap between two disciplines that are quite related to each other, although each one has its own specific area: information security and business continuity. In particular, it analyzes how the two reference standards (ISO 27001 and ISO 22301) are overlapped or not.

In a separate article I will discuss where the two worlds come together and how the implementation of both standards can be carried out without falling into unnecessary redundancies.
[Read more…]