COVID-19 Business Continuity Planning Guide

With the rise in COVID-19 (Coronavirus) diagnoses around the world, Choice CyberSecurity is committed to assisting in business continuity efforts to provide peace of mind to our customers and partners.

As an industry leader in providing security and compliance solutions, we understand the confusion behind preparing for the unexpected while, also, meeting and maintaining regulatory compliance. We assist our clients with compliant solutions and procedures that remain in line with business goals.

What is a Business Continuity Plan?

A Business Continuity Plan is a detailed blueprint outlining the processes used to define how a business will continue operations during unexpected service interruptions. It is a comprehensive guide that defines contingency procedures for every aspect of the business that may be affected including all resources, processes and assets. The goal is to reduce damage, maintain productivity and recover quickly in the event of a national emergency or natural disaster.

Steps to Get Started1.png

 Define the potential service interruptions, national emergencies or natural disasters applicable to your business

Ideas: Fires, Floods, Power or Internet Outages, States of Emergency, Government Shutdowns, Epidemics, or Pandemics

 

2.png
 

Gather any existing resources to assist in the development of your Business Continuity Plan.

Resource ideas: An existing Business Continuity or Incident Response Plan, Policies, Procedures or a Company Handbook

 

3.png
 

Make a list of business resources that may be affected including all assets, processes and team members

 
 
 
General Business Continuity Planning

Communication

Communication is said to be the most important element of the Business Continuity Plan. Social distancing has either been encouraged or enforced throughout the world, but how does that affect your business?

  1. Define your company’s internal and external communication needs

    Organizations have to consider communication in many ways, including how they would communicate internally with employees and stakeholders, as well as externally with clients, customers, 3rd parties and vendors.

  2. Identify your organization’s means of communication
    Whether email, phone, or announcement via website, it is important to consider and define the means of communication delivery

  3. Establish Roles and Responsibilities
    Select the responsible individual(s) or team members that will deliver the necessary communication. 

Technology

Remote Access

Connecting to business resources remotely, whether through virtual private networks, remote desktops, or just cloud applications is the go-to solution for businesses across the world, but not every solution is created equally. Organizations must determine if remote access is an option to implement during recovery and business continuity efforts. Remote Access Programs can vary among different businesses, as there is not a one-size-fits-all solution.

  • How can you continue to work productively, yet securely outside of the office?

  • Are you able to adopt a fully virtual environment with secure and compliant remote access? 

  • Do your users currently have remote access? How do they connect?

  • Who is authorized to work remotely? 

  • How is sensitive data handled and stored remotely?

  • Do you have any documentation identifying the circumstances in which remote access is enforced?

  • Is there an active Teleworking Policy? How is it enforced?

  • Does your business have the appropriate technology resources in place to, not only meet compliance, but prove it? 

Applications

Identify your key applications and resources critical to continue usual business function and document each application’s Recovery Time Objectives.

  • How would downtime affect your client products and services?

  • Identify proper protocol and steps to take if/when an application is down.

  • Will these applications remain available if employees are no longer able to access the facility or office and if not, how are they accessed remotely?

Backups

Backups are heavily relied on during Business Continuity when an organization is unable to access its data due to system failure, breach or disaster resulting in destruction. Since the introduction of cloud storage for files, backups are often misunderstood. Organizations assume cloud storage is the same as backing up files, however that is not the case. 

  • How are backups done? Onsite? Offsite?

  • Do you conduct routine backup testing?

Security Best Practices

For clients that do not follow compliance standards with strict security requirements, Choice CyberSecurity recommends following the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) to meet cyber security best practices and avoid potential data breaches. 

Questions to Consider

  1. Who is responsible for security? 

  2. Have you ever had a virus or infected system?

  3. Have you ever had a data breach? Are you concerned about a breach?

  4. What is the longest period of downtime you have experienced?

  5. Any clients or vendors asking you for security requirements? 

  6.  What would be the impact to your business of a security breach?

Prepare a Data Breach Response Plan

CompTIA’s Data Breach Response Planning Guide is a great tool to help guide you as you start to prepare a data breach response plan. This guide follows the structure of NIST CSF and highlights where in the CSF you can find more information. Download the Data Breach Response Planning Guide

Compliance Requirements

Most regulatory compliance standards enforce strict controls around remote access authorization, authentication and security. When an organization chooses to implement remote access as part of its Business Continuity Plan, it is their responsibility to ensure that the appropriate security measures and procedures are in place. While specifics vary depending on the compliance framework, standard remote access controls typically involve multi-factor authentication, encryption and monitoring. 

  • Do you have any compliance requirements?

  • Do you have a best practices or compliance structured framework in place?

  • Do any of your clients or vendors require you to have any security or compliances in place?

  • How do you handle compliance management?

  • Who in the company is responsible for compliance?

  • Do you have compliance documentation, policies or procedures in place?

Policies & Procedures

Policies and procedures must be developed and customized according to the organizations new and existing technologies, configurations and processes. In the event of an audit, an auditor will look for documentation to prove that complaint. procedures are developed, documented, and enforced wherever applicable.

  • Have you documented the procedures necessary for connection? 

  • Did you create a policy that highlights user expectations and guidelines around access? 

  • Have all users been trained to ensure understanding and successful execution?

Anticipating the Unexpected

Choice CyberSecurity further guides their clients in Business Continuity planning by identifying the many possibilities that would warrant enacting the plan, which typically includes the common occurrences, like power outages, fires, floods, and other natural disasters that could cause damage or a reason to close the office. However, Choice CyberSecurity also considers those situations that aren’t so common, like Pandemics.

Changes & Updates

Our world is ever changing and we can’t always anticipate the future or the effects of an unexpected occurrence. However, our team remains by our clients’ side and ready to update Continuity Plans accordingly. As Continuous Compliance Service clients, you can rest assured that your plan will be updated to reflect relevant changes to technologies and procedures. While surprises aren’t always welcomed, Choice CyberSecurity looks as unexpected events as opportunity for growth, development and testing. There is no better way to test an existing plan than to have to invoke it to address the uncommon and unanticipated. 

Pandemic Business Continuity Planning

A pandemic is a global disease outbreak. When considering Business Continuity planning, organizations must assure safe and healthy working considerings for their employees while also maintaining business operations and services. Planning for a pandemic is essential for minimizing its impact. Because it is impossible to predict a pandemic, an organization’s continued success is determined by how and how fast it responds. Pandemics not only affect an organization’s information system or the facility housing it, but also its employees. Choice CyberSecurity helps organizations not only develop system recovery plans, but other resources such as succession plans as well.

Precautionary Measures

As a company, you must decide on the best increased measures to maintain business continuity and protect the health of your employees, some ideas include:

Travel

  • Limiting or cancelling business travel until further notice

  • Recommend that team members do not travel for non-urgent personal travel

  • How will you handle cases where team members elect to travel for personal reasons? Some examples:

    • If an employee chooses to board an aircraft, either domestically or abroad, they will be subject to a 14-day precautionary period before coming back to the office

    • If an employee choose to travel in any capacity outside of the state during a declared state of emergency, they will be subject to a 14-day precautionary period before coming back to the office

Office Safety

  • Strictly limiting visitors and in-person meetings at this time

  • Authorized visitors must be approved by management

  • Cancel or postpone all planned events, parties, meet-ups, and conferences

  • Keep on-site interviews to a minimum and proceed with video interviews instead

  • Provide additional hygiene resources such as hand sanitizer stations

  • Increase the frequency and scrutiny of office cleanings to include all communal surface areas

  • Provide your team with best practice health tips and continue to keep them updated on a regular basis

Handling Sick Team Members

  • Encourage all team members to stay home and call their doctor right away if you they experiencing any COVID-19 related symptoms

  • Ask team members to leave if they come to the office sick

  • Request proof of consent by the employee’s licensed physician stating that it is safe to return to work

Define Your Procedures

  • How would you like to be notified for short-term and long-term sick or out of office requests?

  • What is your Work From Home Policy? 

  • Clearly define the team members that are eligible to work from home and their responsibilities.

  • How will employees be compensated during this time? 

    • Working from home

    • Sick leave

Future Plans

  • Monitor the news from the CDC and World Health Organization, among other sources and guidelines

  • As things change, be prepared to reassess the situation and adjust your plans accordingly.

Ways that Choice CyberSecurity Can Help

Our services are designed to offer clients with the best resources to easily achieve compliance goals.

Remote Access

Choice CyberSecurity helps organizations select and document the circumstances in which remote access is enforced, who is authorized to work remotely and how remote access is achieved. We work closely with business executives, managers and, both, internal and external technical teams to develop the best Remote Access Programs for each clients’ unique environment. We aim to ensure that whatever solution that's implemented is secure, proactive, seamless and, most importantly, meets applicable regulatory compliance.

Technology

Applications

Choice CyberSecurity helps organizations identify those key applications and resources that are necessary to continue usual business functions. Together we identify each application’s Recovery Time Objectives, how downtime would affect client services and products, and steps to take if/when the application is down. Additionally, our team assists with determining if these applications will remain available if employees are no longer able to access the facility or office and if not, how they’re accessed remotely.

Backups

Choice CyberSecurity guides clients through the complicated world of backups, while also assisting with identifying and implementing the right solution, developing backup programs and incorporating them within the Business Continuity Plans.

Policies & Procedures

Choice CyberSecurity offers policy and procedure development services to ensure seamless alignment between your people, productivity and processes. These policies and procedures are customized according to the organizations new and existing technologies, configurations and processes. Our team is available to provide whatever services clients may need to make the process seamless. This may include, but is not limited to researching new or alternative solutions, comparisons of different solutions and participating in demos to help condense the list of options.

Business Continuity Planning

In addition to policies and procedures, Choice CyberSecurity also provides assistance and expertise with creating Business Continuity Plans for our clients. We understand the important elements of Business Continuity Plans and are qualified to help our clients plan for all types of world events, including pandemics like COVID-19.

Our COVID-19 Business Continuity Plan

As a company, we are taking increased measures to maintain business continuity and protect the health of our employees. View our COVID-19 Business Continuity Plan here

Our Services

Our Continuous Compliance Services are designed to offer clients with the best resources to easily achieve their security and compliance goals. Contact us to learn more about our solutions.

ContactUs