24 Hour Support: 888.705.0999

Media Center

Resources and Guides - Securing Knowledge

Business Continuity Planning

When faced with emergencies that cause business interruptions, protecting people, assets, and facilities is top priority, and business continuity is paramount to minimize financial loss and maintain support to your customers. Advanced strategic planning to protect and maintain ongoing business functions is crucial.

Organizations must invest time and resources in Business Continuity Planning to protect critical business functions and physical, information, and personnel assets under a range of circumstances.

Current best practices in business continuity planning include the following:

  • Having regularly measured processes in place to contain/manage damages resulting from an incident
  • Having regularly measured processes to determine extent of damage following containment of incident
  • Systematically investigating incidents to identify resources targeted and vulnerabilities exploited
  • Having processes to manage business continuity planning that address post-incident business restoration strategies, including post-incident review procedures and subsequent process adjustments
  • Having regularly measured processes in place to identify business assets
  • Having processes in place to identify the qualitative and quantitative damages that could arise out of attacks against business assets
  • Having regularly measured processes in place to identify vulnerabilities that might be targeted.
  • Having regularly measured processes in place to plan appropriate controls to minimize the risk of attacks against assets

Is Your Business Continuity Plan Up to Par?

Consider the following questions to determine whether there might be room for improvement in your Business Continuity Plan.

  1. How strong is our resiliency? Will disaster recovery capabilities keep up with growth?
  2. Can we balance the need for cost reductions and the overhead requirements of ongoing business, including disaster recovery?
  3. Do we have enough redundant systems, capabilities, and skilled personnel to recover from a disaster?
  4. Can we find qualified people to recover our central processing systems and servers when we need them?
  5. Is our project management team stretched too thin with other responsibilities to effectively handle disaster recovery also?
  6. Disaster plans are in place, but when we get busy, disaster planning tends to fall off the priority list. How do we keep our plan relevant?
  7. Disaster recovery planning has to be done*, but who is going to prioritize it when it is non-revenue-producing?
  8. What if non-networked information assets and systems such as "cloud" computing, laptops, external drives, etc. are carrying key information but are outside the scope of our disaster plan?
  9. In the event of multiple disasters or a large geographic disaster, will disaster recovery providers and remotely hosted servers have the capacity to handle us? How much capacity is enough?
  10. How do we meet the needs of customers who have an absolute dependency on product delivery and service during and after a disaster?

If these questions reveal gaps in your resiliency strategy, the following tips on "Strengthening Your Business Continuity Plan" and "Next Steps" can help you develop a more effective business continuity plan.

* Public Law 110-53 entitled "Implemented Recommendations of the 9/11 Commission Act of 2007," enacted by Congress, directs the Department of Homeland Security (DHS) to implement its provisions regarding the need for companies to establish corporate continuity plans within a 24- to 36-month deadline.

Strengthening Your Business Continuity Plan

A Business Continuity Plan's goal is to identify an enterprise's exposure to threats—internally and externally—and optimize assets (personnel, equipment, and systems) to ensure seamless business continuity and minimize financial loss in the event threats are realized. The plan should accomplish the following:

  • Ensure the safety of personnel and customers as top priority.
  • Identify which processes and assets of the enterprise are absolutely vital to business continuity and protect the facilities and resources that enable these functions.
  • Provide an orderly recovery starting with critical infrastructure and assets first, processes important to efficient and effective ongoing operations second, and desired but not immediately essential functions third.
  • Delineate management control of risks and exposures.
  • Establish a clear decision-making structure in advance.
  • Enable preventative measures where appropriate.
  • Establish membership of an enterprise-wide core Crisis Management Team (CMT) with additional members identified for various contingencies.
  • Determine the basis for selection of ad hoc local Incident Management Teams reporting back to the CMT.
  • Be comprehensive enough to minimize legal liability.

Next Steps

After the concept and design stages of your Business Continuity Plan, these are next steps in the development of an effective plan:

  • Establish a business continuity planning committee.
  • Define priorities and critical needs of each vital business function.
  • Perform a risk assessment.
  • Review insurance coverage and, once you have drafted a plan, ask your insurer to review it.
  • Clearly define how strategies will be created and carried out in response to a specific business interruption.
  • Perform data collection and improve cyber security protections.
  • Develop testing criteria and procedures.
  • Test the plan, including protection strategies for facilities and equipment.
  • Organize and document a final, tested written plan.

Consultation/Support Services

Analysis of company assets, infrastructure, security measures, and management and communication processes is required to adequately determine the best course of action for Business Continuity Planning. Third party resources, whether sourced through your contract security services provider, cyber security company, or public relations firm, can often assist with planning, recovery, and communication strategies that complement your Business Continuity Plan.

U.S. Security Associates advises clients to develop a blended and complementary program that is based on an "All Risks" assessment. "Disaster and Emergency Management," "Business Continuity," and "Crisis Management" are distinct but related risk mitigation strategies that should be coordinated. Our Consulting and Investigations Division, with long-standing alliance partnerships that specialize in cyber-security and crisis management, offers single-source consultation and planning support as well as disaster, emergency, and crisis response services. U.S. Security Associates provides a comprehensive approach to security and risk mitigation, integrating uniformed security services and consulting and investigation services with expertise in intellectual property protection, executive protection, emergency response, and crisis management to assist with business continuity planning and support.

About U.S. Security Associates

U.S. Security Associates (USA) is one of North America's largest security companies, with 160 locally-responsive offices providing premier national security services and global consulting and investigations to customers in a range of industries. Recognized for world class customer service, leading-edge technology, and an enterprise approach to risk management, USA offers optimized security solutions to meet specific customer needs. USA is committed to building quality security and risk management programs that are Safe. Secure. Friendly.® The Securing Knowledge series is part of the extensive and growing library of reference and training tools that contribute to USA's award-winning customer service and benchmark security programs. USA's investment in training and development resources is reflected not only by BEST Awards from the American Society for Training & Development, consistent ranking on the Training magazine Top 125, and technology-driven quality management system, but also by the company's leadership team, security officers, and service excellence on a daily basis.

©2017 U.S. Security Associates