COVID-19 & Enacting Business Continuity

The COVID19 pandemic and necessary decisions by business to ensure employee safety and business continuity is a timely reminder of how important is to ensure each business has a documented and regularly tested business continuity plan.

First and foremost, employee safety is a number one priority. This is a recurring theme for information security certifications such as CISSP®CCSP®CISM®, and CRISC®. You cannot guarantee the long-term viability of your business and meet minimum service delivery objectives (SDO) unless you have the minimum number of employees defined in your Business Impact Analysis (BIA) for each critical business process.

Secondly, each business will need to make sure that a decision to allow employees to work remotely from home isn’t just a snap decision. Again, employee safety is a primary consideration. During normal times, i.e. no pandemic, employees wishing to work remotely would require their Workplace Health & Safety (WHS) officer to inspect the home office of the employee to ensure it meets minimum ergonomic requirements.

Once that is passed, data sensitivity and the appropriateness of allowing remote work activities from home, needs to be risk-assessed. Employees using their own devices are effectively engaging in a Bring Your Own Device (BYOD) programme, in which case, because the employee’s own device is being used, it must meet minimum security standards to satisfy data handling and privacy concerns.

This will often necessitate ensuring, as a minimum:

If this seems hard, it is also hard and time consuming to clean up after a data spill or privacy breach. Rather than an employee providing an asset, another consideration is a laptop or desktop provided by their employer.

The COVID19 pandemic has presented a challenge, but business does not have to stop. At ALC, we have seen this as an opportunity to bring forward our plans to offer virtual classroom training.