Visa Europe revealed important stats about the usage of Contactless Cards. Poland, Spain and the UK use this payment methd the most, with UK usage growing by 300% year over year.
#coronavirus is one the most popular hashtags nowadays and the reason is very simple: given its rapid spread, the World Health Organization (WHO) has declared coronavirus to be a health emergency and the whole world is dealing with it.
There is another word that takes great importance in these days, a word that we don’t hear frequently: resilience.
Resilience is a word with many meanings:
Many companies don’t think about resilience and don’t plan for business continuity, but we must remember what ISO says:
When a business is faced with the threat of sudden disruption to its operations,
being able to respond quickly and effectively is the key to its survival.
This sounds good, but how many companies include a pandemic risk in their business continuity plan? Because a pandemic crisis doesn’t affect only our staff, but makes the supply of raw materials complicated, slows down our deliveries and purchases by our customers.
And this applies to all companies: suppliers, customers, manufacturers, supermarkets, small shops, petrol stations, ... and even hospitals.
The International Organization for Standardization (ISO) has ISO 22301 standard that many people know as business continuity standard. The full title is “Security and resilience – Business continuity management system – Requirements”.
Business continuity can be effective in dealing with both sudden disruptive incidents (e.g. fire, arson, explosions, etc.) and gradual ones like flu pandemics.
By focusing on the impact of disruption rather than the cause, business continuity identifies those activities on which an organization depends on its survival and enables the organization to determine what is required to continue to meet its obligations. Through business continuity, an organization can recognize what needs to be done to protect its resources (e.g. people, technology and information), supply chain, interested parties and reputation, before a disruptive incident occurs.
The following diagram is intended to illustrate conceptually how business continuity can be effective in mitigating sudden disruption: the main objective is to respond and manage the impact to reduce downtime and shorten disruption.
The following diagram, instead, illustrates the pandemic approach to business continuity: it’s important to understand signs before the disruption occurs to control response and slow down the disruption.
By taking a broad approach and asking themselves “what does this mean to me”, businesses of any size can be better prepared for the future and the present in this case. Here are some tips from our experts:
1. Don’t wait for the situation to fix itself
2. Take care of your responsibilities, follow advice from your organization and make your part for the company and society. We are all in this together
3. You have a part in the Business Continuity Plan of your organization and you have to fulfill it; you are not alone.
4. Don’t switch smart working into “not-working”. If you are a smart worker you are lucky: you can stay safe at home with your family during an emergency, but you have to perform your work in an agile way, not simply postpone activities.
1. Plan for the effect of the incident, not for the cause
2. During an emergency, what happens is normally more important that what caused it.
3. Bear in mind that prevention is better than cure. You have to conduct a risk assessment and implement policy to avoid an incident, but in any case, you need to have a plan.
Finally, you conducted a business impact analysis, risk assessment, and treatment, you implemented a business continuity plan, but in these days you are experimenting what your advisor always said: exercise plan and test it, and then test again.
The ISO 22301 standard will be analyzed in more detail in the next article on our blog. But the main conclusion for today is that ISO 22301 is not managed by an IT committee (e.g. like the ISO 27001 that is managed by “Information security, cybersecurity and privacy protection” technical committee). Instead, it’s managed by the “Security and Resilience” committee and its scope is “Standardization in the field of security to enhance the safety and resilience of society” because the main point of attention in business continuity is the health and safety of our staff.
If you are interested in ISO 22301 consulting for your organization, get in touch and our experts will help your business advance.
I am the Senior Data Protection Consultant in Advantio. I have great experience in ICT and Telco services, where I covered several roles and responsibilities. In the last 10 years, I focused my attention in information security and business continuity compliance.