What is the best way to build a business continuity plan that outlines alternative suppliers?
“Make sure resilience is built in as you design things.“
Marc Avery, CISO and founder of the Cyberchain Alliance, talks to Sooraj Shah about how people, process and technology need to have resilience built in from the very beginning.
What's the best way to build a business continuity plan that outlines alternative suppliers?
Business continuity plans have a traditional context, and often seen as something that gets pulled out of the drawer maybe once a quarter, if organisations are lucky, and people see that and go through the business continuity plan and work backwards from that to see whether or not any improvements that they can make. Actually, business resilience now is much more important. As we've seen with the COVID pandemic, it's much more important to consider those things from the very fundamental designs of a service.
So your people, your process, and technology have to have resilience built in. So I'm not saying there isn't a place of business continuity plans. Clearly, these things need to be exercised, but actually making sure that resilience is embedded as you design things, as you build things, and of course, as you operate things, really does help to make it a less painful job as and when something goes wrong.
Such flexibility should be discussed with suppliers as well and not just relying upon commercial arrangements to have their resilience built-in. Taking that approach and sharing that with your suppliers as well. This is paramount.