|
Critical Factors
There are a few simple steps that can mean the difference between the success and failure of a BIA: ensuring open communication and buy-in, establishing a high-level tracking framework and assigning accountability.
From the earliest planning stages until after the document is created, it is important to have open lines of communication with key organizational players. Obtaining appropriate buy-in from upper management and the business community early in the lifecycle is also a must. Managers of critical business functions have a lot on their plate, but fully communicating the purpose and value of the BIA can ensure their cooperation in making the data they supply complete and accurate. After all, the BIA is ultimately a document that helps them—it is their processes you are trying to protect.
Keeping the lines of communication open after the data is gathered is also important to make sure the document reflects changes in business processes and remains relevant. Additionally, maintaining a dialogue with internal auditors, compliance managers and the rest of the information security organization can guarantee the document has a broader scope outside of contingency planning.
A high-level framework for project management over time is...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
an essential part of building a proper foundation for your BIA. Even smaller organizations will have numerous interdependent business processes that will need to be accounted for—probably too many to track without careful organization. Intelligence-gathering for the BIA will uncover many other processes, and new business functions are likely to be put in place during the engagement.
Setting up a mechanism for tracking these processes as they are discovered and created will ensure that nothing slips through the cracks. The project will likely have high visibility, and using a metrics-driven approach stream- lines status reporting and allows rapid schedule modifications if dates slip.
Assigning accountability for BIA tasks is also an important step. BIAs can contain quite a bit of data, but harvesting that information is extremely time-consuming. Allocating and tracking individual tasks ensures that the data gets collected and the project stays on schedule.
If created and used strategically, a BIA can be one of the best investments your firm can make—both for contingency planning and for information security as a whole. Once the document is in place, taking steps to keep its contents current ensures that the BIA is useful as a survival guide for years to come.
|
