We have an ongoing coronavirus pandemic. As with other crises, at this time, more than ever, organizations need to evaluate the potential impact of this crisis on their operations and prepare to deal with the pandemic. Crisis preparedness should be the high priority in any organization.
In a situation when threats are directly impacting important services and assets, time is the most precious resource. Whether it’s a cyber threat or a pandemic, every second counts. How do you prepare for a crisis so that when it happens, your organization can maintain the normal state of operations?
It is very important to have crisis management in place before a crisis happens. Crisis management is set of procedures for an unplanned situation that would prevent your organization from doing critical functions and maintain the normal state of operations.
Start with developing a plan for each crisis situation. It should be designed to implement disaster recovery. Prioritize requirements – short, medium, long-term. Assess business needs.
Create communication plan which should include a person who is responsible for coordinating the recovery process. Create a crisis team which could include management, IT, QA, business partners. Outline responsibilities and procedure in the plan.
Test this procedure at least once a year. Do post-analysis. Evaluate your systems when you have no crisis.
During a crisis, it is very important to be able to find the right documents at the right time. If your company is in a regulated industry, you also should have document control procedures in place. Use these recommendations to ensure that you manage your documentation in the state of crisis preparedness:
- Review and eliminate duplicate data and reduce information silos. Reduce the number of not useful documents. Gathering content in one place and indexing it in the same way will improve the findability of content.
- Gather content that is going to be used in audit or legal matter.
- Understanding documents flow such as where documents originated, through what systems they traveled, and where they ended. Establish version control of documents, their inventory, and map.
- Create documents taxonomy. Taxonomy helps to discover documents quality and their lineage. Taxonomy also helps with faster documents’ retrieval and to reduce not used documents.
- Establish documents ownership.
- Establish knowledge management procedures to create documents that are needed and do not exist.
- Establish document control procedures.
- Govern the life cycle of information. Establish retention schedule which will include the period of time during which a document remains active and when it should be reviewed and edited or reviewed and archived.
- Establish and enforce change control for documents, procedures, and taxonomy.
- Establish role-based permissions to documents’ access.
IT Systems Management
With this extended use of technology, it is important to prepare in case a crisis happens. During the crisis, IT systems are under severe strain. Everything from getting infected by malware to a system crash can happen during the crisis.
During the crisis, the most important task is the maintenance of normal IT operations. Use these recommendations to ensure that you manage your IT systems in the state of crisis preparedness:
- Design your systems with recoverability and tolerance for failure in mind.
- Have an overview of points of vulnerability, frequency of problems, and the potential damage that might be caused.
- Perform infrastructure health audits to uncover problems and vulnerabilities.
- Address disaster recovery in addressing planned and unplanned downtime.
- Virtualize your data center.
- Establish good backup procedures to prevent data loss.
- Ensure swift restoration of data following corruption or accidental deletion.
- Ensure seamless transition to a warm stand-by system should the main system fail.
- Plan what to do if outage happens.
- Maximize platform up-time and swift restoration of platform following a disaster event.
- Provide redundancy in equipment. This involves getting extra equipment to guard against failures or service interruptions.
- Ensure compliance with the appropriate requirements for IT systems if your organization is in a regulated industry. Ensure also that IT systems are validated.
- Establish effective IT governance.
- Establish proper role-based permissions to IT systems.
Data is critical to business. Data security should be a priority in your organization. Reducing the number of data hacks is extremely important at the time of crisis.
Use these recommendations to ensure your data security:
- Create data inventory and segment out the sensitive and non-sensitive data. Systematically purge the data that your organization no longer needs.
- Establish proper role-based permissions to IT systems and to data.
- Use encryption when necessary to protect data.
- Dispose of obsolete software.
- Establish strict control and procedures for employees’ mobile devices and their own devices if they use it for work. Limit some company applications and data on these devices so that employees can’t access them from unsecured mobile devices.
- Segment data so that a breach in one file does not affect other data repositories.
- Use Internet firewalls.
- Keep operating systems and other business software up to date.
- Install and maintain antivirus and anti-spyware programs.
- Create comprehensive social media governance plan. Create separate business identities for social media to minimize capture of personal information. Govern employees’ interactions.
- Ensure that employees are trained in data security procedures.
Data integrity is defined as the extent to which all data is complete, consistent, accurate, trustworthy, and reliable throughout the data lifecycle, from its creation to archiving, and its eventual destruction.
You will ensure your data integrity if you follow above mentioned recommendations for documentation, IT systems, and data security.
In addition, use these recommendations to ensure your data integrity:
- Use change control procedures for IT systems.
- Ensure that data is complete, consistent, accurate, secure and available throughout the life cycle.
- Control data breaches.
- Perform periodical data integrity risk assessments.
- Establish audit trails, access controls, and electronic signatures.
- Replace paper with electronic forms.
- Establish single sign-on and ensure that each system activity is registered, in particular what users of the system do in the system.
- Auditing – a system must be able to provide conclusive evidence in litigation cases, to reconstruct the decisions and potential mistakes that were made in developing or manufacturing a regulated product.
- Ensure accountability: no actions can be performed by anonymous individuals.