Business Continuity, Security, and Emergency Management

Do you know the right questions to ask about your organization’s level of preparedness in business continuity, information security, physical security, and emergency management? These questions posed by Paul Kirvan at ContingencyPlanning.com may help determine if your organization needs help.

Information Security

  1. When was the last time you experienced a breach of security that resulted in damage to valuable company information?
  2. How do you currently ensure the confidentiality, integrity, and availability of your firm’s critical data and information technology?
  3. How do you protect your communications networks from unauthorized internal or external access?
  4. How do you protect the information being communicated among your staff and external users?
  5. How do you identify and validate potential threats to your information systems and networks?
  6. How do you identify and validate potential vulnerabilities to those assets?
  7. How do you protect your employees from identity theft?
  8. What policies and procedures have you established for dealing with data protection and network security?
  9. How do you measure the effectiveness of the security programs you have in place?
  10. How often do you test your information security programs, and when was your last test?

Physical Security

  1. When was the last time you experienced a security breach that allowed someone’s unauthorized access to your offices?
  2. What was the outcome of that occurrence?
  3. How do you currently control access to your properties for employees and guests?
  4. How do you identify potential security threats within your premises?
  5. How do you identify potential security threats external to your premises?
  6. How do you monitor your corporate property’s perimeters?
  7. How do you currently respond to existing security threats?
  8. What policies and procedures have you established to protect your physical premises from unauthorized access?
  9. How do you measure the effectiveness of the physical security programs currently in place?
  10. How often do you test your physical security programs, and when was your last test?

Business Continuity

  1. What are your most critical business processes and supporting systems (e.g., payroll, A/P, manufacturing)?
  2. If those processes and systems were no longer available, how would you get yourself back into business?
  3. How do you currently minimize the damage to your business from disabled or compromised information systems?
  4. What procedures do you initiate to recover systems and processes that have been disabled or destroyed?
  5. How will your employees respond in an emergency situation, especially one that involves evacuating the premises?
  6. If you were no longer able to access your office, for whatever reason, how would you restore business operations?
  7. Facing a disaster situation, how would you notify employees, family members, local authorities, and clients?
  8. What policies and procedures have you established to keep your company in business following a crisis or disaster?
  9. How do you measure the effectiveness of these response, recovery and restoration programs?
  10. How often do you test your business response and recovery programs, and when was your last test?

Emergency Management

  1. When was the last time you experienced a crisis or disaster situation that threatened your business or your employees?
  2. What was the outcome of that event?
  3. How do you currently respond to emergencies and other crisis situations?
  4. What procedures are in place to mitigate the severity or outcome of potential disasters?
  5. How would you describe your company’s level of preparedness for dealing with crisis situations?
  6. What is your normal level of interaction with public authorities, such as police/fire/EMT, and city/county/state offices of emergency management?
  7. Faced with an emergency, how would you interact with those same public sector organizations?
  8. What policies and procedures have you established to deal with emergency situations?
  9. How do you measure the overall effectiveness of existing emergency and crisis response programs?
  10. How often do you test your emergency and crisis response plans, and when was your last test?

Paul Kirvan is a Fellow of the Business Continuity Institute (FBCI), Certified Business Continuity Planner (CBCP), and Certified Information Systems Security Professional. For more information on Business Continuity, Security, and Emergency Management, go to: http://www.contingencyplanning.com