Why your company needs a business continuity system

15/02/2023

The new electronic publication edited by the Fundació Parc Científic Universitat de València (FPCUV), which has the support of the Conselleria d'Innovació, Universitats, Ciència i Societat Digital, analyzes the need to implement business continuity management systems in companies

Having a reliable business continuity management system (BCMS) has become one of the priority objectives for organizations, mainly due to the globalization and demands of customers and users. To maintain a competitive advantage, companies cannot afford to have interruptions in their business, so it becomes essential to have guarantees to respond to any situation that may jeopardize business continuity. The new publication of the Fundació Parc Científic Universitat de València (FPCUV), entitled  Buenas prácticas en la continuidad TIC de las organizaciones. De la implementación a la certificación, focuses on the importance of proper management, planning, monitoring, control and continuous improvement of the organization's business continuity strategy to ensure its critical operation in the event of a contingency.

"More and more companies and organizations, both public and private, base their activities on information systems. The technological infrastructure that supports these systems becomes one of their main assets. The interruption of this infrastructure can cause damages of various kinds, not only economic but also reputational", explains Mariano Serra, responsible for ICT systems at the FCPUV, coordinator of the monograph together with Jorge Edo, director of IT Area Mobiliza Academy and managing partner of Mobiliza Consulting. 

The electronic publication presents good practices such as the international standard ISO 22301, those defined by entities such as the National Institute of Standards and Technology (NIST), an organization dependent on the US government, the National Security Institute (INCIBE), of the Spanish government, and success stories in the implementation of a BCMS in sectors such as healthcare, ports and scientific infrastructures. "All of them have in common the identification of the potential threats that the organization may face, the impact on operations that these threats may cause and the management of the recovery of activities in the event of an interruption," adds Serra.

"More and more companies and public and private organizations base their activity on information systems and the technological infrastructure that supports them becomes one of their main assets. The interruption of this infrastructure can cause damages of various kinds, not only economic but also reputational", Mariano Serra, responsible for ICT systems of the FCPUV

Myths and reluctance

Another element to highlight, Edo points out, refers to the existence of reluctance on the part of companies to implement continuity systems, a fact that is explained by "lack of knowledge" or "lack of management involvement in the project." "In a project of this scope, high-level leadership is key. There is often reluctance on the part of the management of organizations, especially SMEs, who do not see the need to invest resources until after the cybersecurity incident has taken place, when it is too late to propose an appropriate continuity strategy," warns the specialist.  

One of the myths surrounding continuity plans in organizations lies in the mistaken idea that it only pays to develop them in large companies and multinationals, "thinking that these issues do not affect SMEs or micro-SMEs", stresses Edo, who reminds us that a continuity plan can be developed for large, small or medium-sized companies. "At this point it is key to determine, through a detailed risk analysis, the key processes of the organization, which will require appropriate recovery strategies," he adds.

According to a study recently published by the consulting firm Deloitte, 'The State of Cybersecurity in Spain', 94% of Spanish companies have suffered at least one serious cybersecurity incident in 2021. "To which we must add that Spain ranks third among the countries that are receiving the most attacks, the number of which is increasing exponentially.  Of the companies attacked, a large proportion are SMEs and micro-SMEs", emphasizes the director of the IT Area Mobiliza Academy and managing partner of Mobiliza Consulting.

"Spain ranks third among the countries that receive the most attacks, and the number of attacks is increasing exponentially.  Of the companies affected, a large number are SMEs and micro-SMEs", Jorge Edo, director of the IT Area Mobiliza Academy and managing partner of Mobiliza Consulting

Recommendations for implementing a BCMS 

Among the main recommendations to be taken into account, Edo stresses that organizations should be "proactive rather than reactive", although he regrets that most business continuity and ICT continuity plans are developed in detail "when the company has suffered a disaster that affects the continuity of the organization's processes". 

In the face of possible threats, this expert suggests using a best practice framework such as ISO 22301 as a basis for deploying the Continuity Plan. "In section 2, 'Good practices in Business Continuity', the recommendations of the NIST and INCIBE frameworks related to continuity are also included in detail.   For more complete information, it is advisable to review section 5, which shows in a practical way how three different organizations have approached continuity," suggests Edo.

 

The e-book includes case studies from the port sector, the Institute of Corpuscular Physics (IFIC) and Novasalud

 

Download the e-book

To access this new e-book offered by the FPCUV on the implementation and certification of business continuity management systems (BCMS), please visit the following link.

 

Other references

 

With the support of

LOGO CONSELLERIA INNOVACION UNIVERSIDADES PNG_VAL_NEGRO-2