For some businesses, disaster planning is low on their list of priorities. But for many others, establishing a contingency plan is anything but optional. Critical organizations (especially those in health care, financial, and government sectors) are often required by law to be able to weather any storm with their operations and data intact — or else face steep penalties from federal, state, or local governments.
The problem is, some business professionals are not fully aware of the laws and regulations that require them to go further in establishing a viable and actionable Disaster Recovery (DR) and Business Continuity Plan (BCP).
To keep your business safe (and out of the legal penalty box), you should take the time to discover if there are business continuity regulations that mandate your company’s compliance with advanced disaster planning. That way, in the face of disaster you’ll not only be within full legal compliance, but you’ll be able to successfully protect your sensitive data and get back to work quickly serving consumers.
Thanks to the Health Insurance Portability and Accountability Act (HIPAA), Disaster Recovery and Business Continuity planning strategies are mandatory for health care organizations and can carry steep penalties and fines for noncompliance.
First and foremost, health care organizations require a quickly actionable contingency plan for establishing and operating an emergency base of operations during a crisis. By arranging a stocked and functional backup facility ahead of time, health care organizations can continue to triage and treat patients during an emergency situation.
Additionally, because health care data is considered critical/sensitive information, health information systems and databases require advanced data management capabilities, including reliable backup and Disaster Recovery.
Functions of a BCP for health care organizations can include:
The financial sector also is beholden to regulatory agencies and governmental policies to ensure all that critical financial data is preserved and banking centers can remain active in a crisis. Much of the focus on financial sector contingency planning focuses on retention of data across the entire system.
The Financial Industry Regulatory Authority (FINRA) mandates that all financial institutions be covered by a clear and actionable BCP that adequately meets the needs of their organization. While the specifics may vary from company to company, they all must include reasonable provisions for the following elements:
Additionally, there are a number of policies and regulations that apply to financial centers’ disaster planning, including:
The Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System, 2003, which requires BCPs to be regularly upgraded and tested.
The Federal Financial Institutions Examination Council (FFIEC) Handbook, 2003-2004 (Chapter 10), which specifies that directors and managers are accountable for organization-wide contingency planning and for the “timely resumption of operations in the event of a disaster.”
The Expedited Funds Availability (EFA) Act, 1989, which requires that federally chartered financial institutions have a demonstrable BCP to ensure prompt availability of funds.
The Basel II, Basel Committee on Banking Supervision, Sound Practices for Management and Supervision, 2003, which requires that banks put in place Disaster Recovery (DR) and Business Continuity Plans (BCP) to ensure continuous operation and to limit losses.
In case of a crisis, government centers and operations mandate contingency plans to keep them open and operational in a crisis.
The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-34, Contingency Planning Guide for Information Technology Systems, June 2002 gives specific requirements for governmental Business Continuity Planning, including:
Additionally, the Federal Information Security Act (FISMA) of 2002, Title III of the E-Government Act of 2002 (PL 107-347, 17 December 2002) and the Executive Order on Critical Infrastructure Protection in the Information Age, 16 October 2001 both emphasize the need for governments to maintain Business Continuity Plans (BCP) and Disaster Recovery (DR) without specifying how it should be done. While local governments are able to make their own decisions regarding these plans, they are required to continue operating during a crisis.
The COOP and Continuity of Government (COG). Federal Preparedness Circular 69, 26 July 1999 establishes minimum planning considerations for federal government operations.
In each of these cases, we observe the emphasis that regulatory bodies and governments place on making sure that critical industries maintain up-to-date and thorough business contingency plans. But in many cases, the specifics of these plans are left up to a managers’ discretion for what is appropriate!
This is why it is imperative that you consult with a business continuity and disaster recovery professional. By starting with a thorough evaluation of your organization’s specific needs, challenges and areas of focus, we can help you discover the best way to prepare for a crisis and stay not he right side of the law.
Want to know more about Business Continuity Planning Strategies?
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”