Tuesday, 30 May 2017

To BCP or not

I recently shared an article written by +Mike Elgan about the fact that, in the US at least, laptops will not be allowed in cabin of aeroplanes and of the demand, whether current or future, for access to smartphones by border patrols.

While this is worrying for many people, businesses need to plan for this. Those organisations that have staff members travelling to and fro from the USA, and many other countries soon, need to be prepared.

The equipment mentioned is, for those travelling for work, likely to be owned by the organisation.  So what happens for that business traveller when the laptop is irreparably damaged in the checked-in luggage, or stolen? What happens to the data stored on it? What happens if border patrol demands access to the smart phone?  This isn't a case of "Call IT and get it replaced". This has a huge business impact.

Business Continuity Plans are (supposed to be) written by business units to document how to handle and recover from threats to an organisation or business unit. They are generally written as a response to major disasters, or issues that stop staff from attending offices (flood, fire, disease, etc). Most won't consider this as a large enough impact. They should.
Business continuity planning (or business continuity and resiliency planning) is the process of creating systems of prevention and recovery to deal with potential threats to a company.  Any event that could negatively impact operations is included in the plan........

Businesses cannot, nor should they, expect IT to be handling this for them alone. IT will be able to respond with an IT Service Continuity Plan, based on the Business Continuity Plan, but not second guess the impact to the wider business.

If you are a senior manager in an organisation where anybody travels overseas for business, you need to consider the impact, what your staff will do if they lose the laptop or smartphone, and what you will do if the data stored therein is compromised.

Should staff have company data on the laptop or phone?  If so, is IT aware of this and have you asked them to come up with a way of protecting that data?

This is no different to staff having laptops stolen out of cars, but it now needs to be front of your mind.  Don't expect IT to know what you want. IT are a part of the business and you need to work together to ensure that you have considered the impact, understood the risks and planned for it.

Prepare your plan and provide all travellers with a towel. Then, you can, as Douglas Adams advised in The Hitchhiker's Guide to the Galaxy

Image result for don't panic towel