Build and Train the Team Business Continuity Whitepaper
As soon as possible, you’ll want to start pulling together a team—or teams—of people who’ll be responsible for business continuity planning. The sooner you can involve them in the planning process, the easier it will be to get buy-in and ensure that the plan will meet your business needs. It’s likely that you’ll need both an upper-level planning team and a front-lines incident response team.
The upper-level planning and execution will likely come from a management incident response team (MIRT), sometimes called a crisis response team. This cross-functional team might include the CISO /CSO , chief privacy officer, general counsel, chief compliance officer, business line presidents and public relations (or functional equivalents). During an event, this group ensures that accurate and complete data is gathered concerning the incident, and works to communicate this information to the stakeholders. A front-lines incident response team, sometimes a cyber incident response team (CIRT), will be more focused on answering questions like: “What happened? How did it happen? What damage has been done? And how do we prevent it from happening again?” That team is likely to include the following:
Team Manager. Has overall responsibility to ensure business objectives are met during a response and is also responsible for communicating status to senior management.
Technical Lead. Charged with assessing impact on the technology infrastructure, and responsible for containment and recovery activities as they relate to information technology. This person might supervise one or more engineers or programmers. Public Relations. Responsible for communicating with investors, the press, and other outside entities.
Security. Encompasses facility, personnel, and information security. If these are separate departments, each should be represented on the CIRT.
IS Support. Assists with containment and recovery, and establishes alternate methods of information processing when primary systems or network paths are disrupted.
Facilities Management. Responsible for resolving power issues, coordinating the move to alternate locations, and conducting structural assessments and repair fall here.
Labor Union. If applicable, can help diffuse possible reaction to unusual management decisions and provide employee perspectives of events.
Representatives of Critical Business Functions. Depending on the scope of the problem, might include one or two administration or operations teams, or many more.
Once the team members are identified, they should meet to begin building an incident response plan. “The plan should include all activities related to containing and mitigating effects and improving future response,” Olzak said. “The plan is then used to train the team. Thorough training produces a team which reacts to events quickly, without confusion. It helps ensure all members understand their responsibilities, the roles of others, and team cooperation when it’s needed most.”
Build and Train the Team Business Continuity Whitepaper
As soon as possible, you’ll want to start pulling together a team—or teams—of people who’ll be responsible for business continuity planning. The sooner you can involve them in the planning process, the easier it will be to get buy-in and ensure that the plan will meet your business needs. It’s likely that you’ll need both an upper-level planning team and a front-lines incident response team.
Once the team members are identified, they should meet to begin building an incident response plan. “The plan should include all activities related to containing and mitigating effects and improving future response,” Olzak said. “The plan is then used to train the team. Thorough training produces a team which reacts to events quickly, without confusion. It helps ensure all members understand their responsibilities, the roles of others, and team cooperation when it’s needed most.”