Implement Business Continuity Management to Enhance Resilience of Information Security

We at CTCI is committed to information security for our customers and employees. To ensure that the organization has the capability to continue business operation while reducing the impact on critical missions in case of major security incidents or disaster, we implement business continuity management every year to enhance resilience of information security.

In an emergency situation, a company’s business operations can be impacted if it fails to restore its normal functions timely. To ensure that disrupted services resume operations within the Recovery Time Objective (RTO) during a crisis, CTCI IT team analyzes the impact of disruption and develops a Business Continuity Plan (BCP). Furthermore, we incorporate preventive and recovery actions when implementing Business Continuity Management, to reduce the period of service disruption to an acceptable level following a disaster or failure.

Perform Business Impact Analysis (BIA)

Business Impact Analysis (BIA) is a measure that assesses how a company might be affected by key process failure; based on BIA, we can determine the Maximum Tolerable Period of Disruption and RTO. The responsible authority should then examine business process within their job scope to identify critical processes according to business importance, information asset value and risk assessment results. Business processes being given a “High” criticality rating in the BIA are core IT business of the company.

Formulation of BCP

Formulation of BCP should include a comprehensive set of plans that consider every aspect of the company that could be affected during a crisis, inclusive of key processes, personnel, information and technology assets along with required third parties who offer necessary assistance.

Test and Simulation Exercise of BOP

To ensure the success in Business Continuity Plan, CTCI conducts test and simulation exercise every year. The main objective of test is to make sure that the plans will work  and benefit the successful recovery of infrastructure and critical business processes.

The scope of testing should include: Developing test objectives, executing and evaluating the test, and providing recommendations to improve the effectiveness of testing processes and recovery plans. Afterwards, the recommended actions shall be duly implemented according to test results.

Tests and Exercises Review

After the tests and exercises are completed, CTCI IT team will convene a review meeting to examine the processes of incident notification, emergency response, redundancy and recovery, to see if they have met the expected target, and submit a report to accountable executives for comment and approval.

Conclusion

Establishing a comprehensive information security management system is vital for  corporate ESG practice in today’s world. The formulation and implementation of the Business Continuity Plan by CTCI IT team introduced is an effective solution to improve the resilience of information security. Only by ensuring the network security, system stability, privacy protection, and other important aspects of the enterprise, while strengthening day-to-day information security training, can the competitiveness of the enterprise ensured and the vision of sustainable operation achieved.

**Photo credit: Pixabay