What's more, an ISCP can help with compliance. Increasingly, professional organizations and federal guidelines strongly encourage or mandate BCPs. For example, the National Association of Securities Dealers requires the creation and maintenance of a BCP. Sarbanes-Oxley Section 404 requires management to establish and maintain "adequate internal control over financial reporting." The inability to recover after full or partial outages could be considered noncompliance.
An effective ISCP project has four phases. First, fund it. Second, create a comprehensive ISCP. ( NIST provides an excellent model.) Third, test it regularly to verify the integrity of planned operations and to ensure that employees understand their responsibilities. Fourth, update the ISCP periodically, to reflect infrastructure changes and add support for new services, such as BYOD, mobile access and big data. Beyond that, examine existing ISCPs to find holes in coverage. And don't forget supplier exposure!
With Sandy fresh in mind, take advantage of management's increased awareness of the threat of natural disasters. But act quickly; memories will fade. Develop an ISCP before this window closes.
Bart Perkins is managing partner at Louisville, Ky.-based Leverage Partners, which helps organizations invest well in IT. Contact him at BartPerkins@LeveragePartners.com.
Read more about management in Computerworld's Management Topic Center.