Working on Business Continuity

Certifications and legislation

Specifically in the area of ​​information security, ISO 27001 and NEN 7510 are common standards. Not only does the IT environment need to be in order for this, but a management system is also involved. Business continuity is an integral part of this. And in a world in which information is increasingly (only) stored and processed digitally, IT is a crucial link.

Where certification is still a voluntary choice to a certain extent, this is different with legislation. Legislation and regulations also impose requirements that your organization must comply with. IT also plays an important role in this. Consider, for example, the requirements imposed by the GDPR.

Digital resilience

IT is about much more than just systems. A common saying is: “The biggest security risk is between the screen and the office chair”. Especially given the enormous increase in cybercrime, digital resilience of employees is an important point of attention. Recognizing phishing emails, awareness of rules of thumb for safe use of IT and familiarizing employees with common attacks is recommended.

Safeguarding knowledge and expertise

Is the knowledge of your IT environment specifically with a small number of people? Then it is good to map out whether the available knowledge is at least redundant. If knowledge that is crucial for responding to incidents disappears in the event of failure (think of illness or departure), an undesirable situation arises. If internal knowledge retention is complicated at this point, you can also consider outsource the management of your IT environmentYou then assign responsibility for this to a specialized organization, such as IT creation.

Cyber ​​attacks

The impact of cyber attacks has been increasing exponentially for years. Whether it concerns ransomware, phishing, DDoS attacks, malware, man-in-the-middle attacks or other forms of cybercrime: the damage caused to the economy by cyber attacks is increasing year after year. This development is fueled by geopolitical unrest, rapidly developing technology and the attractive business model. A cyber attack is a real threat for every organization. It is therefore not only important to make an IT environment as agile as possible against such a threat, but also to have a clear plan for when things go wrong.

Access security

How logical is it that a sales employee has full access to the payroll administration? By setting up access security properly, unnecessary damage can be prevented. When an uninvited guest gains access to your systems, good access management can limit the damage. It also limits the impact of threats from within.

Back-up

In case of an incident, restoring data with a backup is a logical step. In addition to having a backup, having a tested recovery procedure is essential.

Logging

Good logging can prevent future incidents. For example, by revealing a vulnerability. In the event of an incident, an investigation can be conducted into the cause of the incident. Regardless of whether it is an external or internal threat, analysis of data can lead to improvements in the business continuity plan.

Extreme calamities

Extraordinary calamities can occur. You can think of not only fire, but also things like power outages or a global pandemic like during the corona. This requires making the IT environment available in a location-independent way.