Throughout the world, we are facing a crisis in energy – be it due to the rise in cost (USA) or as a result of shortage (Europe & RSA). At this moment, Europe is in loadshedding talks and RSA is in the grips of it’s worst loadshedding ever and is facing the real possibility of a nationwide energy black-out.
The reality of a black-out is that it not only affects the availability of your information, but on a simpler basis, this impacts the overall business function as per the below scenario samples:
- All network systems will be unavailable as the suppliers will also experience power-outage (e.g. no internet services, no access to cloud services, no telecommunication reception etc.)
- All communication methods will be unavailable
- Unavailability of staff (e.g. shortage of fuel affecting travel and alternative energy generation, no network services, no power for computer and other hardware, no online or card payments possible etc.)
- Basic emergency and healthcare services not readily available
- Access to food and basic service delivery not readily available
Is your Company prepared?
Everybody thought Covid was a rumour and that there will never me a Total Lockdown… but then it happened world-wide. How prepared was your Company when this happened?
What would be required to be more prepared for this type of threat?
Consideration 1:
Determine if your Company has taken this risk seriously in your Risk Assessment
- Who added the threat to the Risk Register with an impact and likelihood rating for the threat?
- Based on the threat, who reviewed the Business Impact Analysis?
- What will the impact be on providing continued services?
- Have you thought about a Mitigation Plan?
Consideration 2:
Many organizations forget about their Information Security for logical and physical purposes. Does your Company understand how exposed it will be if there is a total energy blackout in this regard?
The Company should ensure that their Incident Management Plans and Business Continuity Plans includes these type of extreme scenarios. However, one thing is certain, it does not matter how many plans and/or Information Security Preventative Initiatives are in place, when a total energy blackout happens you will need a robust and effective process and strategy to activate your Business Continuity Plan, or alternatively to activate the Preventative Activities to protect your Company from Security threats and to lessen the impact on the Confidentiality, Integrity and Availability of your business data.
Consideration 3:
Does your Company have any Incident Management Process in place for such type of events? This process must be used to coordinate all the activities required to activate the Business Continuity Plan (as mentioned above).
The objectives of an Incident Management Process is to manage incidents throughout its entire lifecycle, to minimize the adverse effect on business and the quality of IT services and to restore normalcy as quickly as possible. Thereby ensuring the best possible level of quality service and availability.
In general, such type of process will require an Incident Management Coordinator to mobilize a Major Incident Management team once a Major Incidents or Information Security Incident is identified, which will in turn coordinate the Major Incident throughout the entire Incident Lifecycle until resolution. This sounds technical, but this has been proven internationally as a process that will best assist with minimizing the impact for any size business – the key is to establish the process and to continuously make everyone in the Company aware of it and their designated roles (i.e. preparation is important).
Examples of an Incident Management Process are as follows:
- Identification and diagnosis of events which are communicated directly by users through phone/e-mail, web portal or Event Management to Incident management tools;
- Resolution of the incidents as quickly as possible using defined resolution processes (determined by your Company as what would be practically the best);
- Identifying incidents that requires further analysis, to reduce their resolution time;
- Identifying Major Incidents which means the Incident affects the entire Company; and
- Identify Information Security Threats that might affect the entire Company.
Are you satisfied that your Company’s Business Continuity Plans and Incident Management Processes are adequate to manage a total energy blackout? (and to survive its impact?) VDAC ISO Auditing and Consulting can review or audit your Business Continuity and/or Risk Management systems, plans and processes to ensure they are effective and up to date. We also assist with overall implementation – helping your Company to secure clients’ trust by showing them that their information will be protected, and service delivery will have a minimum interruption.
