How long has it been since you have revisited or reviewed your company disaster recovery document? Have you conducted any table-top exercises this year or have any lined up on the company schedule of events? Odds are, depending on when you are reading this article, you may be in a real scenario, not an exercise, as part of the COVID-19 pandemic. You may even be asking, “what is a disaster recovery document?” Considering the impact of COVID-19, there is probably no better time create or review those incident, continuity, disaster and recovery documents for your cybersecurity library. You will want to make sure they include all your business needs to be successful when the worst of times are upon you, including a pandemic.
It doesn't matter what governance framework you choose to align with; they all typically require the frequent testing of business continuity and disaster recovery protocols to make sure they are effective when they are most needed. One of the reasons the tabletop practice exercise is most commonly favored, as it is required by governance frameworks, is that it puts required think-tanks, leadership and tech admins in the same room to go over the steps necessary for handling disasters and incidents alike. Stepping through the process of going from disaster to incident management to recovery is necessary to construct real-world scenarios and practice process improvement.
It doesn't matter if you have it all sorted out or you are still writing your document library, now is a great time to set some focus on the documents and processes specific to incident, disaster, continuity and recovery. Set up some time during the year to conduct some practice exercises or use the real-world one happening to provide a record for continued process improvement and lessons learned. You will come out ahead of the curve and be much more prepared for next time. Oh, and you might meet that compliance initiative while you are at it.