Security’s Role in Business Continuity

By Megan Gates

1 March 2021

Print Issue: March/April 2021

Never before has the need for security professionals to be involved in business continuity efforts been as prevalent as it was in 2020. From deciding how to handle COVID-19 to natural disasters to civil unrest to cyberthreats, executives have turned to their security teams to help keep businesses—and employees—safe while remaining productive.

To help provide best practices for these teams, ASIS International gathered a group of experts to update its Business Continuity Guideline, says Robert Carotenuto, CPP, PCI, PSP, director of security at The Shed and chair of the guideline committee.

“We understand that the pandemic is on everyone’s minds, but it’s not the only emergency and crisis situation,” Carotenuto says. “There are political crises, rioting, global climate change with fires in California, and hurricanes, so we understood that the guideline needed to address the survivability of your organization in terms of facing many threats that are known, unknown, or infrequent.”

We-understand-that-the-pandemic-is-on-everyones-minds-but-its-not-the-only-emergency-and-crisis-situation.png

The guideline, planned for publication in spring 2021, will update the existing guideline—written in 2005—providing recommendations for a business continuity management program that enables users to identify, develop, implement, and monitor policies, objectives, capabilities, processes, and programs to address disruptive incidents and crisis events that could impact the organization. The guideline will also provide a framework for organizations to use to prepare for—and successfully manage—critical business functions during and after a disruptive incident or crisis.

There are 27 members on the guideline committee, and many of the discussions during its monthly meetings demonstrated how the understanding and concept of risk has changed throughout the course of COVID-19; how the long-off threat of a pandemic has impacted planning for unlikely but potentially catastrophic risks, Carotenuto adds.

“Risks that develop over time—we as humans are not really good at assessing that. Things that take a long time to develop, over years, people tend not to see as imminent,” he says. “They don’t feel the need to take immediate action.”

But when it comes to risks like pandemics and climate change, organizations and security professionals need to scan the horizon to prepare themselves.

“It’s taking the long-term view, seeing a risk that develops slowly over time that you need a long-term strategy for,” Carotenuto says. “That’s the challenge, to come up with a solution for a risk that slowly erodes stability and resilience over many years.”

For more on ASIS International’s Standards & Guidelines, visit: asisonline.org/publications--resources/standards--guidelines.

<p>Your browser does not support iframes.</p>

Security’s Role in Business Continuity

Germany Arrests Two Alleged Russian Spies

GAO Estimates U.S. Government Loses Upwards of $500 Billion Each Year to Fraud

Industry News: Chile’s Port of Valparaiso Improves Video Wall Monitoring

Protesters Block Traffic at Key Sites in Several U.S. Cities

Getting Visitor Management Right in Access Control

Feds Arrest Would-Be Solo Terrorist One Day Before Planned Attack on Church

Security Design 101: Best Practices on Complex Design Elements

Crime Spree Targeting Small Museums Ends After 20 Years