Security’s Role in Business Continuity
Never before has the need for security professionals to be involved in business continuity efforts been as prevalent as it was in 2020. From deciding how to handle COVID-19 to natural disasters to civil unrest to cyberthreats, executives have turned to their security teams to help keep businesses—and employees—safe while remaining productive.
To help provide best practices for these teams, ASIS International gathered a group of experts to update its Business Continuity Guideline, says Robert Carotenuto, CPP, PCI, PSP, director of security at The Shed and chair of the guideline committee.
“We understand that the pandemic is on everyone’s minds, but it’s not the only emergency and crisis situation,” Carotenuto says. “There are political crises, rioting, global climate change with fires in California, and hurricanes, so we understood that the guideline needed to address the survivability of your organization in terms of facing many threats that are known, unknown, or infrequent.”
The guideline, planned for publication in spring 2021, will update the existing guideline—written in 2005—providing recommendations for a business continuity management program that enables users to identify, develop, implement, and monitor policies, objectives, capabilities, processes, and programs to address disruptive incidents and crisis events that could impact the organization. The guideline will also provide a framework for organizations to use to prepare for—and successfully manage—critical business functions during and after a disruptive incident or crisis.
There are 27 members on the guideline committee, and many of the discussions during its monthly meetings demonstrated how the understanding and concept of risk has changed throughout the course of COVID-19; how the long-off threat of a pandemic has impacted planning for unlikely but potentially catastrophic risks, Carotenuto adds.
“Risks that develop over time—we as humans are not really good at assessing that. Things that take a long time to develop, over years, people tend not to see as imminent,” he says. “They don’t feel the need to take immediate action.”
But when it comes to risks like pandemics and climate change, organizations and security professionals need to scan the horizon to prepare themselves.
“It’s taking the long-term view, seeing a risk that develops slowly over time that you need a long-term strategy for,” Carotenuto says. “That’s the challenge, to come up with a solution for a risk that slowly erodes stability and resilience over many years.”
For more on ASIS International’s Standards & Guidelines, visit: asisonline.org/publications--resources/standards--guidelines.