When was the last time you spoke to the folks in charge of Business Continuity Planning? If the answer is “never” or “who?,” I recommend you reach out to them this week and set up a call or meeting.
In case you’ve not interacted with them before, the business continuity planning team is typically in charge of considering worst case scenarios and having a plan in place to deal with them. The best business continuity departments think through everything from a terrorist attack, to catastrophic IT systems failure, to the effect of pandemic flu. What does this have to do with compliance? Three things come immediately to mind:
1. People Think the Rules Don’t Apply
When a disaster strikes, adrenaline takes over and people think only about what is immediately in front of them. While this response is incredibly helpful in a medical emergency, it can be highly problematic in other scenarios. If the entire reservations system at an airline breaks down, it would be very easy to start indiscriminately looking at customer records, or opening customer databases to people who shouldn’t have access, to try to solve the problem quickly. This could open the company up to data privacy breaches and regulatory action after the fact. By talking to people in the business continuity team (and IT team / team responsible for data breach response) before disaster strikes, you’re much more likely to have plans in place for a proper response when a problem occurs.
2. People Won’t Know Who to Call
If you don’t interact with those who respond to crisis before it happens, they may not know they need to call you when a crisis occurs. Let’s say you’ve never talked to the receptionists or front desk staff in your European offices about what to do if the regulators come in during a dawn raid and demand immediate access to your offices and computer systems. Would they know how to respond? Do they have the phone number of a local attorney who has agreed to be there within a half hour to accompany the regulator? By talking to people now, you avoid these problems later.
3. If You’re Caught Up in the Issue, They’ll Already Know What to Do
If you’re caught up in the issue (say, you’ve caught the pandemic flu or are held up in Mozambique because of the airline outage), your prior conversations will guide people in responding to crisis in a compliant and ethical way. Once you’ve shown your interest, perhaps you can sit on the enterprise risk management steering committee, or you can participate in the business continuity planning practice exercise. By making these connections now, you’ll ensure you’re on people’s minds later.
Recent events in the news have made us all aware that business and personal crisis is possible. By planning now, you’ll make it much easier to deal with later.