Why is it important to have a business continuity plan?
Rarely were businesses confronted to such complex times. In addition to the COVID-19 pandemic with its travel constraints and the subsequent economic downturn, CIOs had to deal with an unprecedented wave of computer attacks, particularly in the healthcare sector. This has led many companies to improve their BCP/DRP to counter the ever growing risks.
What is the definition of the Business Continuity Plan: the BCP goes far beyond the IT aspect
BCP (Business Continuity Plan) and DRP (Disaster Recovery Plan) projects are often approached as IT-only projects, but these approaches must cover all the activities and processes that make up the company’s business, from IT systems to energy suppliers, logistics and the premises where employees can return to work if the company's own are no longer available practicable. Both of these approaches, if combined, can help a company enter a continuous improvement Cyber-Resilience lifecycle from the preparation, identification, protection, detection, analysis, response and recovery steps.
A BCP tailored to each need and considered from a business perspective
EBRC considers business continuity as it should be from a business perspective and not only from the IT side. "A business continuity plan is decided by the company's management and must encompass all the services delivered by the company to its customers. It is therefore not just a matter of responding to e-mails but of maintaining production and continuing to deliver customers." emphasises Jean-Bernard Yata, Expert Consultant – Country Lead France. "The BCP, depending on the business imperatives can be implemented to switch IT from one Data Center to another, to organise homeworking for the staff, or to open fully equipped office spaces to accommodate the staff in less than 2 hours. If the crisis is expected to last, a BCP can go as far as planning the distribution of a factory production to other production sites, or even transferring all of a bank's activities from one country to another because of a geopolitical risk such as an armed conflict."
The ISO 27001 and 22301 standards: the foundation to be relied on when defining a Business Continuity Plan
In this context, the preliminary risk assessment is a crucial stage during which all the real and potential risks the company is subject to are assessed. In this exercise, it is necessary to rely on existing tools, i.e. the standards, to set up the recovery processes. ISO 27001 standard provides a framework for information security and ISO 22301 already lists all the threats, risks and incidents that can occur and adversely affect a company. These standards are a real support in strengthening a company's resilience, but certification is only of value if it is applied, says Jean-Bernard Yata: "There is an administrative approach to certification and a much more operational approach. Rather than a purely theoretical approach to certification, it is necessary to adopt a pragmatic approach based on elements that are directly transposable to the company's day-to-day activities."
A BCMS portal: steering the business continuity plan to remain operational in all circumstances
For its internal needs, EBRC has developed an efficient and proven methodology that we can directly transpose to our clients, enriching it with the specificities of their business. Thus, EBRC offers its clients its own BCMS (Business Continuity Management System) tool, Cyber Resilience Portal, to help them manage their business continuity plan. "All action plans and indicators are set out in the tool. All relevant users can see the processes and action plans to be implemented in the event of an incident" adds Jean-Bernard Yata. "When the COVID-19 pandemic required containment, the EBRC pandemic plan prepared in 2009 for H1N1 was implemented, which allowed our teams to remain operational. This experience is now available to all EBRC clients."
EBRC offers a unique approach in the market that allows organizations and companies to reduce their exposure to risks through tailored consulting and the provision of "Trusted" services aligned with the highest standards and certifications, the only elements that guarantee resilience.
Consulting, EBRC’s differentiator in the hosting market
EBRC's business goes far beyond data hosting. It also has a consulting structure, Trusted Advisory Services, with around thirty certified consultants, which helps companies set up data protection services, as well as obtain ISO 22301 certification, to initiate the assessment of deviations from the target standard (Gap Assessment) or the BIA (Business Impact Assessment), which is a prerequisite for the implementation of a BCP. Above all, unlike other consulting firms, EBRC's consulting offer is based on its own experience and a resolutely pragmatic approach of the implementation of business continuity plans. This pragmatism is appreciated as much for the efficiency of the processes as for the solutions recommended for the implementation of BCPs.
EBRC’s resilient services
Specialised in resilience to ensure secure access to data and the continuous operation of IT applications, EBRC’s business is supported by three Tier IV certified Data Centres. TIER IV certification, issued by Uptime Institute, is the highest level of security and resilience certification a Data Centre can achieve. EBRC's facilities have had 100% availability, zero downtime, for... 21 years! In parallel, EBRC has two disaster recovery sites in Luxembourg, with a capacity of 800 fully equipped workstations, ready to welcome its clients' employees in case of an incident. These infrastructures and the ISO 22301 certified processes enable this European company to offer a full range of resilient services, including a disaster recovery plan with an SLA of only 2 hours, or the Trusted Backup Recovery Services offer.
Business Continuity is relevant to all structures
Jean-Louis Gillon, International Business Development Manager at EBRC :
Business continuity and standards are not issues relevant for large companies only. The size of our structure and our responsiveness enable us to meet the needs and constraints of smaller companies. These companies see standards as a way of enhancing the value of their business for their major customers, but also for investors and shareholders. Standards are a lever, a differentiator for smaller companies.
Our pragmatic and responsive approach has enabled us to have several references with mid-sized and smaller companies of up to a dozen employees. But beyond this need for compliance, certification and the continuous improvement process are also tools to improve the company's sustainability and help it handle crises of all kinds and, in a way, give them also competitive differentiators."
EBRC, proven expertise certified to the highest industry standards
Founded in 2000, EBRC (an acronym for "European Business Reliance Centre") has positioned itself on the European market for data hosting services from Tier IV Data Centres operated in Europe. In this highly competitive market, EBRC's strategy has been to provide IT services that are both certified to the most demanding standards in the industry (ISO 27001, ISO 22301, ISO 20000 and ISO 27017) and offer services that meet regulatory requirements (PSF, HDS, PCI DSS). This strategy has enabled EBRC to position itself not only in the very dynamic Finance/ FinTech and RegTech markets, but also in the healthcare and life sciences sectors, international institutions, security, defence and space as well as online services and OES (Operators of Essential Services).
In addition to this purely technical business, EBRC has developed an important consulting business to help companies improve their data protection capabilities and more generally the resilience of their business. Jean-Louis Gillon, EBRC's International Business Development Manager in charge of the French market, explains this original positioning in the market: "Our approach differs from that of many hosting, data backup and cybersecurity players. Faced with the stress of a computer attack, each and every one offers highly technical solutions that only cover an isolated part of the overall problem. We prefer to promote continuity, from the Data Centres where the data is stored and where the processing is carried out to the other end of the chain, from the general management to the business users."