Holistic Planning for Breach ResponseBreach Response Planning Should be Part of Business Continuity
"Most view business continuity as compliance issues, rather than as being part of the overall business," says Schroeder, who serves as vice president of business continuity for Southeast Corporate Federal Credit Union [$2 billion in assets].
What organizations really need to understand is that effective business continuity takes many things in to consideration, including breach response and disaster recovery. In fact, Schroeder says what most businesses fail to recognize is that a breach is a disaster, and so the continuity planning that is put in place for breach response should be the same strategy that addresses disasters overall.
"They need to get the boss involved," Schroeder says. "It takes a lot of involvement from management to instill the holistic approach."
Most organizations, however, separate strategic planning for breach response from business continuity. But integrating the two makes good business sense, because it saves time and money. It also ensures more coverage for the unexpected. "You don't have to have subject matter experts developing your response plans," Schroeder says. "After a breach, you just need folks who can go in and review what happened."
During this interview, Schroeder discusses:
- The nine key points to be addressed in every business continuity plan;
- The public relations and media challenges most organizations overlook in their business continuity and breach-response plans; and
- Unique considerations specific industries, such as financial-services and healthcare, should consider when developing and writing their strategies.
Schroeder is a certified Disaster Recovery Institute international business-continuity professional. He serves on the editorial advisory board for The Disaster Recovery Journal and is editor of the newsletter for the Public Private Businesses Inc., a non-profit organization of professionals dedicated to public and private emergency management, disaster response and business continuity planning. In addition to his duties at Southeast Corporate FCU, Schroeder provides consulting services to real-person credit unions. His services include plan-reviews, staff and board training, exercise development and facilitation, and program and plan development. He teaches a one-day seminar course in business continuity planning for credit unions and has spoken at CUNA and Disaster Recovery Journal conferences, as well as numerous League and Chapter meetings.