Through establishment and deployment of an emergency management program, top-level personnel can send a clear message to everyone in the entity that business continuity and disaster recovery control responsibilities are taken seriously. If properly institutionalized, lower-level personnel will endeavor to understand germane aspects of the entity’s continuity systems, and how they operate, as well as their own roles and responsibilities within the control program.
Within the confidentiality, integrity, and availability (C-I-A) triad; pertinent financial and non-financial information relating to external or internal events, as well as daily activities, should be identified, captured, and communicated properly and in a timely manner to decision makers. When required, established entity communication channels should permit authorized information flows throughout the organizational structure, with all relevant internal and external data reliably conveyed to intended recipients.
“View Part I of the Business Continuity and IT Availability series here“