Back

The charity network that helps you shine.

Join 18,852 professionals and find your community in the UK charity sector.

Join CharityConnect
Close popup

Ocean King's badges

Helper’s Badge Level One
Level 1 of 5
This badge is awarded to members who have had a comment marked as Helpful
Helper’s Badge Level Two
Level 2 of 5
This badge is awarded to members who have had 5 comments marked as Helpful
Helper’s Badge Level Three
Level 3 of 5
This badge is awarded to members who have had 10 comments marked as Helpful
This question is from a member of our community that wishes to remain anonymous:
We are in the process of updating our business continuity plan to cover cyber incidents and I'm looking for some guidance on how much detail others have included in their plans.

We have a full incident response from our outsourced IT as to what their process would be in different scenarios (ransomware, inability to access Office 365, etc) but are now putting together our side of the incident response (internal comms etc). We are having discussions internally as to how much detail and how prescriptive this part should be.

Do others include prescriptive details (e.g. A will do B using C by D) or is it more general (e.g. the Charity will do X, Y and Z)? or something different?

No responses yet. Be the first to reply!

1 responses

Load more responses
Close popup

Bob Snarey's badges

Helper’s Badge Level One
Level 1 of 5
This badge is awarded to members who have had a comment marked as Helpful
Helper’s Badge Level Two
Level 2 of 5
This badge is awarded to members who have had 5 comments marked as Helpful
Helper’s Badge Level Three
Level 3 of 5
This badge is awarded to members who have had 10 comments marked as Helpful
Helper’s Badge Level Four
Level 4 of 5
This badge is awarded to members who have had 20 comments marked as Helpful

When updating a business continuity plan (BCP) to cover cyber incidents, the level of detail and prescriptiveness can vary depending on the size and complexity of your organisation, as well as the resources available. However, there are some general guidelines you can follow:
  1. Balance Between Detail and Flexibility: Your plan should be detailed enough to provide clear guidance and responsibilities but flexible enough to adapt to unforeseen circumstances. Overly prescriptive plans can become cumbersome and may not be practical in a fast-moving cyber incident.
  2. Clear Roles and Responsibilities: It's important to outline who is responsible for what. This can be somewhat prescriptive (e.g., "The IT Manager will coordinate with the outsourced IT team to assess the incident") to ensure clarity during a crisis.
  3. Communication Plans: Detail how internal and external communications will be handled, including who will communicate, through what channels, and the key messages. This can be more general but should include templates or guidelines for consistency.
  4. Actionable Steps: Include actionable steps for different scenarios. For instance, in the case of a ransomware attack, outline the immediate actions to be taken by staff (e.g., disconnecting from the network, notifying IT).
  5. Recovery Procedures: Detail the steps for recovery and returning to normal operations. This can include both general guidelines and specific tasks, depending on the nature of the incident.
  6. Training and Awareness: Your plan should include provisions for regular training and awareness sessions for staff to ensure they understand their roles and responsibilities.
  7. Regular Reviews and Updates: Cyber threats evolve rapidly, so your plan should be reviewed and updated regularly. This section can be more general, outlining the frequency and scope of reviews.
  8. Testing the Plan: Include how and when the plan will be tested (e.g., through tabletop exercises or drills). This can be a mix of general guidelines and specific details.
  9. Compliance and Legal Considerations: Ensure that your plan aligns with legal and regulatory requirements regarding data protection and privacy.
  10. Incident Documentation: Outline how incidents will be documented and reported, both for internal learning and compliance purposes.
In summary, a mix of prescriptive actions (especially for roles and immediate response steps) and general guidelines (for communication, recovery, and testing) is often effective. Tailor the plan to your organisation's specific needs, resources, and risk profile.

0 Likes
Please enter your comment.

Optional. An image can be added at the top of the comment. Images must be in PNG, GIF or JPG format. Unsplash.com is a great source for royalty free and high quality photos.

Please enter your comment.

Optional. An image can be added at the top of the comment. Images must be in PNG, GIF or JPG format. Unsplash.com is a great source for royalty free and high quality photos.
See previous comments
See new comments

Related posts

CAF bank fail, the day saved by Stewardship!

Peter Davies

Admin, Ops, IT & Finance

July Newbies' Thread 🎾🌞

Ocean King

Other Discussion

How long should I wait to hear back after a job application? (Anonymous post 🤫)

Ocean King

Recruitment & HR

Probono accountancy recommendations

Karen Davis

Admin, Ops, IT & Finance

Experiencing CAF bank issues

Neil Morley

Admin, Ops, IT & Finance