Business Continuity

2020 was a tough year for many organizations where we faced a global pandemic and increase in cyber activity among other disruptions.

Here are the lessons we look at from the year 2020 when it comes to Business Continuity Planning.

Mike Tyson Logo
Evaluate existing controls

Most organizations have structures to mitigate risks, however the probability of some risks materializing is very low. This does not prove that the controls are effective, it is simply good luck. It is important to test effectiveness of controls over time to ensure that when the disruption will inevitably occur, we will be prepared to deal with the impacts.

Conduct a Business Impact Assessment

A Business Impact Assessment enables organizations to assess the impacts of disruptions to business functions and gathers information needed to develop recovery strategies.

The key questions of the Business Impact Assessment are:

  • What are the critical/ prioritized operations
  • The minimum operating requirements you need to maintain those operations.
  • The core systems and service providers that those functions are reliant on
Stakeholders Involvement.

Most organizations have a risk department and assume that the role of disaster recovery and Business continuity planning is a risk department affair. However, every member of the organization is a player in Business Continuity planning, roles should be defined, and management should show commitment.

Scenario Based Planning.

Planning requires us to think in a ‘What if?” manner and also be ready to improvise. Nominating a Crisis Management Team is critical, the team should involve the right people with the right skills.

The scenarios should be used to evaluate the adequacy of the controls in place to ensure continuity of operations.

Do not Wait for a Disaster to plan. We all watched as COVID-19 hit China before it spread all over the world most countries never planned until the first case was reported.


Communication is vital for every Business Continuity Management System. Every organization should determine the communication requirements for all interested parties and tailor the communications to best suit them.

Test Recovery Capabilities

The business should conduct tests that simulate the unavailability of enablers for the critical operations and the plan in place in the event of such a scenario.

Always start with the simple tests then incrementally increase the scope.

Brian Kipkoech, Consultant

Share this post

Comments (2)

  • Cheruiyot Timothy Reply

    Very interesting read. Concerning the cyber space, we do have unanticipated risks happening especially when there is world wide crisis. On such scenario how do we balance the economic and mitigation process?

    March 11, 2021 at 11:25 am
    • Brian Kipkoech Reply

      The purpose of risk management is to determine the potential organizational impact if the risk materializes. We conduct a risk analysis and evaluation prior to coming up with a mitigation plan. We must determine the risk level and it’s mitigation cost before treating the risk. Controls are cost implicating so is risk ignorance.

      March 16, 2021 at 8:22 am

Leave a Reply

Your email address will not be published. Required fields are marked *


Hello, Thank you for contacting Sentinel Africa. How may i assist you?

× WhatsApp for Enquiry