Business continuity is good for your business, but is it also a legal requirement? Laws and regulations differ from one country or one industry to another, although there is a basic expectation that organisations will act responsibly.
Data integrity, security and availability are part of those expectations, implicitly or explicitly.
Due diligence is now a concept that extends beyond mergers and acquisitions. It also covers compliance with various standards of IT and data management. So, how might this affect your enterprise?
In Australia, regulations to be observed concerning business continuity and disaster recovery exist for specific sectors such as finance.
Austraclear, the organisation providing settlement services for the Australian Stock Exchange, specifies obligations for “participants” to put BCP in place.
They must also notify any outage or disruption triggering engagement of the BCP. Regional government organisations such as the Western Australian Government publish business continuity management guidelines online. These are ostensibly for government agencies, but also freely available for anyone with Internet access.
They contain references to possible impacts in terms of regulatory or statutory breaches, but with no further details.
By comparison, in the United States, there is a similar patchwork of BC requirements. In healthcare in the US, the Health Insurance Portability and Accountability Act (HIPAA) obliges organisations to have a suitable data backup plan, DR plan and emergency mode operation plan.
In finance, the Federal Financial Institutions Examination Council (FFIEC) Handbook states that directors and managers are accountable for contingency planning across their organisations, and for “timely resumption of operations in the event of a disaster.”
The Expedited Funds Availability (EFA) Act obliges federally chartered financial institutions to be able to demonstrate a BCP designed to maintain availability of funds. Similarly, US utilities and government organisations are required to have certain BC measures in place.
Bottom line? Whether you do business at home, abroad, or both, find out about any legal requirements for implementing business continuity.