About
Foundational Principles In the Community Diversity, Equity & Inclusion Technical Excellence Alumni TIAG Membership
Careers
Why Cohen & Company Our Culture Total Rewards & Benefits Intern & Entry Level Opportunities Experienced Opportunities
Contact
Akron, OH Baltimore, MD Chicago, IL Cleveland, OH Detroit, MI Milwaukee, WI New York, NY Philadelphia, PA Pittsburgh, PA St. Clair Shores, MI Youngstown, OH
Client Portal
Services Industries Knowledge Center People

About Our Services

We offer tailored solutions — whether private company or owner; public or private fund, adviser or fund service provider; or Fortune 1000 enterprise. Learn how we can help you.

Learn More

Assurance Services

Employee Benefit Plan Audits Internal Controls Investment Company Audits Private Company Audits SOC Readiness & Compliance

Tax Services

Federal Tax Planning & Compliance High Net Worth & Wealth Transfer International Filings & Structuring Investment Company Tax State & Local Tax Tax Credits & Incentives Transaction Tax Planning

Advisory Services

Business Valuations Data & Insights Digital Finance Solutions IT Strategy & Implementation M&A Advisory Outsourced Accounting Solutions Risk Assurance & Advisory Transaction Services Turnaround & Restructuring

Our Industry Expertise

Our industry experience means you can find professionals who speak your language and bring earned insights to the table. Learn how we can help you.

Learn More

Key Industries

Digital Assets Investment Companies Manufacturing Private Companies Private Equity Real Estate & Construction Technology & Life Science
VIEW THE COMPLETE LIST

Knowledge Center

Our team wants to help your team stay up to date. Browse our thought leadership, events and news for insights and a point of view on business-critical topics.

Learn More

Insights

Browse valuable articles and publications our experts have written to help you and your organization answer key questions — and consider new ones.

Read Our Insights

Events

Join us in person and online for events that address timely topics and key business considerations.

Explore Our Events

News

Find out what is happening at Cohen & Company, from industry recognitions and growth updates, to where we are contributing to important media stories.

Read Our News
People
Foundational Principles In the Community Diversity, Equity & Inclusion Technical Excellence Alumni TIAG Membership
Why Cohen & Company Our Culture Total Rewards & Benefits Intern & Entry Level Opportunities Experienced Opportunities
Akron, OH Baltimore, MD Chicago, IL Cleveland, OH Detroit, MI Milwaukee, WI New York, NY Philadelphia, PA Pittsburgh, PA St. Clair Shores, MI Youngstown, OH
Client Portal
Back to Insights

Real-life Testing of Your Business Continuity Plan During the COVID-19 Pandemic

April 07, 2020 SOC Readiness & Compliance

A business continuity plan is a critical part of your SOC 2 preparation and risk management program. It’s so critical in fact that one of the SOC compliance requirements is to perform a “tabletop exercise” to test, at least annually, your business continuity plan in the event of a crisis.
 
Certainly not a tabletop exercise, the COVID-19 pandemic does present a real-life opportunity to test your business continuity plan and evaluate its effectiveness, especially with respect to the functioning of mission-critical systems and processes, availability of key personnel, access to physical continuity site location(s) and remote access capabilities to systems. This is a high-impact crisis testing every thread of your organizational resiliency.

Key Areas to Evaluate

If you haven’t already, below are some key areas in which you may experience difficulties during this real-life test of your business continuity plan:

  • Overreliance on your SaaS. It is common for companies to migrate all or a large portion of their infrastructure and other critical assets to SaaS. You are ultimately responsible for creating a failover plan and having a redundant solution in place should you experience a failure. Also consider whether you need to make updates to your vendor contracts if promises were made as to availability of services but didn’t hold up during this crisis.
  • Proper identification of critical assets and data. Did you know how vast your network is? You should have an inventory of all assets — physical devices, software and data — that are critical to operations and understand the impact this disruption has had on each.
  • Understanding your “business as usual” requirements. Your service level agreements may define or imply certain commitments as to the speed and quality of your operations. This pandemic creates a unique environment for evaluating how your recovery time and communication plan during the disruption can impact your reputation and survival.
  • Strict adherence to the original plan. Your plan should be flexible as the day-to-day information and circumstances surrounding this disruption are extremely fluid. The execution plan set in motion two weeks ago is probably different than what is required today given the performance of your systems, changes in personnel availability and productivity, and other factors affecting your supply chain, cash flow, etc. Recognition that this is fluid disruption with near constant modification and having a strong communication strategy among your executive team, risk management, HR, IT and key operations personnel will play a key component in the ongoing success of your business continuity plan.

Document Your Challenges

It is too early to perform a full assessment of the impact this pandemic will have and the adjustments needed in your plan; however, it is important for your business continuity coordinator to maintain documentation of the challenges experienced during this crisis.
 
Good documentation includes details on the problems encountered, actions taken and lessons learned. Capturing this detailed information will not only demonstrate during your next SOC examination that you met the compliance requirement, but it will offer an opportunity to learn about and identify weaknesses in your plan and make important modifications to the plan for the future.

One thing we can learn from the COVID-19 global pandemic is that business continuity planning is not a “set it and forget it” exercise. The plan should be a living and breathing document with procedures that are reasonably designed to enable companies to meet their obligations to customers and counterparties during an emergency or significant business disruption. It should be reviewed and updated regularly for changes to operations, structure, personnel, locations and more.

Contact a member of your service team to discuss this topic further.

Cohen & Company is not rendering legal, accounting or other professional advice. Information contained in this post is considered accurate as of the date of publishing. Any action taken based on information in this blog should be taken only after a detailed review of the specific facts, circumstances and current law.

Sign Up for Our Emails & Events

Receive insights from our specialists in a variety of areas and timely information on upcoming events directly to your inbox as they go live in our online Knowledge Center.

Subscribe Today
Subscribe to our newsletter
About Contact Submit RFP Privacy Policy
LinkedIn Twitter Facebook
© 2023 Cohen & Company