PROJECT: drafting a Business Continuity Plan for a FinTech start-up

The client

Our client is a digital start-up developing artificial intelligence and behavioural science technologies for financial institutions and advisers. Their tool enables banking professionals to better understand their customers, enabling them to tailor their advice to the financial personality of their savers.

By the very nature of the product, and the sector in which the company operates (banking), it is particularly concerned by cybersecurity issues, insofar as the tools developed by the company process a large amount of personal and sensitive data (linked to the banking behaviour and financial health of savers).

The security challenges were numerous:

• Ensuring the security of the data processed by the company, not only for reputational reasons, but also in terms of regulatory and legal compliance;

• Understanding and anticipating potential cyber threats to the business, and implementing defensive cyber security measures;

• Anticipate risks and possible crisis scenarios, so as to draw up an appropriate action plan in the event of a major incident, to enable an effective, organised resumption of activities disrupted by the incident.
  

Our service

An organisation's success depends on its ability to keep its critical processes running smoothly to deliver its key products and services. This is why the drafting of a BCP (Business Continuity Plan) has been the preferred solution.

The aim of a BCP/BRP is to ensure that the organisation establishes a strategy, a plan and procedures to reduce and minimise the impact of a major disruption on its main activities.

It ensures that companies do not come to a complete standstill following an incident or natural disaster.

The objectives of a BCP are:

• Identify your organisation's key processes and assess the impact of a disruption on them.

• Identify and analyse the risks to your business continuity.

• Provide you with a concise overview of how your organisation will respond to a disruptive incident affecting business continuity.

• Define who will be involved in the event of an incident and how business continuity and recovery plans will be implemented.

• Describe the resources in place to help manage the incident.

• Define how decisions will be taken in response to an incident.

• Explain how communication within your organisation and with external parties will be managed.

• Define what will happen once the incident has been resolved and the responders have been removed.

This type of service generally involves 3 main stages:

• Firstly, a Business Impact Analysis is carried out to understand in detail the impact of a potential security incident on the organisation. During this stage, a risk analysis is carried out to identify existing risks and to determine whether the organisation has put in place appropriate procedures to react in the event of a proven incident. A risk classification is also carried out to precisely identify the most critical risks, in terms of both consequences and probability of occurrence.

• The second stage consists of drawing up a report summarising the results of the impact analysis and the risk analysis. A strategy is then drawn up to propose solutions to remedy the risks. The customer then has the opportunity to accept or reject the proposals made. On this basis, a BCP (or Business Continuity Plan) is drawn up, detailing the steps to be taken in the event of a proven security incident, as well as a detailed action plan to mitigate the risks identified.
  

• And finally, a third stage will involve proposing dedicated procedures for the most critical risks. At this stage, the few most critical risks are identified and classified, and a much more exhaustive action plan is associated with them.

The specifics of this project

Drawing up a BCP is an essential step in creating a corporate security governance culture. It ensures that cyber risks have been anticipated and that preventive measures have been put in place to guarantee business continuity in the event of a security incident.

In the context of ISO 27001 certification, the drafting of a BCP is an essential step, as it contributes to the company's ISMS (Information Security Management System).

Related blog posts:

• "Regulatory compliance support for MARTI, a connected healthcare solution"

• "How to get an authorisation for a video-protection system?"

Did you enjoy this blog post?

Find more content related to cybersecurity and GDPR regulatory compliance on the CyberSecura blog!

Find out more about our BCP drafting services!

We need your answers!

By completing this survey, you are helping us to better understand your interactions with our site and your potential needs.

Your answers are anonymous, and unless you ask to be contacted again by our teams, no personal information is requested!

Thank you for your responses!

Would you like to be informed of our news and receive our latest blog articles directly in your mailbox? Subscribe to our monthly newsletter!

Would you like to discuss your difficulties, your needs, our offers? Ask to be contacted, free of charge and without obligation, by one of our cybersecurity experts!