Access Credentials at your Alternate Workspace

An ‘alternate workspace’ (either at your own locations, or contracted through a 3rd party provider) can be a vital component of a viable Business Continuity strategy; but only if the strategy works as intended.

An earlier article discussed Alternate Site Logistics – transportation, access and accommodations.  But you’ll also need to make sure to build technical access into every BCP which may rely on an alternate site strategy.

Let’s assume in that hypothetical Alternate Workspace strategy the designated employees arrive safely and are granted access to their alternate workspace.

He or she sits down at their assigned seat, boots up the PC or laptop on the desk – but will they be able to log on?  Does that device (or the network) recognize them based on the username & password (or token) they use at their own desk?

This is especially true at 3rd party sites – where costs mount by the hour, from the moment of declaration.  Briefing responders on access protocols wastes time. Time wasted is money lost.  Will those 3rd party desktops have the same functionality and familiarity users are accustomed to?  Will special software or applications require designated users to have administrative rights – and will those be readily available?  Who supplies Desktop Support – the provider or your own organization?  If the latter, have adequate personnel been included in the appropriate IT Recovery Plan?  Neither planners nor responders will know those answers unless the questions are asked during the planning phase.

Even when using internal facilities, don’t assume the same access credentials that work at the home site will work at the alternate site.  For many reasons – legacy, acquisition, hardware age, and more – IT security policy is not always followed to the letter.  Will desktops images be appropriate (especially when ‘desk sharing’ is anticipated)?  Will there be sufficient Desktop Support personnel available to handles issues and answer questions?

Assume nothing.  Consult with IT Security (or the liaison with the site provider) when formulating the strategy to find out what will – or won’t – be necessary to assure access at the ‘alternate’ site.

Failure to understand and plan for access in an Alternate Site strategy will cause headaches and frustration.  But those can be avoided by asking the proper questions during the planning phase (and reiterating them each time the Plan is updated).  You can only plan for what you know – so find out what you need before you write those Alternate Site procedures.

SHARE:
Jim Mitchell

Jim Mitchell

A frequent speaker at Business Continuity conferences, many of Jim Mitchell’s blogs can be found elsewhere on eBRP’s website and has published articles in DRJ, Continuity Insights and Continuity Central. Jim has more than 20 years of experience in Business Continuity; if you don’t agree with his opinions – he won’t be surprised.

Related Posts

A Toolkit to Build Enterprise Resiliency

A Toolkit to Build Enterprise Resil...

A well-rounded Enterprise Resiliency Toolkit (𝗧𝗼𝗼𝗹𝗸𝗶𝘁) would provide key tools…
Enterprise Resiliency: Navigating Through Disruptions

Enterprise Resiliency: Navigating T...

In today’s threat landscape, the ability of an organization to…
Orchestrating BC/DR Testing: Virtual – Emergency Operations Centers

Orchestrating BC/DR Testing: Virtua...

  Enhancing Planning and Logistics Management  Coordinating BC/DR tests involves…
Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…