By David Keating
Vice President, Information Technology
David is a highly experienced IT professional with over 20 years’ experience in various sectors, ranging from public sector to private sector, multi-national and SME. He is responsible for IT & Security across the organisation’s 4 sites and strategic decision making. Find him on Linkedin.
As a SaaS company holding sensitive customer HCM data, security and business continuity forms a key element of our IT strategy. CoreHR has a Business Continuity Policy (BCP) framework covering all elements of the business should there be a catastrophic event at any one office location. The BCP Policy is closely aligned with our ISO 27001 certification and focuses on information security as a key component. With 100% of our staff now working remotely, enacting this BCP Policy was no small feat.
So what data is stored where?
It’s important to note that we do not hold any customer data at any of our office locations. All customer data is securely stored in BT data centres with equal investment in our Primary and DR Datacentre Infrastructures. That said it does not mean that we invest any less in our corporate sites.
As a business, like many others in today’s day and age, we promote an active work-life balance and to achieve this, myself and the IT department have been facilitating secure remote working for some time. We use a method of 2FA authentication to allow employees securely access the CoreHR network and services remotely. This BAU element to remote working, along with yearly BCP tests confirms the organisation’s ability to continue providing BAU services in the event that any CoreHR office becomes unavailable. The hope, of course, is that these processes and continued investment will never be required. However, in the past few weeks, we’ve invoked full BCP with staff across all sites currently working remotely.
How easy was it to transition to remote working?
We were in position to enact our BCP policy without any concerns or risk of disrupted service. This is down to the work we did prior to the COVID-19 outbreak to provide a ‘real’ BCP plan with Executive-level support that is tested and validated rather than a tick-box document, behind which sits empty promises and zero investment. Companies who have not invested the time and resources to identify risks to the business continuity in the face of a disaster will be under considerable pressure at this time, and are likely to invest in the tangible benefits of having a tested BCP moving forward.
What steps would you recommend a business takes to have a ‘real’ BCP plan?
CoreHR’s BCP Policy covers all aspects of the business but with a heightened level of focus on those elements of the business supporting customer SaaS environments and applications:
- Corporate IT
- Application Support
- Development Support
- Cloud Platform Team
- Managed Payroll Services
- Professional Services
At CoreHR, Managed Services, Support, Development and Cloud Platform teams are typically spread across two distinct office locations. It’s important for those staff specifically to work independent from any single location to gain access to the primary or secondary data centre where customer data resides, and from which the SaaS Service is delivered. We offer our customers the ability to take ownership of their end-to-end payroll processing in times of need. This allows them to focus on other key business activities, while ensuring peace of mind when it comes to data security and compliance. Find out more about the Managed Payroll Service.
We leverage the agile functionality within our HCM platform to quickly create relevant screens that can be used to capture details on employee’s ability to work remotely in the event of invoking BCP and identify talent that can be seconded cross-functionally should the need arise. This agile functionality is available to all our customers and if you would like to find out more, get in touch.
Overall, I’d suggest putting a BCP plan in place for your organisation in the event that something catastrophic happens and you’re forced to enact it. Many companies think they’ll be in a good position to ask all staff to work from home as needed, but without a firm policy and test practices in place, they are likely to identify gaps they hadn’t expected. Take the time to put it on paper and get business buy-in. You won’t regret it.
Want to learn more?
Click on the button below to visit our Resources page to view the latest news, blogs, events, reports and white papers