Business Continuity in a Box, a set of instructions to help organizations to maintain or re-establish basic operations during or after a cyber incident, has been published by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and the US Cybersecurity and Infrastructure Security Agency (CISA). Its aim is to assist businesses to establish basic communications functionality and design and deploy an interim cloud solution for hosting cloud applications.
The instructions are for businesses that do not have a business continuity plan in place and should not be used by those existing Microsoft 365 or Google Workspace customers — in these instances businesses should contact their relevant hosting provider.
Business Continuity in a Box has step-by-step instructions to identify and set up an interim solution that best suits a business. This can be used by an organization or the managed services provider (MSP) following an assessment to determine if this is the right tool.
Who can benefit from Business Continuity in a Box
The instructions are better suited for small to medium-sized organisations (10-300 people) who require an interim ICT solution to deliver minimal services. Larger enterprises and government departments can also use the guidance but are likely to need to apply additional configuration steps. Larger organisations should consult with an MSP and carry out appropriate independent risk and business impact assessments.
Someone with basic level of computing knowledge would be able implement the communications package but the applications package requires someone with intermediate level of knowledge of cloud services.
What is included in the Business Continuity in a Box guidance
The instructions should be followed immediately after an incident is identified and were developed using Microsoft 365 as the core technology stack due to its prevalent usage across business and government organisations.