RESPOND TO EACH QUESTION WITH AT LEAST 100 WORDS and 1 Reference

Question 1 (Christopher Cren)

The PCI, or payment card industry, standards are in place to protect business owners, merchants, and consumers when payments and purchases are made via debit and credit cards, or other means of technology. However, these standards are not mandatory, and non-compliance poses it risks to a business. These risks include using unsecure systems, compromised customer payment card information, and cyber threats such as hackers (PCI, 2022, p.1). These risks can tarnish a business’s reputation as well as destroy its financial integrity. Although the PCI is not a law, it is another security step that can be taken to protect your company and assets.

Other mandates may be discovered due to the UCC. The UCC is “not law, rather made up of recommendations for laws that states may adopt as written with modification” (Glackin & Mariotti, 2020, chap 11). The UCC covers a range of commercial transactions like general provisions, sales, leases, bank deposits, and more (Glackin & Mariotti, 2020, chap 11). The vast coverage of the UCC helps businesses do transactions easily across state lines where the laws are different per state. Operating state to state would introduce entrepreneurs to different mandates and compliances, thus the UCC comes into play to convert multiple laws into common operating terms.

QUESTION 2 (Jessica AM)

PCI compliance is not a legal mandate. As such, assess the risks of noncompliance with the PCI standards.

According to Juliana de Groot of Data Insider (2021), PCI is a set of requirements that help protect and prevent data breaches and payment credit card theft. It is an ongoing process that ensures the systems involved with data and credit card processing are secure. This ultimately leads to the contribution on a global level to payment card data security solutions. Noncompliance can lead to data breaches and loss of sales, lawsuits, insurance claims, cancelled accounts, payment card issuer fines, government fines and more (para. 5).

Determine how an entrepreneur might discover other mandates that, while not embodied in the legal code, require compliance.

As an entrepreneur, I was made aware of some mandates through the savviness of my business attorney however, many of them were only through trial and error. For example, there are laws for making sure that you have an ADA Compliant Sign at any size business. I knew about the ADA signs and was compliant there however; I did not know that they must include Braille and pictograms. There are activists that go around and advocate for the ADA compliance and made my business very aware that I was not pictogram or braille compliant. It was an easy fix though; I just changed the signs. But it an example of a legal code that requires compliance that can be overlooked.

QUESTION 3 (Cory Boese)

A business continuity plan is a tool used to identify potential threats to a small business and creates protocols to deal with the threats so that the business can keep moving forward (Shanahan, 2021). For a natural disaster or fire, a disaster recovery plan is a set of tools and procedures that restore information systems and processes. The business continuity plan aids the business operation in communication, establishing priorities, designating a new base of operations, and returning to normal operations (Glackin et al., 2020). This plan should be created and tested periodically to ensure that it accurately meets the needs of the business. Regardless of business size, management must plan for a rare but consequential business disruption (Glackin et al., 2020). The most recent COVID-19 pandemic adversely affected most organizations, and small businesses were hit the hardest. In a PNAS survey conducted in 2020, 43% of the small business respondents had temporarily closed (Shanahan, 2021).

During my small business continuity plan template search, I found several versions of the FEMA template. The preferred one is linked here (Links to an external site.).

This tool is appropriate for proposing preventive and remedial actions for business interruptions common to the north Texas area; flooding, hurricanes, thunderstorms, lightning, hail, tornado, high winds, and winter storms FEMA.(n.d.). It has an employee contact list, and seeks to protect vital business records FEMA.(n.d.), assesses critical business functions, and provisions for an alternate business site.

I would test this small business continuity plan at least annually or more often if the business grows rapidly. This frequency would ensure that the plan is executable in the event it is needed.

QUESTION 4 (Joseph Naro)

When creating a contingency plan for a small business, there are various criteria that should be defined in order to accurately prepare for the unexpected. An organized and descriptive plan requires an insight to the market and what to do to adequately prepare for and cope with business disruptions.

In the risk assessment portion of the document, there is a response plan for actions following a variety of potential incidents, improvements for business performance, and ideation for timely recovery. By clearly stating the primary objectives of the plan accompanied with basic assumptions, these document allows for guided paths to solution for the business owner as well as a liberty to adapt it towards their operation. The three primary objectives are to: Maintain Critical Business Functions, ensure employees are able to access an alternate facility, and protect vital records.

When it comes to environmental hazards, this plan assesses the likelihood and aggressive response plan to ensure a timely recovery utilizing probability, magnitude, warning, duration, and risk priority. The best way to test this contingency plan would be to evaluate it to a public company of similar industry, area, and size. This can be accomplished through a walkthrough exercise or a desktop simulation regarding the Hazard and Operability Study (HAZOP) if applicable to the operation.

pur-new-sol

Related Questions