Disaster can come from external factors, such as wildfires, floods and storms, as well as internal events, such as a toxic chemical spill or boiler failure in your facility. It’s crucial to have a plan to recover from these events and to provide a framework to return to work as quickly as possible.
Developing a business continuity plan can reduce recovery costs, safeguard your company’s reputation and may even save lives.
Business continuity planning creates a back-up plan that documents how your business will operate if it’s is crippled by unforeseen events. Examples include natural disasters, terrorist attacks, strikes and arson. A disaster recovery plan (DRP) is a subset of the BCP; it documents detailed instructions on how to respond to these unforeseen events.
Before fabricating a detailed plan, your organization should conduct a risk analysis and a business impact analysis that establish recovery objectives and time frames.
The Federal Emergency Management Agency (FEMA) reports that 40% of small businesses close following a disaster, according to CNBC’s hurricane preparedness report. Many small business owners don’t consider disasters among their business risks when making contingency plans or purchasing insurance coverage. It’s a mistake that could threaten your company’s very existence.
Most BCPs consider how to keep essential functions running throughout a disaster and to shorten the recovery period. BCPs are essential for organizations of all sizes, but it may not be feasible to have complete backups for all your business systems. That’s why it’s important to prioritize essential systems, such as customer relationship management tools and compliance and reporting systems.
Many experts agree that once systems are prioritized the recovery budget should be allocated accordingly. Failovers systems should be initiated to ensure crucial components can be restored in case of cyber attacks, terrorism and other catastrophic events.
The Components of a Business Continuity Plan:
Disaster Preparedness – Recognize the types of events that might compromise your business, assess the threats facing your company and identify steps to eliminate or minimize the impact of those threats.
Emergency Response – Develop procedures that enable you to respond when a disaster occurs or is forecast to occur. Continue with the plan until everyone is safe and there is no further threat of property damage or bodily injury.
Business Recovery – Identify your company’s critical business functions and define procedures that will facilitate restoration of sales, production and operations to pre-disaster levels.
There are five steps to creating a BCP:
1. Build Your Team. Use a top-down approach to build your plan. That means getting the buy-in of the C-suite, including sign-offs by senior management. One point person should own the process, supported by a core team with representatives from every business department.
2. Assess Risk. List out and rank all the hazards that could threaten your company. Examples include: climate, cybersecurity, supply chain, fire protection, facility construction, staffing and utilities.
3. Analyze Business. Create a business impact analysis (BIA) to rank the risks on your list. The idea is to strategize which systems need to come back online first after an emergency. The appropriate business units should be responsible for suggesting recovery strategies to get up and running within a recovery time objective. For example, backup data files need to be stored offsite and available within a few hours of a disaster, and your IT vendor may be able to expedite the shipment of replacement equipment following a catastrophic event.
4. Document the Plan. Documentation needs to include step-by-step procedures. This doesn’t have to be fancy — most plans are written using word-processing programs.
5. Test the Plan. To verify your recovery strategies, testing is essential. These tests vary in complexity from a discussion of the steps needed to respond to a disaster to comprehensive testing of your backup and recovery of core files and systems. Keep in mind that, business continuity planning should be continually reviewed since your systems and business relationships are static.
Be sure to have a website or number that employees can call to check in. Services may be disrupted for several days, but most employees should be able to check in within 48 hours. Having a documented plan with one website and number makes it easy for everyone to stay in touch. Social media sites are another great way to let everyone post their status or ability to return to work.
Personnel disruptions. The BCP is often mainly operational, dealing with physical infrastructure. However, a business also needs its people to function. A potential disaster can affect your employees’ lives in various ways, including:
Consider your customers. During a disaster, your first calls may be to insurers and vendors. Don’t forget to keep your customers in the loop. Remember, customers want their regular services and are ready to go elsewhere to get it.
Consider vendor stability. If core services are provided by third-party vendors, double-check to make sure continued service is available during a disaster. Vendors may have an issue delivering goods to your business in a disaster area; vendors in other regions impacted by a disaster may not be able to make deliveries.