Every business has a business plan. You identify your goals, your mission statement, conduct industry analyses, create a marketing plan, a financial plan, and more. This document acts as a living guide for your business; it lays out how you will raise capital, create management structure, and lays out an actionable plan to achieve short and long term business goals.
Preparation is the Best Defense
Planning for business continuity will help you create a system of prevention protocols and recovery procedures to restore the critical functions of your business in the event of a disaster, natural or otherwise.
A business continuity plan is much more than just a backup plan. A comprehensive business continuity plan should identify potential threats, create clearcut areas of responsibility and hierarchy. It should also include emergency contact information, delineate recovery teams, address offsite data backup, identify essential business activity, and lay out a disaster recovery strategy.
Think of it as a roadmap for restoration and a plan of action for your essential business functions. For this reason, your business continuity plan should be well thought out. It should be revisited and revised when necessary, and it should be thoroughly understood and rehearsed by key personnel.
Assemble Your Team
Because planning for business continuity includes restoration of critical functions and operations during a disaster, your team will play a big part ensuring it is well implemented and successful. When creating your BCP, you need to think about the core members of your team who will best be able to implement your disaster recovery strategy.
Continuity team members should be involved in writing and revising your BCP. Your continuity team will be in charge of communication, delegation, support, and recovery. For this reason, your team should include:
- An IT specialist
- A cloud support specialist
- A communication specialist
- Department heads for delegation
- Administrative Support
Your continuity team will implement your recovery plan. Each member of your team should be assigned specific areas of responsibility. There should also be a clear-cut hierarchy and chain of command, especially considering that some disasters may result in loss of personnel due to illness or lack of communication.
Your plan is only as good as the team that carries it out. For this reason, your team should maintain, reevaluate, and update your BCP as needed. Further, your team should create and actively maintain a contact list that includes internal personnel, outside personnel, emergency contacts, emergency services (like fire, security, utility, building maintenance, and IT) and other parties that may be impacted by business disruption.
Develop Your Plan
Creating a business continuity plan is a lot like creating a business plan; you’re creating a tailor-made document written and structured to best suit your specific business in case of disruption or emergency. Planning for business continuity will help you lay out the essential operations that need to remain functional during an emergency and delineate the timely resumption of day to day operations once the disruption has ended and normal operations resume.
Because there is no better place to begin than at the beginning, your first step is to conduct a business impact analysis.
Conduct a Business Impact Analysis
According to Ready.gov, a business impact analysis “predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies.”
In other words, a business impact analysis is a disaster recovery strategy that identifies what would happen to your business in case of disaster. This information is then used to develop a plan of action to remedy the disruption and resume regular business as quickly as possible.
Use a BIA questionnaire, provided by FEMA, to survey managers and other leaders in your business. Have them consider and identify what potential aspects of the business might be interrupted due to disaster. Have them identify the essential business operations required to remain functional. They can also identify recovery strategies and key personnel to help mitigate disruptions as efficiently as possibly.
Consider the Impact
The input from leaders and managers in your business will shape your business continuity planning. Understanding the essential operations will help you identify the functional and financial impacts of a disaster or disruption. Your business impact analysis should consider:
- Cost of delays
- Lost revenue
- Lost sales
- Increased expenses
- Penalties and fines
- Broken contracts
- Customer dissatisfaction
- Customer desertion
Whether your business experiences a flood, a server crash, or production machinery malfunctions, you need to consider a disaster’s impact on your business’ ability to provide products and services.
Scenarios and Duration
Your disaster recovery strategy should include some consideration of what type of damage may occur and how long it could last.
Consider the disruption to your business if the disaster includes:
- physical damage to a building
- physical damage to machinery
- loss of access to a building or job site
- supply chain interruption
- transportation interruption
- utility interruption
- employee absenteeism due to mass illness,
- damage to communication technology including computers, servers, or operating systems
Understanding what kinds of scenarios might disrupt your business and how they may impact your ability to operate will help you create a specific plan of action to mitigate and recover from disruption.
Once you have assembled your team, conducted your business impact analysis, and considered the myriad scenarios and durations of disruption you’re ready to begin planning recovery strategies.
Recovery requires resources. Your recovery strategy should begin with a list of resources you may need to replace or reinforce to restore normal, or at least minimal, business operations. This may include staff, office space, office equipment, technological equipment, business records and documents, production equipment, inventory, or even basic utilities.
A common disaster scenario is a disruption in communication. Most modern businesses rely heavily on digital communication. If your phones and internet are down how will you maintain contact with staff, client, customers, or third-party vendors?
Part of your disaster recovery strategy should include alternative communication protocols.
Your BCP should include a list of all pertinent employee and non-employee cell phone numbers that may not have been impacted by the disruption. Furthermore, if employee cell phone service is not interrupted, cell phones can be used as a stop-gap measure until recovery can begin.
Telecommuting is a great option to maintain some vital business operations from an external location. If possible, staff can use coffee shops, libraries, or even their homes to set up temporary workstations. Obviously, safety and security measures must be considered when working with sensitive customer information outside your primary location.
Alternative Site of Operations
When planning for business continuity, don’t forget to include off-site options for continued business operation. Consider creating a reciprocal agreement to share space and information technology with a neighboring business in case of disaster. If you choose to include a partnership with a neighboring business in your BCP, ensure the agreement is negotiated and documented well in advance. Include data and privacy protection as well as expense allocation in your negotiation.
If your business operates multiple locations you may consider a space and technology sharing plan in your BCP. There are even vendors that offer business continuity support and IT recovery by providing full business environments such as office space, data centers, and more.
Your off-site recovery strategy should include some consideration of how you will handle services for clientele, including sensitive or financial data.
Every BCP should address the security and restoration of digital data. Your business data is far too valuable to leave to chance or risk. Your data backup should not be limited to your main server—if your server goes down or is destroyed by fire or flood, all that valuable, irreplaceable data could be lost forever. Think about how damaging and costly it would be to lose all your business, customer, vendor, payment, and merchandise data.
For this reason, your data backup should be housed on a remote server, hosted in the cloud, on a physically removable media device, or a combination of these options.
Your BCP team should create a backup data plan that works for your business. This includes a plan to control key accounts, passwords, data keys, and other sensitive information. A comprehensive data backup plan will ensure your business is able to resume normal operations quickly. What’s more is that it will protect one of your most valuable assets—your data.
Many disasters, both manmade and natural, wreak havoc on electrical grids. Modern businesses rely on computers, servers, email, and the web to conduct their day to day operations. Your business continuity planning should contain long and short-term solutions to power disruptions.
Backup power generators ensure that a power failure won’t keep you from operating your business. Members of your BCP team should know how to safely start and operate your generator. Furthermore, your generators should be regularly maintained to ensure reliability.
Your BCP should also include scenarios for replacing equipment. In some cases, you may be able to recover essential equipment. In others, it may be destroyed or damaged and require repair or replacement. Your recovery strategy should lay out how essential equipment will be replaced or repaired.
In case of total equipment loss, your BCP should also include preparations for renting, leasing, or purchasing new equipment in order to expedite a return to normal business operations.
Planning for business continuity isn’t a one time consideration. Your BCP is a living document that needs development and reevaluation. Once your BCP team has identified probable impacts, considered various scenarios and their possible durations, developed recovery strategies to tackle data loss, alternative work sites, alternative means of digital communication, and other backup plans, it’s time to put your plan to the test.
Testing & Exercises
Just because you have a great disaster recovery strategy and a well-rounded team to implement, it doesn’t mean you’re prepared. Ultimately, you’ll need to conduct training and testing to ensure your process works.
Testing will help you further define roles and responsibilities, will reinforce and improve your team’s knowledge of procedures, will improve coordination and communication, and will help you evaluate your plans and procedures.
Testing will allow your team to identify weaknesses and strengths. It will further solidify your business continuity plan as an integral component of your overall business plan.
Conducting BCP exercises is just like physical exercising. It builds strength and endurance, demonstrates the areas that need more work, and helps prepare your team for the real thing.
The final component of your BCP is recovery. This is the step by step process of reinstating the business to normal operations. Your recovery planning should include assessment of the damage, estimating recovery costs, and working with insurance companies.
You should assign a specific team member, or members, to work with the insurance companies. This will help expedite the process of full recovery.
The final step of recovery is transitioning your business from recovery to normal operations.
A Plan You Hope to Never Use
Planning for business continuity can be a complex, involved process—but it’s a highly important one. FEMA calls continuity planning a “fundamental responsibility” for public and private entities. A comprehensive BCP can minimize damage in case of disaster, mitigate the duration of disruption, and achieve timely restoration of functions and operations.
Furthermore, it helps protect essential business data, business equipment, and sensitive customer information.
Don’t leave the operations of your business to chance—set your business up for success, even in the face of disaster, with a well conceived and battle-tested business continuity plan.