How to Create Good Business Continuity/Disaster Recovery Plans
We generally have no idea when a disaster is coming, and even if we do have a heads up, it’s very possible that things are going to go wrong.
This is where a business continuity plan comes into play for you. What does it do? It is a plan that helps your company get through a disaster. Disaster could mean a natural disaster as in mother nature makes a mess of things, it could also mean fire or flood and it could mean a significant security incident that takes down all systems.
What Does Business Continuity Mean?
Business continuity, commonly shortened to BC, typically refers to a plan that helps your business function as soon as possible following a disaster. Again, this could be a flood, a fire, or a cyber-attack, amongst other things. With this type of plan in place, you can look to it for specifics when these things occur.
Some people believe that a DR plan, or a disaster recovery plan, is exactly like a business continuity plan, but that’s not true. A disaster recovery plan specifically focuses on IT, and it is actually a part of a full business continuity plan.
Consider your own company. Do you have a plan that would allow you to get your sales up and running? Do you have customer service ready to go if you had a flood? Could you keep handling customer requests if you lost your company to a fire? All of this is part of a BC plan.
Why Your BC Plan is Important
It doesn’t matter if your business is small or large, you have to remain competitive in the market. It is important that you keep your current customers engaged while also bringing in new ones.
Ensuring that your IT capabilities are up and running is extremely important, and there are many solutions available. You can rely on your IT team for this, but what about the rest of your business functions? The future of your business greatly depends on how quickly you can get back to normal, and if you don’t, you could see your customers leaving in droves.
Your business might also experience losses including financial losses, legal losses, and of course, the loss of your company’s reputation.
The Important Parts of a BC Plan
If your company doesn’t have a BC plan, you should start by taking a close look at all of your business processes. Look for areas of vulnerability and try to determine what your losses might be if you lose functions in those areas for a day, a few days, a week, or more.
Next you should start creating a course of action. Here, are there six steps that you should take:
1. Identify what you want to do with the BC plan
2. Choose areas that you want to focus on
3. Determine the most critical functions
4. Look for areas and functions that are dependent on others
5. Calculate how much downtime is acceptable for any functions that are critical
6. Create a plan to keep your business open and working as much as possible
One of the best tools that you can have when creating a BC plan is a checklist that includes your supplies and equipment, the location of backups, who should have access to the plan, and a list of contact information for important people, emergency contacts, and backup providers.
Keep in mind that a DR plan is only a part of a full BC plan, do if you don’t have a DR plan in place, this is a great time to make one. Resources that may assist in a DR plan may involve your inhouse IT people, a Virtual CISO or a Managed Service Provider or MSP. If you do have a DR plan, don’t just assume that it will work with your new BC plan. You must make sure they both fit together.
As you begin to create this plan, consider meeting with others who have gone through a disaster and used a BC plan. They can give you a lot of information and share what worked and what didn’t.
Test Out Your BC Plan
It is imperative that you ensure your plan works before disaster hits, and the only way to do this is to give it a try. The best thing, of course, is a real disaster, but you can also create a “fake disaster” in order to test it out.
You need to make sure that your BC plan is complete, and that it meets your needs in case there is a disaster. You don’t want to take an easy way out, though. Any test should fully challenge your plan, too. Additionally, you must make sure that everything is measured. If you just try to skate by, your plan will be weak, and you could run into issues if a disaster strikes.
It is recommended that you plan on testing your BC plan a couple of times a year, especially if there are potential changes to the plan, like new equipment or staff. Doing things such as simulations or walk throughs can help your team practice and make sure they are ready in case a disaster hits.
Review and Improve Your BC Plan…Always
The effort you put into testing your business continuity plan cannot be stressed enough. Once this is done, some organizations let it go and focus on other things, but this can quickly lead you to trouble.
Things are changing all the time with both technology and personnel, so it is important that your plan is always up to date to reflect that. This means, that it is a good idea to at least once a year to review your plan with your staff and point out areas that might need to be updated. Additionally, you may want to get staff feedback, which you can ultimately add to the plan.
Ensuring Your BC Plan Will Work
By taking a casual approach towards creating this plan, the odds are good that it will fail. Every business continuity plan has to have the support of all staff, including senior management, who must take on a very active role in supporting the plan. On top of this, a plan like this has higher odds of success when management makes it a priority.
Finally, it is extremely important that senior members of staff promote user awareness of this type of plan. After all, if your team doesn’t know about it, and at least a few details about it, how are they supposed to act on it when a disaster strikes? Training and distributing the plan is important, too, so think about working with your human resources team to make sure that all of your staff is aware of the plan and what is in it. This way, your staff knows that it is important, and they can see it as an important part of your business.
Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.