Most of us have no idea when a disaster is about to strike, and even if we do have a little warning, it’s very possible that things can go very wrong.
This is where you can put a business continuity plan to good use. What does this do? It gives your business the best odds of success during any disaster.
What Exactly is Business Continuity?
Business continuity, or BC, generally refers to the act of maintaining the function of a business as quickly as possible after a disaster. This might be a fire, a flood, or even a cyber-attack. With this plan in place, you can refer to it for specific instructions and procedures that need to be done following these disasters.
Some people believe that a disaster recovery, or DR, plan is the same as a BC plan, but that’s not the case. A DR plan focuses specifically on the IT side of things. In fact, the DR plan is one part of a full BC plan.
Think of your own organization. Do you have a plan in place to get sales up and running immediately? What about HR? Manufacturing? Customer service? If your physical business was leveled in a tornado, how would your CS reps handle calls from customers? If you have no idea, you probably need to think about a BC plan.
Why Having a BC Plan Matters
It doesn’t matter if you have a small business or large corporation, it’s very important that you remain competitive. It is imperative that you keep your current customers while also bringing in new ones…and there is no better test for you than a disaster.
Making sure that your IT capabilities are restored is critical, and there are a number of solutions available. You can certainly rely on your IT team to do this, but what about the rest of the company functions? The future of your company depends on you getting back on track quickly. If not, you can see your value plummet and customer confidence tumble.
Your company can also experience losses. These include financial losses, but also legal losses, and, of course, your company’s reputation.
The Parts of a BC Plan
If your business doesn’t have any type of BC plan in place, you should start by assessing all of your business processes. Take a look at and point out all of the vulnerable areas, and what your losses might be if you lose function in those areas for a day…a couple of days…a week, or even more.
Next, you want to start developing a course of action. There are six steps here, in general, including:
- Step #1 – Identify what you need to do with this plan
- Step #2 –Choose your key areas to focus on
- Step #3 – Pick what functions are critical
- Step #4 – Look for dependencies between different areas and functions of your business
- Step #5 – Calculate how much downtime is acceptable for all critical functions
- Step #6 – Make a plan to keep your company going
One of the best tools that you can have for a BC plan is a checklist that includes all of your equipment and supplies, the location of all of your backups, who should have the plan, and any contact information regarding emergency contacts, important personnel, and backup providers.
Remember, a disaster recovery plan is only one part of the BC plan, so if you don’t have a DR plan, this is a perfect time to do it. If you already have a DR plan, don’t assume that it’s going to work in with your BC plan. You need to make sure that all parts align together.
As you work to create this plan, think about meeting with people who have successfully gone through a disaster with success. They can give you some great insight and valuable information.
You Need to Test Your BC Plan
It is very important that you make sure your plan works before a disaster strikes, and the only way to do that is to test it. The best test, of course, is a real incident, but you can also create a controlled environment and test your plan.
You want to make sure that your BC plan is totally complete and that it will meet your needs in the event of a disaster. You don’t want to take the easy way out, either. Any testing you do should be a challenge for the plan. You also have to make sure that the objectives you have are able to be measured. If you just try to “get away with it,” you will have a weak plan and no success when a disaster strikes.
It is recommended that you test your BC plan a few times a year, especially if there have been any changes, such as a change in key personnel or new equipment. Doing things like walk-throughs and simulations can help everyone on your team practice, and make sure you are all ready should a disaster hit.
Always Review and Improve Your BC Plan
The efforts your put into testing your BC plan cannot be stressed enough. Once that is done, some organizations leave it and focus on other tasks. However, this is when things get stale.
Evolution is happening all of the time with both your personnel and your technology, so it’s imperative that your plan is updated to reflect that. So, you should, at least annually, bring your key personnel together to review the plan and point out any areas that might need modification. You also might want to get some feedback from your staff, too, which you can add to your plan. If you have different branches, make sure to include them in this, too.
Ensuring Your BC Plan is Supported
Having a casual attitude towards your BC plan is a sure-fire way to have it fail. Every BC plan must have the support of all staff from the CEO on down. Senior management, especially, must take a role in supporting the plan, as they can delegate to their teams. Additionally, the plan has better odds of staying fresh in the mid of everyone when it is a priority for management.
Finally, it is also very important that senior management promotes user awareness of the BC plan. After all, if your staff doesn’t know about it, how can they act during a disaster when every second of action counts? Plan distribution and training can help here, too, so consider some type of HR-led initiative to bring all employees onboard with it. This way, your staff will know how important a plan like this is, plus you make sure that they see it as a credible part of the business.
ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.