What if all your employees lost access to their data and tools right now?
What if every platform you use to communicate with your staff and your customers went down right now?
Companies rarely get an advanced warning that a disaster is about to strike. There is no time to prepare, and no time to protect your company from the fallout. That time has passed, and for companies without a business continuity plan, all that is left to do is lament how poorly prepared they were.
Having a business continuity plan gives your company the best chance at success and survival during a disaster. The lack of a business continuity plan does not just mean that your company will take longer to get back up and running; it could just as easily mean that you go out of business for good.
What is a Business Continuity Plan (BCP)?
A business continuity plan (BCP) aims to maintain all business systems and operations at 100% in the event of a major disruption, ranging from a cyberattack to extreme weather events. It outlines the procedures and processes your company will follow in the event of a disaster and covers your business processes, IT infrastructure, human resources, physical facilities and more.
Many companies confuse business continuity with disaster recovery (DR) and backup, but they are not the same. A DR plan focuses mainly on restoring your IT infrastructure and operations after a crisis, but a business continuity plan encompasses the stability of the entire company.
- How will you communicate with your staff about what has happened, what needs to be done and then keep them updated?
- How will you communicate with your customers and stakeholders?
- Will your team be able to continue serving customers and making sales?
- How quickly will your company be back online? And is this fast enough?
A business continuity plan looks at all of this, and plenty more, so your company can effectively deal with the crisis, and minimize the losses and the risk of terminal damage.
How to create an effective business continuity plan
Creating a business continuity plan starts with assessing your business processes. Map your business processes top to bottom across sales, HR, suppliers, internal and external communications, product/service delivery, accounts etc.
No process is invulnerable, so make sure you have an overview of every process, every individual involved and every reliance, whether that’s data, equipment, applications or personnel.
Business Impact Analysis (BIA)
A business impact analysis (BIA) identifies the impact of a sudden loss of any business functions, usually quantified in an operational cost and then a financial cost.
For each of your business processes, identify the points in time or scenarios when interruption to any of them would have the most impact, such as the end of the month, start of the season, particularly busy periods etc.
Now assess what the operational costs of this disruption would be, e.g. lost or delayed income, increased expenses, fines, contractual penalties, customer dissatisfaction, loss of communication. How does this assessment vary depending on the duration of the disruption? What if it lasts for an hour? A day? A week? How long can you bear disruption?
Now assess the financial impact of these operational costs, and for each of these durations.
This business impact analysis will help you to evaluate which of your processes are essential and need to be maintained regardless of the situation and over what timeline. It will also help you to identify the non-core processes that your company could outsource to improve resilience.
Recovering critical or time-sensitive business processes requires resources. Before disaster strikes, your company needs to know what resources it has and what resources it will need to carry out recovery strategies and to restore normal business operations.
Resources can be within the business, or can be third-party:
- Office space and equipment
- Data (electronic and hard copy)
- Technology (servers, computers, communication equipment, software)
- Production facilities
Estimate the resources that your company will need in the hours, days and weeks following a disaster.
Another sensible step is to outline the key personnel required to implement a business continuity plan, who should have access to it, and where it is available as well as the contact information for any emergency responders, data backup providers, technical experts, recovery locations etc.
It is now time to develop a plan to maintain or recover your business operations in the event of an incident.
For each of your business processes, review what is necessary to recover to at least minimum acceptable levels of operations following a disruption. Staff with an in-depth understanding of the business functions and processes are best positioned to determine what strategies will work.
Ensure that your recovery strategies identify the resources required, including people, facilities, equipment, materials, data and information technology, and in many cases, the contracted third parties that can help or will be required.
Test and review your business continuity plan
Testing your plan is the only way to know if it works. But tests are about more than just confidence in its reliability. A real disaster will likely throw up additional, unforeseen scenarios, and having a thorough plan in place that you have rehearsed and fine-tuned, means you can adapt more easily to any unanticipated problems.
Many companies test their business continuity plan two or three times a year. How often you schedule your tests depends on your company and its degree of change. Be prepared for tests to reveal flaws in the plan, inadequacies against how your business has changed, or individual unpreparedness. Crucially, therefore, every test should be followed by a thorough review of performance and the plan’s suitability.
Finally, even the most effective plans will fall short if they cannot be implemented properly and promptly. Even the most well-built plan relies on teams being familiar with their roles and in place to execute it.
Make sure that any personnel included in your BCP are trained on the plan and understand their role and responsibilities should the time come. Regularly provide refresher briefings and training and make sure they understand not only their individual responsibilities, but also how their role contributes to the bigger picture.
If your company needs to mitigate the risk of an IT disaster, cyberattack or other business disruption, get in touch with the Calligo team today for a free Business Continuity Plan and Disaster Recovery consultation.