4 minute read
Create a business continuity plan that works in 2020
Topics: IT Managed Services
By Calligo on 7 December 2019
Updated: December 2019
Planning for a business’s future can be an exciting time for business owners and office managers alike—what could be more inspiring than the possibility of growth, widespread positive impact, and success?
Unfortunately, there’s a darker side to planning for the future, too. While imagining and planning for the perfect scenarios above is important, the reality is that disaster can and does happen. Without preparing for both the good times and the bad times, a business and its offices can’t succeed.
That’s where business continuity planning comes in.
What Is Business Continuity Planning?
When unexpected disaster strikes, business owners and managers must have a safety plan in place to ensure that their business operations can continue after major events like natural disasters, cyberattacks, or other accidental damages to a company, its physical location, and its infrastructure.
Business continuity planning is the development and practice of a plan which businesses can implement in the event of a serious setback caused by one of the disasters above. These plans include aspects of both prevention and recovery, with the primary goal being to maintain business operations while protecting personnel, data, and assets.
Why Do You Need a Business Continuity Plan?
One could say that the benefits of having a BCP are endless, but they’re more than just benefits—they're proof that a BCP plan is absolutely necessary.
So, what is this proof of a BCP’s importance?
- Organisations with business continuity plans:
- Inspire reliability, trust, and confidence in their clients
- Build a good reputation (and preserve it during dire circumstances)
- Instil the idea of resilience and strength throughout the company’s operations
- Are up to the industry standard
- Can thrive in any situation
Nobody ever wants their business continuity plan to have to be activated, because it means something disastrous has happened. But they’re a necessity in modern business and having confidence in your continuity planning is achievable.
What is the difference between data backups and a business continuity plan?
Simply having your data backed up and secure is a good start - but it is only a start. Planning for a catastrophic systems failure or a cyber attack, means knowing that:
- You can restore data safely and rapidly
- Your team will be able to get back using both software and hardware with confidence, soon after a systems failure
- Customer service will be maintained
- You won’t lose time, money or customer confidence
Take the following as an example. In January 2017, Cockrell Hill Police Department (Texas, US) came under ransomware attack. A single infected server led to the loss of eight years of evidence including video recordings. So far, so bad.
Then, their back-up procedure activated very soon after the ransomware attack replacing their backed up files with a backup of files that had been encrypted by the ransomware and were therefore inaccessible.
Their previously uncorrupted data backup was wiped out by the very system they’d been relying on to preserve it.
Cockrell Hill had a business back up, but they needed a business continuity plan.
Creating an effective business continuity plan
In designing a business continuity plan, it’s important to ask the following questions:
- Are the backed-up files easily accessible?
- Is the backup device safe, secure and accessible?
- Can our operating systems be reinstalled from the backups or just the filesystem?
- How long will reinstallation of our operating systems take?
- How long will critical file restoration take?
- And how long for complete data restoration?
- How much time will pass before the business is able to be running at full capacity again?
- And how much time must we allow to catch up on anything we had to postpone during the catastrophe?
A Quick Guide to Business Continuity Planning
1. Pick your BCP team.
Get organised from the beginning and start the process of business continuity planning by choosing which members of the company will work together to develop and maintain a plan. Delegate responsibly, and diversify the team in order to gather insight from multiple business branches.
However, ensure that the primary person responsible for organising and maintaining the BCP is someone high on the pyramid. In other words, a senior official like a business owner or an office manager should take point on leading the planning efforts.
Once a team has been established, take action to ensure that all company employees and contributors are aware of the team members and their responsibilities. This creates accountability while keeping the entire office in the loop.
2. Perform a business impact analysis (BIA).
Before mobilising your BCP team to begin outlining a plan, take some time to begin by performing a business impact analysis. A BIA includes gathering data about the worst-case scenario. In other words, a BIA will yield detailed information about possible company losses (both monetary and intangible) and the negative effects caused by major disruptions.
The BCP team can use the company’s mission statement and information about the company’s legal obligations to rank the minimal, critical services required of the business and then determine which of these services would be unable to function after a variety of emergency scenarios.
3. Outline plans for critical operations.
With the results of the BIA in mind, the team’s next task is to outline practical, actionable procedures to follow in the event of an emergency so that business functionality is maintained.
This process will include assessment of any current procedures in place, then filling in necessary gaps using information from the BIA. This might include readiness procedures to prepare for natural disasters or the process of archiving and backing up databases to recover from a cyberattack.
4. Train and educate staff.
Once a BCP has been developed and reviewed by the planning team, make the rest of the organisation aware by hosting training sessions, designing exercises to make the plan tangible to employees, and reviewing the procedure in detail. Ensure that all employees understand why a BCP is necessary as well as how to implement this BCP in an emergency.
Importantly, help each employee to understand the individual role they can play in the implementation of the BCP. Let them know what’s at stake and how their participation will propel the business forward in a time of crisis.
5. Review and update your plan.
A business may have one of the most thorough and effective BCPs out there, but this means little if the plan is not reviewed and updated on a regular basis. Include as a part of the plan regular checkpoints throughout the year during which members of the BCP team evaluate the plan and implement company-wide initiatives such as practice drills.
This step has become particularly important in recent years as technology evolves and malicious cyberattacks have risen in number.
Remember, threats are changing all the time, and the BCP must be updated and familiar to the entirety of the business in order to be effective.
Effective business continuity planning saves time, money and reputation
Rebuilding your system requires so much more than simply restoring data - there’s the time required to review what went wrong and make sure you’re not leaving yourself open to risk again. You have to account for the time and energy required to inform your team and your customers and rebuild their confidence after an event like this, whether it’s fire, flood our outside attack.
All in all, having a robust plan will save you not just time and money, but reputation too. In fact, it could save your entire business, because according to a study by accounting firm Touche Ross 90% of businesses without a disaster recovery plan will fail following a disaster. Considering 30% of businesses don’t have a plan in place, this figure is startling.