Maintaining Business Continuity

by | Mar 25, 2020 | Business, Cyber Security, General

Emergencies can often leave businesses scrambling to keep their employees both safe and productive. Infectious diseases like COVID-19 spread quickly from person to person, and as we have seen, lead to drastic social distancing and even lock-down scenarios. A powerful way to keep people apart is to have them work from home, but that can present its own set of challenges. Rapid disruption of normal business operations is not limited to global pandemics like the one we face today, but could be caused by a fire, a flood, or power outages. The list goes on. No matter what the cause of normal business disruption, businesses need a Business Continuity Plan.

Of course, it’s always better to have it complete and ready before disaster strikes, but when it comes to having a documented plan in place, it’s better late than never. Amidst the heat of COVID-19, we wanted to publish some information about Business Continuity Planning, particularly from a technology standpoint, that can help you deal with the current situation and prepare you for future disasters. Our hope is that this will help you better handle the stresses of sudden changes to your business operations. We’ll go over what a Business Continuity Plan is, why it’s so important, what it should contain, and how to get it down on paper. Let’s get to it.

When Disaster Strikes

We rarely get advance notice of an impending disaster. Even with a bit of lead time, there are many things that could go wrong. Each incident is unique. And each incident unfolds in unexpected ways. That’s why a Business Continuity Plan is so important. The moments when emotions run high and swift actions are required, you want the reassurance that the most important decisions have already been made. All you need to do is implement them. Planning beforehand lets you make, test, and practice executing those decisions when you have a cool head and time to adjust. And it helps you pre-select the right people to delegate authority.

Without a plan, your organization will take longer than necessary to react and recover from an event or incident. In the worst case scenarios, that could lead to poorly serviced stakeholders and the kind of financial instability that forces you to close your doors.

What Is Business Continuity Planning?

Business Continuity Planning is an essential process for all companies. When you develop a Business Continuity Plan, you formulate contingency, backup, and recovery strategies to maintain stability during a threat of any sort. In early 2020, that’s a global pandemic. But next year it could be a wave of cyber security attacks. A Business Continuity Plan makes sure that your personnel and assets are protected and able to continue working for you and your stakeholders during a crisis or get back to work quickly afterward.

The core of the Business Continuity Planning process is identifying your risks. Each business is different, so no two plans will look the same. If you work in manufacturing, you could be more prone to fires, gas leaks, or hazardous material spills, leaks, or contamination. If you work below-grade or near bodies of water, you could be at risk of flooding. And with today’s dependence on technology and internet communications, everyone is at risk of a cyber-attack.

Once you’ve defined your risks, the other half of Business Continuity Planning is resolving those risks. You will develop a specific action plan to address each risk scenario. The more detailed, the better. But always leave room for the unexpected. Flexibility is important. If you guessed wrong on how the risk would unfold, a plan that is too rigid won’t help.

Developing Your Business Continuity Plan

Your Business Continuity Plan should contain four key components: Business Impact Analysis, Recovery Steps, Leadership Identification, and Staff Training. Together, these elements will provide a clear path out of the emergency and back onto stable ground.

Business Impact Analysis

Your Business Impact Analysis looks at how different risks might affect each element of your business or operations. Consider the implications of an office or warehouse fire:

  • Finances: Do you have the proper insurance? How would the cost of repairs impact your cash flow?
  • Operations: Where would you set up a new temporary or permanent office space? Where can you relocate your inventory?
  • Technology: Where are your data and client records protected? How will you provide new desktops and laptops for remote work? What systems are considered business critical and affect the ability of each division to do their jobs?

A cyber attack would have different risks with different business implications as would an epidemic. As you begin your Continuity Planning process, take time to think about all the different aspects of your business that would be impacted by different types of emergencies. Once you have a strong idea of the things that could be affected, you can move on to deciding how you will recover.

Recovery Steps

Every part of Continuity Planning is important, but the recovery steps are obviously the point of the whole thing. What are you going to do if something bad happens? In this step, you’ll look at all the different parts of your business that will be affected and write down how you will address each of them. Let’s continue with the fire example:

  • Finance: We will work with our insurance company to re-evaluate our coverage now and keep our agent’s contact information accessible. We will also maintain a cash reserve or establish a line of credit to help float the cost of repairs until insurance reimbursement arrives.
  • Operations: There is a co-working space about two miles down the road where we can rent individual offices as needed and many of our staff can work from home. We also have a relationship with a commercial real estate agent who can help us find new warehouse space in the area.
  • Technology: We will move our vital business data into secure off-site cloud storage. We will also keep an organized inventory of our computer hardware and once per year we will get a quote for the full replacement cost from our IT/Technology provider.

A critical component of this step is identifying and eliminating any barriers or obstacles that would slow or prevent your ability to deploy your recovery steps.

With your Recovery Steps documented, and any short or long term plans to address barriers to deployment complete, you’ve got the core of your Continuity Plan. The last two steps are about assigning responsibility for each part of the plan and keeping everyone prepared to move quickly if it ever becomes necessary.

Leadership Identification

The third part of your Business Continuity Plan has to do with talent. Who are you going to trust to execute each part of the plan? The CEO or President can’t do everything on their own, nor should they. Neither can the office manager. Continuity Team members should be knowledgeable and cool under pressure. It sounds almost silly, but they should also know that they are part of the Continuity Team. You can’t spring this kind of responsibility on someone at the last minute. They should be a part of regular discussions as your plan evolves over time so that they can jump into action with a certain degree of autonomy. Placing the power to make decisions in too few hands can cause bottlenecks in the process and cause unnecessary delays in action.

Staff Training

Once you’ve identified your risks, outlined mitigation strategies, and formed your leadership team, it’s time to train the rest of your staff. In an emergency, it’s all hands on deck. You don’t need to over-share every single detail in the plan, but employees should have an idea of what will happen, particularly with regard to their department. If there are parts of the plan that you can practice or rehearse, you should do that once or twice per year. It’s like a fire drill. It may seem like a waste of time when you’re practicing. But when it’s a real fire, everyone is glad to know exactly where to go.

Additional Planning Resources

This is just a brief overview of the Business Continuity Planning process. Additional resources can be found at the FEMA website. There you will find worksheets for identifying operational and financial impacts to help with your analysis. Have your various department heads complete the worksheet to get the more accurate and detailed input. With the help of these resources, you should be able to identify which parts of your business would be impacted by different emergencies and how long it would take that part of the business to be impacted.

Help With Technology Planning

There are many things to consider when developing your Business Continuity Plan. Each element will require the support of a different set of resources, whether they’re insurance, real estate, or financial. In today’s business environment, we can be sure that technology will come into play. If you’d like help with the IT part of your Continuity Plan, please don’t hesitate to reach out. Our team of experts will help you identify the technology risks you face and put together a plan to keep you operating as close to full strength as possible.

If you’re having trouble during the COVID-19 pandemic, please also do not wait to call us. We can help you set up remote access capabilities, group video chat tools, cyber security measures, online learning platforms, technology devices, and other solutions to help your staff work safely and effectively from home.

Be safe and be well.