No matter your business industry or size, your business may be disrupted by natural disasters, human error or an intentional attack. If your organization is struck by a disaster or outage, are you prepared to respond with a plan to resume operations? Without a proper response, your business might fall into the 40% of companies that never recover from a disaster.
In part one of Stinnett’s Disaster Preparedness Month series, we will focus on three important tips for building a successful business continuity program.
Identify your Business Continuity Champions
Primary and backup business continuity champions are the protectors of your organization’s continuity program. Individuals who show strong interest in the project are more likely to ensure a successful program implementation.
FEMA indicates 20% of larger companies spend over 10 days per month on maintaining their continuity plans but on the other end of the spectrum, one in five companies that have taken the time to create a plan spend no time actually maintaining that plan. This results in outdated, irrelevant plans and staff who aren’t familiar with what to do when a disaster strikes, leading to inefficiencies and delays with resuming critical business functions. That’s why it’s imperative that champions chosen for your organization’s emergency response team should be passionate about the organization and its success, and willing to spend the time on planning and maintaining the plan.
Perform Business Impact Assessments
Business Impact Assessments (BIA) are critical for serving as a baseline to understand the business unit needs. During a BIA, document the critical business areas, key functions, key process owners, technology dependencies, tolerance for downtimes and data loss, and dependencies with other key systems.
Ask questions to determine recovery time and recovery point objectives for critical systems and maximum tolerable downtime for critical processes and to identify the team members with specialized skills needed to perform work on- or off-site. It is also necessary to investigate legal or regulatory requirements that may influence recovery timelines and business strategies.
Ultimately, understand the potential threats to key functions and the manual workarounds if they exist. Depending on your business industry, the threats to continuing your business will vary. For example, a technology company may be concerned about an IT system outage whereas an energy company may be concerned about disruptions related to a field site accident. The Business Continuity Plan should consider how the organization will respond to different types of disruptions or scenarios.
Make your Business Continuity & IT Disaster Recovery Plans Accessible and Easy to Follow
Document your Business Continuity Plan and IT Disaster Recovery Plan in easy-to-understand and concise language. Business Continuity Planning is not a platform to show how much knowledge resides in your organization – it is designed to focus on the ability to easily transfer knowledge as needed during abnormal operations.
Ease of access to the plan is critical. Retain the documentation in one or more electronic platforms and provide access to involved stakeholders. Paper copies may become irrelevant once the master copy is updated and a new version is not printed.
While no amount of planning can guarantee absolute security, a comprehensive business continuity plan will increase your organization’s preparedness and reduce the impact from those disasters that interrupt operations. Take an all-inclusive approach to planning with these tips to ensure your organization is prepared for a disruption.
Next week, Stinnett’s Business Continuity and IT Disaster Recovery team will discuss the importance of engaging your IT team and promoting business continuity awareness throughout your organization.