We usually aren’t given much notice before a disaster strikes. Even with a little forewarning, it’s impossible to predict exactly what the impact may be. Every disaster is unique and has the potential to cause unique and unprecedented events to unfold.
As a business owner, you must anticipate the unexpected and prepare for the worst. This is where a solid business continuity (BC) plan comes into play.
Business continuity refers to maintaining business functions or quickly resuming them following a major disruption. A major disruption may be caused by a disaster, such as a tornado, hurricane, fire, or flood, or a malicious attack caused by cybercriminals. A BC plan outlines the procedures each member of the organization must follow in the event of such a disaster.
It covers topics such as business processes, human resources, assets, backup strategies, and more. A BC plan should be detailed, tested, backed up, and kept up to date in order to give your business the best shot at recovery following a disaster.
The end goal is not just to prepare for the unexpected, but to build business resiliency.
Related: The down & dirty guide on developing a backup strategy
Disaster recovery vs business continuity
If you have a disaster recovery (DR) plan in place, you’re on the right track. But your work is not done.
Many people mistakenly think a DR plan is the same thing as a BC plan. Actually, a DR plan is just one essential piece of a complete BC plan. A DR plan focuses on restoring operations and IT infrastructureafter a disaster has occurred. A BC plan looks at the continuity of the entire organization.
Related: US Government’s IT Disaster Recovery Plan
What’s included
The main objective of the business continuity plan is to keep your business up and running during and after a disaster. Companies that fail to plan may struggle to recover from an unexpected event or disaster. They even run the risk of permanently closing their doors.
But what should you include in your business continuity plan? We recommend the following:
Analysis of potential threats
Understanding various threats, both physical and cyber, and how they may impact your business is a crucial step in preparing a BC plan.
A business impact analysis will evaluate the potential impact of the loss of various business functions and help you determine what non-core activities should be outsourced.
Critical processes
Identify which processes are critical to the business. Make sure to document these well.
Related: What is the 3-2-1 backup rule?
Areas of responsibility
Assign areas of responsibility and a chain of command to go into effect immediately following a disaster.
This might include implementing the initial disaster recovery plan, communications, HR, operations, and more.
Emergency contact information
Contact information for all people and entities that should be contacted in the event of, or immediately following, a crisis situation.
Insurance, legal, and financial information
This should include account information and contact information.
Asset inventory
A complete equipment list, including hardware and software, will help to determine critical needs for purchase or repair.
Off-site backup of important data
Every business needs a proper backup policy. Offsite backups ensure that your data is safe, no matter what the cause of the disaster.
Consider cloud solutions, if you haven’t already.
Related: How cloud services change your disaster recovery plan
Backup power arrangements
Many types of disasters can result in lost power. Consider what you will do in case of long-term power outages.
Alternative communications strategy
If phone systems or internet connections are down, you should be prepared with alternative communication strategies. Consider keeping a list of employee cell phone numbers and personal email addresses.
Alternative site of operations
In some cases, you may be able to move your operations to a new site. Best practice is to have a plan for a temporary emergency location. The BCP should also take into account the estimated cost of moving operations to a new facility.
Related: How to pick an off-site data-backup method
How to design your own plan
Building a disaster management plan is critical. Here’s how you do it.
Step 1: Form a business continuity team
Determine who to involve in compiling the BC plan and consider establishing a governing structure. Typical roles include senior manager, program coordinator, information office, as well as representatives from each division of the company.
Related: The FDIC’s guide to business continuity planning
Step 2: Conduct a business impact analysis
As previously discussed, a business impact analysis (BIA) is imperative since its results provide the major input for the BC planning. The BIA alerts management to the areas that need more resource allocation in the event of an emergency.
Step 3: Strategize and plan
Based on the results of the BIA, the team will identify recovery strategies and plans in the event of a major disruption and present them in detail.
Detailed documentation should be provided for every critical function, process, service, etc., along with a corresponding continuity response. Don’t forget to take compliance into account, if required.
Related: Mitigating disaster risk and downtime for hospitals
Step 4: Draft your BC plan
The first draft of the BC plan is written up. Don’t forget to keep a backup of the plan somewhere offsite.
Related: Simplifying cloud backup
Step 5: Implement and test the BC plan
You should communicate the business continuity plan to all members of the organization, making them aware of their role in the plan. Implement training at this point.
The plan will undergo testing through drills and scenario exercises to determine whether the plan will be effective or not. This is an extremely important step that should not be skipped.
Related: 5 reasons why you need a backup service, even if you’re using Office 365
Step 6: Adjust and improve
Testing may reveal deficiencies, ineffective strategies, or vague roles that need clarification. Furthermore, testing could introduce factors that were not previously considered. Adjustments should be made to the plan and the corrected plan should be reassessed.
Related: 5 early warning signs of project failure
Step 7: Regularly reassess
The BC plan should be reviewed annually, at a minimum. Any major changes should include testing to ensure that the plan continues to work.
Keep reading: The complete DIY disaster recovery guide for SMBs