Businesses face an endless stream of disruptions. Power outages and hardware failures. Floods and fires. Ransomware attacks and data breaches. Hurricanes, wildfires, and derechos. Pandemics and civil unrest. The list goes on and on.
For some businesses, these events mean service outages, financial losses, broken customer relationships, and in some cases, business closure. Others have already thought through, prepared and tested business continuity (BC) plans to enact when disruptive incidents occur.
A BC plan won’t prevent the event from happening, but it will help minimise the impact and duration of disruption, allowing you to continue creating value for your customers and enabling you to not only survive but bounce back more quickly.
How do you write a BC plan that can help your business weather these disruptions? Let’s break down how to get started in five steps.
Before you can create a BC plan, you need to understand your business’ operations, needs and goals, along with the resources you depend upon, to develop a strong plan that best fits your circumstances.
The foundation is merely a framework, as each BC plan should be tailored to an organisation’s specific needs. However, when creating your own plan, make sure you keep these elements in mind.
There’s always the possibility that key resources – i.e., your workplace, equipment, systems, data, third-party services, etc. - might become unavailable, so your BC plan must account for any potential disruptions to facilities, people, IT and partners.
Create clear plans and steps for responding to the loss of each resource. Each requires a specific, well-defined business response at the individual resource level. For instance, if employees in a certain geography are unavailable, how are you going to ensure their responsibilities and workloads get taken care of?
IT also has a role in each of these disruption response strategies. For example, if third-party services are unavailable, one business response might be to revert to using internal systems until that third-party resumes service. In this instance, IT might be responsible for suspending the network access rights of the troubled third-party service provider. Make sure IT understands its role in every scenario.
IT should also develop and implement its own BC plans for key IT resources, including network and information security operation centres, disaster recovery (DR) teams and IT help desks.
When responding to an incident, speed counts in some cases, while longevity counts in others. Make sure you can answer the following questions:
Not all your strategies require the same timing. For some options, the main goal might be fast implementation times. For others, the priority might be making sure your response strategies will work for an extended period (like three to six months or longer).
Be sure you’re properly identifying the requirements for each strategy.
Communication is key.
Your employees must always be well-informed before, during and after an event. Prior to an incident, make sure you relay the plan to all relevant staff. If they know what their roles are and how the company is going to respond, they’ll be better equipped to successfully carry out your plan when the time comes.
Upon activating your BC plans, develop open lines of communication with all relevant parties and stakeholders. Provide them with real-time updates so that everyone knows what’s going on. If you’re taking certain steps to resume normal business activities, make sure you communicate this information as well.
Once everything is back to normal, it’s time to identify what worked and what didn’t. Discuss lessons learnt with your employees and identify ways to improve your plans for next time. Update and evolve your plans based on those findings.
Many organisations think they have effective BC plans in place. Then an incident strikes, and they quickly learn that’s not the case.
You don’t want to find yourself in this position, so make sure to update your plans as your resources evolve and test the various response strategies in your plans regularly.
Practise makes perfect.
Bonus step: Working with a partner on your BC plan
These five steps should aid in creating an effective BC plan, but many organisations turn to a partner to tap into expertise and knowledge of best practises to ensure they’voe covered every gap. While partners can be helpful, it’s important to find one that will work best with your organisation.
Before choosing a third-party provider, ask yourself the following questions about each candidate:
The answers will help you select a partner that best aligns with your needs.
Whether you’re working with a partner, or crafting and updating BC plans yourself, now is the time to get started. You never know when the unexpected will strike and having robust BC plans in place can go a long way toward ensuring you’re ready when it does.