3 Important Steps to Creating a Business Continuity Plan
Creating a Business Continuity Plan has never been more important. Whether it’s a tornado in Oklahoma, a hurricane in Florida, or an earthquake in California, all natural disasters share similar characteristics. First off, they are usually difficult to predict. Secondly, they can severely impact an organization’s operations. Yet despite an increase in natural disasters over the past few years, many companies, including those who are already leveraging the benefits of cloud infrastructure, are reticent to invest the time, resources, and budget into a Business Continuity Plan (BCP) to protect their most valuable asset—people.
If you’re still on the fence about investing in the development of a business continuity plan, consider the following facts:
- 52% of businesses experienced a business interruption in the past 5 years.
- An average cost of a data breach is $3.86 million*.
- 40% of small businesses never reopen their doors following a disaster.
Sure, you can view business continuity services as an “insurance policy” that your company may never use. Or, you can put a BCP in place to ensure your organization will be up and running with minimal disruption to your customers, staff, and partners.
*Source: Cost of data breach report, IBM & Ponemon Institute, 2018
Creating a Business Continuity Plan
Keep in mind that a BCP doesn’t need to be complicated or dozens of pages long. A BCP is simply a documented set of processes that helps a company minimize disruption to business operations in the event of an outage.
Key steps to creating a BCP:
1. Outline roles and responsibilities
A good BCP should detail what your staff needs to do in the event of a disaster, what communication methods are required, and the timeframe in which critical IT services need to be available.
- Create a contact list of key people involved in your company’s BCP, including names, titles, and communication info (both work and personal) such as phone numbers, email addresses and social media handles, if applicable.
- Provide a detailed overview of their roles and responsibilities so that everyone knows what is expected of them in the event of an outage.
- Have a written process in place for how your BCP will be updated and how these updates will be communicated to the team.
2. Analyze potential threats and outcomes
Take the time to determine “worst-case scenarios” for your particular business, industry, and geographic location. For example, a company located in Florida will be more concerned about hurricanes than earthquakes. An e-commerce company could analyze the risks and business impact of a data breach, while a manufacturing firm could map out scenarios based on production downtime.
Next, rank each possible disaster and its potential long-term consequences. Map out how your team would respond to each one. This will provide a framework of issues that need to be covered in your BCP.
3. Factor in data loss
A key component of your BCP should address data loss and recovery. Create a list of scenarios that could impact your data assets, including deleted or corrupt files, server hardware failure, viruses or data breaches caused by an employee’s personal laptop, and so forth.
By classifying your business operations according to these two metrics, you can select the appropriate protection and recovery requirements. Consider cloud-based solutions for recovery of your critical data as these solutions allow for quicker connection and recovery of data or applications and provide access from anywhere.
Lastly, it’s important to remember the only way to ensure that the plan is effective is to exercise the program. This can be done via a tabletop exercise or a full test of the recovery process. The key is exercising the program to ensure you will be able to recover your business in the event of a disaster as smoothly as possible, and staff understand their roles.