Preparing for Crisis: How to Create Business Continuity Plan

Blog
Nov 13, 2020
Olga Hout

A business continuity plan is about ensuring your business continues to operate and potentially even grow in times of high distress. This article will cover how you can start your own business continuity planning to ensure the best possible outcome for yourself and your employees. 

In 2019, 25 percent of companies worldwide reported the average hourly downtime cost of their servers to range from $300,000 to 400,000.

So, whenever you're ready to move from a state of vulnerability to a state of preparation, keep reading.

The Crises That Can Affect Your Business

Depending on your business's specific circumstances, many unforeseen events can constitute the occurrence of a crisis. It's your job to plan for them; however, you can't do that without knowing what they are.

  • Theft of equipment, vandalism of machinery.
  • A natural disaster may cause flooding or bring damage from wind, snow, earthquake, or wildfire.
  • Power outage, inability to use telecoms/IT gear.
  • Access restriction: gas leak prevents access.
  • IT failure: PC viruses, hack attacks, system failures.
  • Disease/Infection: outbreak among staff, livestock, or on-premises.
  • Terrorist attack: terrorist strike effects on location and travel opportunity.
  • Loss of key staff: critical leaders leave the company.
  • Customer crises: customer guarantees or insurance offsetting liability to take services.
  • Supplier crises: how to source from alternative supplies.
  • Reputation crises: how to cope with a product recall.

Even though it might seem that most scenarios are unlikely, you must give them enough consideration to security-proof your business from harm.

For instance, to reference IT failure implications, let's take a look at average hourly server downtime costs. 

In the year 2019, a quarter of participating respondents worldwide reported that the hourly server downtime cost, on average, came out to over $300,000. 

Benefits of a Business Continuity Plan

You will have a newfound appreciation for BCP if you have a clear constitution of what it can bring to your business. So here is how you can benefit from a business continuity plan.

Public Perception

By showing a proactive approach to being prepared, the general public and customers will have a favorable impression of your enterprise. This leads to a level of trust, which is likely to help them become loyal customers.

Morale & Loyalty

Employees are likely to seek stability in an enterprise they belong to. A BCP is a great way to assure them that they found what they are looking for. I will give them pride in work and motivation to improve productivity.

Shareholder Relationship

Shareholders will trust an enterprise enough to encourage investments. Partners will not want to stop collaborating with the business if they know all necessary efforts are made to prepare for the unexpected. That's very valuable.

Overall Efficiency

In the event of a crisis resulting in operation disruption, a solid BCP will allow the enterprise to respond appropriately, keeping losses minimal and costs negligent.

How Often Should A Continuity Plan Be Tested?

It's quite simple. The more effort you put into the plan, the better it will be. A business continuity manager should regularly look over the plan to ensure it's up to date with current business processes. 

The larger the enterprise, the more complex the systems will be. This means you need to review your continuity plan even more frequently to ensure there are no gaps overlooked.

The following is advised to maximize the validity and reliability of a plan while minimizing the amount of time put into plan review.

Review Twice A Year

Your team must review the business continuity plan elements on a bi-annual basis to ensure that all responses apply to the current business status. Also, you can use this time to ensure responses align with business goals. If your plan depletes your business, it's doing the opposite of what it's supposed to.

Emergency Drills Once A Year

Just like schools have fire drills, your enterprise should have emergency drills to prepare staff for the continuity plan's actions. This will help your team react when a real crisis occurs because of the sheer practice performed. If your workforce does not know what to do, provide them with training material to review on their own time.

Tabletop Reviews Every Other Year

All shareholders involved in the business continuity strategy should meet every year to discuss the plan and conduct a tabletop exercise test. This does not take too much time and does not require physical testing, but it can reveal some serious red flags that need to be addressed.

Comprehensive Reviews Every Other Year

Unlike the previous review, a comprehensive review is a more in-depth process. It should look at the cost-benefit parameters and recovery procedures to ensure everything is regulated up to date with current operations.

If you don't comprehensively review your business, you don't have a plan whatsoever. Having a business continuity strategy that is outdated is worse than having no plan at all. Your business must be prepared. There's nothing in between.

Mock Recovery Testing Every Two Years

Mock recovery testing is the most in-depth test in the continuity plan, and it's used to test the plan for any mishaps or weaknesses. Since this is time-consuming, it can be done at least once every two years. 

No matter the business you operate, you need to be considering the possible threat of crisis. If you want to manage them, you must have a continuity plan to tackle unexpected situations. 

 

Assess the Impact of Risks

The first thing to do when creating a plan is to analyze the consequences and probability of a crisis affecting your business. 

Business Impact Analysis should help you determine which functions of the business are essential to day-to-day operations. You're likely to determine that some business roles, while necessary in regular cases, are not critical in a disaster.

It can be useful to grade the likelihood of a crisis occurring, perhaps on a numerical scale. This will help you decide the attitude of your business towards the risks. You might be able to determine to do nothing about an unlikely crisis but react strongly to a very likely crisis.

To determine the potential impact of the crisis on the business, it can be useful to think of the worst possible outcomes and how they can damage your business.

For example, how can you access your data on the suppliers and customers if a flood has damaged your computers? Where would you operate if the premises were burnt in a fire? You must examine the crisis from the customer perspective. Consider how they will be affected.

Would they start to look for alternatives? Consider if you will keep your service-level agreements if a crisis does occur and what consequences might persist if you cannot.

Minimize the Impact

Once you've determined the risks that your business faces, you need to take the necessary steps to protect it from them. Let's examine potential changes you can make to protect certain functions of your business.

Premises

Good gas and electrical safety can help prevent fires. Installing burglar and fire alarms also makes much sense. Think about what you would do in a crisis if your premises are not accessible.

For instance, you can suggest an arrangement with another local business to share the premises if the crisis-affected either party. You can have another location on-activated retainer to ensure you have a place to work after a disaster.

Machinery & Equipment

If you need to regularly use vital equipment, you might need to cover them with maintenance plans that guarantee emergency call outs. Installing anti-viruses, maintaining agreements, and backing up data will protect your IT structures.

You might also want to pay an IT company to perform offsite backups. Printing out physical copies of customer databases can be a good way to keep in touch with customers if IT fails.

If your IT fails, your business most likely fails. So how can you expand your IT beyond your premises? How can you secure remote work to ensure employees are not exposing data from their homes?

People

Ensure that you are not dependent on a few critical staff members. Get them to train other people as well. Consider if you can get temporary assistance from a recruitment agency if illness left your staff lacking in capability. 

Consider all types of insurance as an effective strategy for risk management.

Plan How You Will Act

You would start building the continuity plan by setting out how you will cope with the crisis. It should outline:

  1. The individual roles of the persons involved in the emergency
  2. The business functions you need to operate to ensure your business does not fail.

The first hour after the crisis occurs is the most important. As a result, you need to plan for immediate actions to be taken after the crisis occurs. Consider training your workforce and providing them with necessary business continuity resources to help them perform their responsibility during an emergency scenario. 

Ensure that all employees know what they have to do if something happens. Arrange a checklist form to track all the key steps and how they were performed during the crisis.

Add contact details for individuals or groups you need to notify in case of an emergency, such as insurers, customers, suppliers, emergency services, utility companies, municipal providers, other businesses. Include details for locksmiths, plumbers, glaziers, IT specialists, electricians. Include the map of your premises' layout to help individuals find fire escapes, safety equipment, sprinklers, and general navigation around the location.

Elaborate on how you will deal with media interest. Appoint a spokesperson to handle questions. Ensure positivity ins statements. Ensure that suppliers, customers, and staff are informed before any of the media is.

Ensure that hard copies of the continuity plan are located at home, with key staff members at their home and the bank.

Remember Why You're Planning

Business continuity planning is vital and will significantly dampen the losses that might occur from disruption. However, these efforts are not the only way to mitigate risk.

You need to consider the enhancement of your overall organization resilience. This means you need to:

  1. Improve digital maturity and resilience
  2. Develop a robust security program for information
  3. Improve organization agility
  4. Create a culture that is flexible, adaptable, and skilled
  5. Create a process that is designed to respond effectively to disruption
  6. Improve productivity, adaptability, and employee performance through training programs
  7. Prevent workplace hazards through protocols and work procedures

In other words, resilience is a holistic approach to strategy that mitigates and prevents disruptions. That's why you're planning, and that's what you should focus on.

Conquer BCP Creation With Agility Recovery

Now that all the reasons businesses invest in creating a business continuity plan have been laid out, you are well on your way to ensure your business operation's safety even during the most troubling times.

In any case, you might feel that a continuity plan is optional, but if you care about your business, it's a necessity. It might sound like it's not hard to create a BCP with all the steps explained in detail, but if it's the first time you're doing it, it's quite difficult.

For that reason, we created Agility Planner that makes BCP creation very simple with instructive guidance and historical data. If you'd like to ensure that your continuity plan is optimized to the maximum, get in touch with us, and we will help you with a demo.

Olga Hout