Though we never know when disaster will strike, we can adequately plan for one. Even with some amount of lead time, however, many things can go wrong. Each incident is unique and unfolds in unexpected ways. This is where having a truly effective business continuity plan in place matters. To make sure your organization has the best chance of success during a disaster, you need to put an updated, tested plan into the hands of all personnel responsible for carrying out any part of that plan. Failing to have a plan doesn’t just mean your organization will take longer than usual to recover from an event or incident – the statistics clearly show that you could go permanently out of business.
The Difference Between Business Continuity and Disaster Recovery Plans
Business continuity (BC) refers to maintaining business functions or quickly resuming them in the event of a major disruption, whether caused by a fire, flood, epidemic illness or an Internet-based malicious attack. A good BC plan outlines procedures and instructions that must be followed by an organization in the face of such disasters. It covers business processes, assets, human resources, business partners, and more.
A disaster recovery plan is not the same as a business continuity plan, though a disaster recovery (DR) plan focuses mainly on restoring IT infrastructure and operations after a crisis. It’s only one part of a complete business continuity plan, as a BC plan looks at the continuity of the entire organization. It makes sure you have a way to get HR, manufacturing, and sales and support functionally up and running so the company can continue to make money following a disaster.
Creating a Winning Business Continuity Plan
If your organization doesn’t have a BC plan in place, start by assessing your business processes, determining both which areas are vulnerable and the potential losses you stand to incur if those processes go down for a day, a few days or a week. This is essentially a business impact analysis (BIA).
Next, develop a working BC plan. You can use any number of free templates available online or find an actual plan published by an organization similar to yours and modify it as needed.
There are six main steps involved in creating a business continuity plan:
- Identify the scope of the plan.
- Identify key business areas.
- Identify critical functions.
- Identify dependencies between various business areas and functions.
- Determine acceptable downtime for each critical function.
- Create a plan to maintain operations.
You’ll want to have a checklist that includes supplies and equipment, the location of data backups and backup sites, where the plan is available and who should have it, and contact information for emergency responders, key personnel and backup site providers. Remember that the disaster recovery plan is part of the business continuity plan, so check with your IT department to ensure it has or is actively developing a DR plan.
Testing Your Business Continuity Plan
Once you’ve drafted your BC plan, you must rigorously test it to know if it will work, and fulfill its intended purpose. Many organizations test a business continuity plan two to four times a year. Any BC plan testing schedule depends on the type of organization, the amount of turnover of key personnel, and the number of business processes and IT changes that have occurred since the last round of testing.
Common BC plan testing includes table-top exercises, structured walk-throughs, and comprehensive simulations. Test teams are usually composed of the recovery coordinator and members from each functional unit.
- A table-top exercise usually occurs in a conference room with the team poring over the plan, looking for gaps and ensuring that all business units are represented therein.
- A structured walk-through consists of each team member walking through his or her components of the plan in detail to identify any weaknesses. Often, the team will work through the test with a specific disaster calculated for. Some organizations incorporate drills and disaster role-playing into their structured walk-through. Any weaknesses should be corrected and an updated plan distributed to all pertinent staff. It’s also a good idea to conduct a full emergency evacuation drill at least once a year.
Finally, disaster simulation testing should be performed annually. For this test, create an environment that simulates an actual disaster, with all the equipment, supplies, and personnel (including business partners and vendors) who would be required. The purpose of a disaster simulation in real-time is to determine if you can carry out critical business functions during an adverse event. During each phase of business continuity plan testing, include some new employees on the test team to ensure all are “on board”. Also, fresh eyes might detect gaps or lapses of information that experienced team members may have overlooked.
Review and Improve Your Business Continuity Plan
Great effort goes into creating and the testing phases of a BC plan. Once that job is complete, some organizations let the plan sit, while other, more pressing tasks get attention. When this happens, plans become ineffectual and are of no use in time of need.
Ensuring Business Continuity Plan Support and Awareness
Every business continuity plan must be supported from the top down. That means senior management must be represented when creating and updating the plan; no one else can delegate that responsibility to subordinates. In addition, the plan is likely to remain fresh and viable if senior management makes it a priority by dedicating time for adequate review and testing. Management is also key to promoting user awareness. If employees don’t know about the plan, how will they be able to react appropriately when every minute counts?
Get a Business Continuity Consultation Now
If you would like a comprehensive business consultation, talk to a representative of One Up Solutions Northwest, a leader in IT management and services. Call us today at (503) 278-5011, or email us at firstname.lastname@example.org and we will help you attain your business networking goals.