|Rich Best has spent 28 years in the financial services industry, as an advisor, a managing partner, directors of training and marketing, and now as a consultant to the industry. Rich has written extensively on a broad range of personal finance topics and is published on several top financial sites. Recent books include The American Family Survival Bible and Annuity Facts Revealed: What You MUST Know Before You Invest.|
Will Your Business Survive the Next Disaster?
During a year in which major hurricanes ravaged significant portions of our country, fires burned down entire towns, and cyber armies launched full-scale attacks against major corporations, businesses of all types and sizes have been fairly warned - they may not survive whatever disaster might come their way. For businesses that hope to survive the next disaster, having a well-conceived, comprehensive business continuity (BC) plan may be their only chance.
Many businesses enter the New Year thinking that their disaster recovery plans (DR) will get them through a major disruption. However, a DR plan only focuses on getting the IT operations up and running. It doesn’t address human resource functions or manufacturing and sales operations. It doesn’t include a business impact (BIA) analysis, which identifies and quantifies the impact of a sudden loss of these business functions. These are critical components of a comprehensive BC plan that offers the best opportunity for a business to keep or get its revenue flowing.
A BC plan maps out all of the procedures for a business to follow when its operations are disrupted, including the detailed instructions and processes for personnel responsible for mission-critical functions. The BC should be well thought out, written down, and communicated to key personnel with copies stored off-site.
The following are the key steps and components that go into creating an effective BC plan:
Analyze Possible Threats
Every impact from a possible threat will need a sufficient response, whether it’s physical damage caused by a major storm or earthquake, the loss of life due to any disaster, the loss of your network due to a cyber terrorism attack, or the loss of power during a power outage. The response should include procedures for handling displaced employees.
The middle of a crisis is no time for department heads to be arguing about who is in charge. Your BC plan should establish a clear chain of command that considers the possibility of some key personnel being displaced, hurt or worse. Alternates should be assigned, and all personnel should be cross trained to handle each of the procedures outlined in the BC.
The plan needs to include the contact information on people and entities that will be needed, including the senior officers and department heads of the company, legal advisors, security services, utility companies, and emergency responders. The annual review of the BC plan should include updating all of the contact information.
Disaster Recovery Team
The plan should include creating a disaster recovery team (DRT) to have trained specialists experienced in handling various aspects of disaster recovery, including IT, communications, manufacturing, and personnel. The DRT will work alongside emergency services in getting the business to the point where operations can be reestablished. The plan should also create a business recovery team responsible for reestablishing regular operations once the DRT has completed its job.
The key to business recovery is the restoration of your business’s data that may have been lost or destroyed during a disaster. If you simply back up your data and store it in the server room, you may be out of luck. The BC plan should include at least two preferably three forms of data backup, including removable media stored at a separate location or cloud storage, or both. Ensure the plan consists of a list of personnel who know where the data is stored and have the keys and passwords to access it.
Secondary Power Source
The loss of power for any reason can be a disaster in and of itself. The BC plan should include procedures for accessing alternate power sources in the event of a long-term outage. If backup generators are to be used, the plan must indicate who is responsible for their safe use. The plan should include a cost analysis to determine whether it is more practical to run generators for days or simply close down operations until power is restored.
With most disasters, you can expect some disruption in communications. It will be essential to maintain contact with off-site employees, emergency services, and customers. The BC should include a list of employees and their cell phone numbers. It may be a good idea for the business to have a ham radio in the event of a widespread loss of phone lines and Internet connections. If your company has its own email server, alternate email addresses for critical employees should be listed in the BC plan.
Ideally, your business has access to alternate facilities where temporary operations can be established. This might be a warehouse or branch office. A key customer might have space available to house a skeleton operation. The plan should include the place, the procedures for moving there, and the estimated costs for moving and setting up temporary operations.
If a disaster causes the loss or severe damage of essential equipment, the plan should specify how it or its functions will be replaced. For example, if your servers are damaged, you could switch to a Web-based hosting service until your equipment is replaced.
Like it Never Even Happened
The BC plan should include a complete process for restoring the business to its pre-disaster state. This should consist of damage assessment, estimating recovery costs, and working with insurance adjusters. The recovery team monitors the process while transitioning the business operations to regular management.
Finally, the only way to know if your BC plan will fulfill its intended purpose is to test it. This could include a structured walk-through or simulation with members from every department. It could also include a table-top exercise involving all team members reviewing the plan looking for holes or outdated procedures. Some form of testing should occur at least once per year - more frequently when the company undergoes personnel or management changes. Speaking of management, without the involvement of senior management in the planning, testing, and communication of the plan, the employees may not view it with the credibility and urgency it needs.
Read Other Small Business Financial Articles