Do you have a Business Continuity Plan?

Do you have an Business Continuity Plan?

As much as 60 percent of hacked small and medium-sized businesses go out of business after six months.

A business continuity plan creates systems and processes used in the prevention of and recovery from threats to a business. Not only does the plan guide best practices in preventing risk, but also allows the business to continue operations while responding to disaster.

BCDR

Research conducted by the National Cyber Security Alliance found that:

  1. Almost 50 percent of small businesses have experienced a cyber attack.

  2. More than 70 percent of attacks target small businesses.

  3. As much as 60 percent of hacked small and medium-sized businesses go out of business after six months.

A business continuity plan can include many specific risks for your business, but the most common continuity plans account for the following categories:

  • Biological Threats (Viral, chemical, etc)

  • Cyber attack

  • Facility Damage (Fire, broken pipes, damage)

  • Human error

  • Interruption of utilities (Water, Gas, Power, Electricity)

  • Mechanical Failure

  • Natural Disaster (Flood, Forest Fires, Tornado, etc.)

  • Physical and data theft

  • Storm damage

Business Impact Analysis

You start by performing a business impact analysis to identify your key areas of risk. During your analysis, weigh the financial cost that disruption of business processes and production systems may have.

Ensure to account for:

  • Contract penalties & Lost contractual benefits

  • Delay in Business Projects

  • Fines

  • Increased Overheads (Outsourcing, costs of labor overtime, expediting, etc)

  • Lost sales & revenue

  • Regulatory Compliance

  • Reputation Damage, Loss of Customers

Next, look at the dates and times that your business is performing critical operations to see when you are most vulnerable.

Examples of critical timing:

  • Power outage lasting several hours or days

  • Retail store preparing for a sale or holiday

  • Server fails before it can perform it’s daily backup

Use the FEMA Business Impact Analysis Worksheet to guide you in this process.

Recovery Strategies

Now that you have identified as many theoretical scenarios that can impact your business and weight their impact, you can begin planning for them. Recovery of time-sensitive or critical processes requires resources.

Resources Required by Recovery Strategies may include:

  • Inventory including raw materials, finished goods and goods in production.

  • Office space, furniture and equipment

  • Production facilities, machinery and equipment

  • Staff

  • Technology (computers, peripherals, communication equipment, software and data)

  • Third party services & Service Providers

  • Utilities (power, natural gas, water, sewer, telephone, internet, wireless)

  • Vital records (electronic and hard copy)

Because many resources cannot be replaced immediately following a loss, businesses should estimate the resources that would be needed in the hours, days and weeks following an incident.

Recovery Strategies

Recovery strategies are planned alternatives to business processes that can restore production to a acceptable level after a business incident. Typically, these are prioritized by the recovery time objectives (RTO) developed during the Business Impact Analysis.

Your recovery strategies should also account for their required resources to ensure there are no unnoticed resource gap.

Example:

You have a server that is vital to production operations, so you configure a replica server in case it breaks down. Instead, a fire destroys both machines. This is a resource gap.

Essentially, you should plan for your plans to go sideways as well.

Now that you have a picture of your risks, recovery plans, costs, and resources required; you can pull it together into a plan. When creating your plan, identify key stakeholders and develop response teams for various scenarios. Your document should have every detail needed to respond to any incident.

Don’t forget these essentials:

  • Contact info for team leaders

  • Contact info for key suppliers, vendors, utilities, providers

  • Contact info for civil services (Police, Fire, Medical)

  • Building Maps, Vital Diagrams, Flow charts for teams.

  • Account details for utilities and services

  • Document manual workarounds

  • Relocation plans (alternative office until disaster ends)

  • Recovery strategies for Information Technology (IT)

If you would like to learn more, Ready.gov has an excellent collection of business preparedness programs, including Business Continuity Planning.

Information technology (IT) includes many components such as networks, servers, desktop and laptop computers and wireless devices. The ability to run both office productivity and enterprise software is critical. Geek it Together can assist you with your Information Technology plan, as well as implement business continuity and data recovery on your critical systems. Have a look at our IT as a Service and contact us today!