A Business Continuity Plan (BCP) lays out the steps and procedures a company will follow before, during, and in the wake of a disaster to maintain maximum functionality during the emergency and get its operations back to normal in the shortest possible time.
Every business owner knows that planning for the unexpected is critical to success. But what many don’t realize is that a comprehensive BCP is a vital part of that preparation. BCP helps you protect your company from disasters, both big and small. So what exactly is business continuity planning, and why should you bother with it? Here’s a look at what BCP entails and how it can help your business survive any crisis.
1) What is business continuity planning (BCP)?
A business continuity plan (BCP) positions your organization to survive severe disruption. It eliminates confusion common to every disaster, providing a clear blueprint for what everyone should do. Most importantly, your business continuity plan supports communication between employees and customers.
Business continuity planning involves identifying all risks that can affect the company’s operations. The plan should also determine how those risks will affect operations and implement safeguards and procedures to mitigate the risks. There should also be testing procedures to ensure these safeguards and systems work. Finally, there should be a review process to ensure that the plan is up to date.
What is a business disruption?
Business disruptions can include intentional or accidentally caused by humans or natural disasters. Every business faces risks to its continuing existence. While some of these may be unique to each organization, many are common. Potential disasters and threats can include:
- Natural disasters
- Terrorist incidents
- Failure of a supplier
- Power blackouts
- Data breaches
- Staff availability
What is the difference between business continuity and disaster recovery?
Business continuity focuses on keeping business operational during a disaster, while disaster recovery aims at restoring data access and IT infrastructure after a disaster. The two are often invoked concurrently; this allows a business to focus equally on maintaining operations and ensuring that employees are safe.
2) Why do you need a BCP in place for your business?
A business continuity plan will ensure that staff knows their roles and responsibilities in the event of an unexpected incident and respond following recognized practiced and agreed on procedures. Doing so will ensure that the impact on your business is limited.
BCPs help the organization maintain resiliency in responding quickly to an interruption. Solid business continuity planning saves money, time, and company reputation. Extended business outage risks financial, personal, and reputational loss. What’s more, without an effective business continuity plan, companies cannot effectively communicate with their stakeholders during an emergency. Lack of communication means the company can’t respond adequately to disruptive situations.
Businesses are prone to a host of disasters that vary from minor to catastrophic. Therefore, BCPs are an essential part of any business. A BCP is typically designed to help a company continue operating in the event of threats and disruptions. Lack of a BCP could result in a slower recovery, loss of revenue, and higher costs, leading to a drop in profitability. And, businesses can’t rely on insurance alone because it doesn’t cover all the costs and the customers who move to the competition.
What is the goal of a business continuity plan?
A BCP has an overall goal of continuing business activity during a disruption. Moreover, the primary purpose can be broken down into several smaller objectives.
- Protect critical business functions. Depending on the business, the BCP establishes which business functions are the most vital, specifically functions that deliver the organization’s goods and services. These functions take priority over others during a crisis.
- Mitigate impacts on the organization: A critical purpose of the BCP is to prevent and mitigate damage to the organization during disruptive events.
- Assign responsibilities and tasks. The BCP sets out roles and responsibilities for all BCP activities. The plan also defines a decision-making and governance structure and who is responsible for invoking the plan.
- Defines communication strategy: Once the plan is executed, the BCP defines how roles, responsibilities, decisions, and actions will be communicated to employees. Communicating these critical constituents ensures that BCP activities are undertaken.
- Defines the testing scope and methods: The BCP defines how the plan should be tested and revised and sets out conditions (scenarios) and the range of testing. The plan will assign measures/metrics to ensure it is effective.
6. Restore normal operations. The BCP defines the conditions under which normal operations can resume.
3) How does a BCP work, and what goes into it?
Business continuity planning involves identifying all risks that can affect the company’s operations. The plan should also determine how those risks will affect operations and implement safeguards and procedures to mitigate the risks. There should also be testing procedures to ensure these safeguards and procedures work. Additionally, there should be a review process to ensure that the plan is up to date.
Many organizations do not realize that business continuity can. They should initially address an organization’s most critical and time-sensitive products and services, expanding to other parts of the organization in order of priority. An appropriate scope enables an organization to plan for a disruptive incident efficiently.
Who decides to invoke the BCP?
A BCP contains a governance structure often in the form of a committee. The committee ensures senior management commitments and defines senior management roles and responsibilities. The BCP senior management committee is responsible for the oversight, initiation, planning, approval, testing, and audit of the BCP.
The crisis management team (CMT) assesses the information about the emergency and decides whether or not to invoke the BCP. If business continuity is deemed necessary, the CMT may potentially invoke a disaster recovery plan in parallel if the solution is in their control. The two-process ensure that business activity will continue and that a full recovery will be initiated once the disaster is contained.
4) How do small businesses develop business continuity plans?
Steps to Creating a Business Continuity Plan
1) Assemble a Business Continuity Management Team: Create a contact list of key people to develop the plan. The list should provide a detailed overview of their roles and responsibilities in the event that the BCP is invoked. Design a process wherein the BCP will be updated and communicated to stakeholders.
2) Ensure Safety and Wellbeing of Your Employees: BCP must prioritize the safety of employees before, during, and after a crisis. Therefore, programs should be developed that focus on employee well-being, health, and safety.
3) Understand the Risks to Your Company
Once the management structure has been created, all possible risks to the business must be assessed. Risk assessment can take the form of Business Impact Analysis (BIA). BIA analysis will help you identify specific threats to financial performance, operations, supply chains, reputation, employees.
4) Implement Recovery Strategies
Once a disaster occurs and financial losses begin to grow, it can be challenging to get back on track without a BCP in place. Business recovery plans provide strategic plans for recovering lost capacities, customers, and finances during the disruption. The BCP should address every business function.
5) Test and Make Improvements
Testing your business continuity plan allows you to validate it as you manage risks. The result of this testing is not “pass or fail,” yet continuous improvement by identifying findings through a live exercise. Prepare your organization for success by using this checklist for business continuity testing.
5) What are some examples of disruptions that cause a business to execute BCP?
1) Ransomware hobbles the city of Atlanta
The March 2018 SamSam ransomware attack on the City of Atlanta is an example of inadequate business continuity planning. The attack devastated the city government’s computer network, disrupting city services, including its police records, courts, utilities, parking services, and other programs.
Computer systems were shut down for five days, forcing many departments to complete essential paperwork by hand. Even as city services were slowly brought back online, the full recovery took months. The full impact of the attack was projected to cost more than $17 million.
2) Fire torches office of managed services provider (MSP)
In 2013, lightning struck an office building in Mount Pleasant, South Carolina. The lighting caused a fire to break out. The offices were home to Cantey Technology, an IT company that hosts servers for more than 200 clients. The fire destroyed Cantey’s network infrastructure, melting cables and burning its hardware.
Cantey had already moved its client servers to a remote data center as part of its BCP, where continual backups were stored. Even though Cantey’s staff were forced to move to a temporary office, its clients never experienced any interruption in service. The Cantley example serves to demonstrate the benefits of a strong BCP.
3) Computer Virus Cripples UK Hospital System
One of the worst BCP examples took place in November of 2016. A computer virus infected a network of hospitals in the UK, known as the Northern Lincolnshire and Goole NHS Foundation Trust. The virus crippled its systems and halted operations at three separate hospitals for five days.
Patients were turned away at the door and sent to other hospitals, even in critical cases such as childbirth. Only critical emergency patients, such as those suffering from severe
accidents, were admitted. In total, more than 2,800 procedures and appointments were canceled.
4) German Telecom Giant Rapidly Restores Service After Fire
On April 4th, 2020, Deutsche Telekom discovered a dangerous fire was encroaching on a crucial company facility. The facility was a central switching center, which housed important telecom wiring and equipment vital to providing service to millions.
The company uses an incident management system from Simba, which alerted staff to the fire, evaluated the impact of the incident, automatically activated incident management response teams, and sent emergency alerts to Simba’s 1,600 Germany-based employees. Unfortunately, the fire reached the building, ultimately knocking out the entire switching center. But with an effective incident management system in place, combined with a redundant network design, the company could restore service within six hours fully.
Deutsche Telekom is an example of solid business continuity and recovery planning.
Business Continuity Planning In Summary
It is crucial to plan for what should happen before, during, and after a disaster. If you’re unsure where to start with your business continuity plans or how to separate the phases into manageable tasks that reflect their relative priorities, then reach out today. You can find more information at timewellscheduled.com as well as other blogs on this site about effective ways to manage all aspects of your company’s operations, from marketing strategies through workflows and projects to customer service issues, including complaints management best practices.”