Disaster Planning With a Business Continuity Plan (BCP)

Your business may be a thriving place experiencing consistent growth. During these times of growing revenue and increasing profits, it may seem like nothing could go wrong. Of course, assuming such an attitude is na├»ve, as every savvy businessman knows. Whether your business is booming or going through an adjustment period, it’s highly recommended you strategize and create a business continuity plan. If your business doesn’t have a formal plan in place, it’s time to create one. BCP Plan

A BCP (Business Continuity Plan) provides a framework for ensuring business operations run regardless of virtually any possible or unforeseen event occurring in your absence. Within the plan, critical business operations are identified that, should there be a disruption, would have devastating consequences on your business. A priority is made to keep these business components running and, should a disruption occur, a BCP defines (in order of priority and chain of command) how to keep your business fully operational while minimizing downtime. https://www.wikihow.com/Create-a-Crisis-Management-Strategy

Critical technology components consist of all assets (including people) used to facilitate core business processes, as well as applications that support employee productivity and IT infrastructure that manages these critical applications throughout your company.

The degrees of impact of core business processes going down must also be considered in a well-developed BCP. Consider the far-reaching costs of an essential process going offline. For example, your firm may use an accounting application that produces daily financial reports for clients. On one level, the only employees affected are those kept idle by not being able to use the application. However, should the network go down when company management is set to attend a board meeting, without essential financial reports, the consequences become significant.

Applications that enhance productivity have a different impact on business operations. Customer contacts may be kept in a certain database. How are they kept without this database? If the solution is pen and paper, the potential is high for critical business contact information to be lost. In a different perspective, if your business relies on the Internet to establish business contacts around the world and the Web site crashes, the recovery effort becomes impossible because the information was never retained in the first place.

Be sure to keep vendor contact information backed up and accessible so vendors can be contacted in the event of a disaster. Establish contacts that can assist you in the disaster recovery effort, including off-site backups of critical business files, fuel suppliers for on-site power generation and proper insurance coverage information.

Not only must a BCP be in place at your business, employees must also understand the recovery process should the need arise. It is essential that your company document policies that address BCP objectives. Take the time to communicate BCP objectives during orientation and remind employees of BCP objectives annually during yearly employee performance reviews. As the BCP objectives change, it is critical to keep staff informed.

Your BCP will contain RTOs (Recovery Time Objectives) that define the critical time period during which business functions must be restored. Should critical business process remain offline past this time window, you face disastrous consequences at your company. This time window has progressively shrunk with the development of technology that enhances business operations.

Employees should know in advance their responsibilities in the wake of an unforeseen event. Also, specific employees should be selected to communicate contingency plans should the need arise. The fact is your business is only capable of the cumulative total of the work effort put in by staff and the technology that supports your business architecture.

Before the advent of the Internet, businesses often defined RTO as a period of three days. Now that the Internet is a primary means of communication for many businesses, RTOs are often defined in seconds and minutes. Define this figure by attaching a monetary value to the cost of the critical business processes going offline and what that loss would mean to your company.

Keeping the need for BCP in mind, it is important for the reader to ask themselves these questions:

” If your office space was destroyed in a disaster; do you have the proper steps in place to recover from this situation?

” Do you have a contingency plan in place to recover from a significant loss of employees due to a disaster or pandemic?

” What is your contingency plan and where can it be found offline?

” Do you have a clearly defined chain of command at your company and do you coordinate communications?

Business may be booming and the potential for disaster may be minimal, but don’t let that sense of security keep you from developing a BCP. If you can’t clearly answer the questions above, then you don’t have a plan in place that would keep your business functioning following a disaster. Businesses throughout New York City were given a rude reminder of the need for a BCP following the 9/11 disaster, as were businesses throughout the Northeast following the devastating blackout that left one-seventh of the United States population without power on August 14, 2003.

We were all reminded of the potential for a catastrophic disaster when Hurricane Katrina hit New Orleans in 2005. Total monetary losses have soared well over $200 billion. Of this total, the greatest sum can be attributed to business disruptions when facilities were damaged and destroyed, and employees were displaced for an extended period of time. The Katrina disaster provides the best example for Americans to understand the need for a business contingency plan. Could your business continue after such a catastrophe?

Even if your company is located away from the coastline and the potential for hurricanes, your locale could be vulnerable to a catastrophic event, particularly if you are located in a large metropolitan area that attracts a lot of tourists. Other geographic locales can be prone to specific disasters. If you are located near a desert, your area could be prone to choking dust storms, rivers regularly flood and mountainous areas are prone to avalanches. Perhaps you live near an earthquake fault line. The disaster potential of where you live is important so that you can plan accordingly for business continuity.

The types of disasters that create a business disruption are in the thousands. Disgruntled employees seeking to sabotage the company present a risk for business disruption. In particular, a disgruntled IT employee who has access to your most sensitive data and business-critical operations could have a devastating effect with a few clicks of the mouse. Other employees, located in various departments of your company, may steal computer equipment. Besides the monetary loss of the physical piece of equipment, if the hardware included sensitive files or a critical backup files, the potential to disrupt business operations is magnified.

Regardless of the event, communications failures can create revenue losses. Typically, communications lines are down when power lines are down, but not always. How would communications occur at your business if the primary method of communications failed? Hardware crashes can also prove detrimental. Most often, these happen as hard-drive failures where data becomes inaccessible, but information technology always has a potential for failure. Locating the origins of what caused an actual failure can consume a lot of time.

A catastrophic network failure can have a huge impact on your business. Preparing for one is essential to recover from such an event. Network tools must be in place, and used, to offset the potential for unforeseen network failures. Viruses penetrating your internal network can bring about hardware failures, bring down communications or potentially create a catastrophic failure of the network.

Of course, disasters don’t have to be dramatic to cause serious downtime for your company. Brownouts often occur during the summer months when demand for power is at a maximum. Temporary power outages can also occur during traffic accidents involving a transformer. Without auxiliary power, your critical IT processes are not functioning. It is essential to plan for these occasions should they occur; even if you don’t perceive it as likely.

Many companies don’t understand the actual costs involved with disrupted business operations until they become very real after the fact. To understand how these costs add up, you must consider costs both tangible and intangible. Tangible costs are the quantifiable ones directly associated with the downtime such as lost production, idle hourly employees, lost revenues and costs associated with recovering data losses.

To attach specifics to these costs, understand that the average hourly rate for a professional employee in the United States is approximately $42 USD per hour. Take that figure and multiply it by the number of employees at your firm, and you have one of the tangible costs of downtime. Keep in mind, this is but one cost, and it’s per hour, so the tab is running.

Intangible costs are much more difficult to quantify and too often, these are the causes that keep a business from ever opening its doors again. These are the lost opportunities your business had because the doors were closed. Has your business reputation been damaged? Have you lost customer loyalty? What are the costs associated with replacing your best employees?

With all the talk of gloom and doom, hopefully the point has been made: Your business needs a BCP. Your BCP should include steps that minimize downtime. Here are five smart tips to help you achieve that goal:

” Define and document an emergency response policy. This includes the definition of the chain of command at your company and how communications are carried out.

” Define and document a contingency plan for employee communications should the primary means become inaccessible. How would you keep critical communications flowing if your communications network was destroyed? If traditional communications are down, critical employee data such as contact information must be accessible should the need arise.

” Develop a plan to handle business inquiries in the event of a disaster. A server virtualization strategy can provide essential backups offsite in the event your physical office has been destroyed. Provide updates on the company Web site about what is happening locally.

” Consider the dimensions of IT capacity at your business and develop redundancy in your critical systems. Maintaining off-site backups is essential to keeping these mission-critical applications functioning. Consider mirrored off-site data redundancy located off-site from your primary business operations.

” Regularly review the BCP, making changes and updates when necessary. A BCP is dynamic and evolves with your business. Establish quarterly business reviews of the BCP to keep it in line with technology enhancements at your firm. Be sure to train IT staff on the recovery process and don’t depend on a core group to carry out the plan. Backup employees must also be trained on the process should the primary employees become unavailable.

Too often the lessons learned from the lack of a BCP occur when a disaster strikes. However, these lessons have been well documented and your business can learn from these examples to prepare for such an occasion. The key is to not allow your business to become a statistic on disaster unprepared ness, but one that continued its operations after a devastating catastrophe.

About the Author: Michael G. Perry has more than 20 years’ professional experience in management, IT consulting and writing technical documentation related to business process, policies and procedures.

He’s worked for Fedex, Ingram Micro and Merck Medco.

Find out more about how he can help you with Business Continuity Planning and other IT related technologies and services.

To learn more visit [http://sisnv.net/] to email Michael directly.

Disclaimer/Release of Liability Statement: Regarding knowledge shared in this article, Michael G. Perry will not be held responsible for any consequential damages resulting from the application of content or recommendations.