We have come full circle. Or, perhaps more accurately, the circle has expanded. Many decades ago, business continuity planning focused mainly on the sudden loss of a business owner and perhaps what the company might do if its offices burned to the ground. Then, technology took over — and planning began to concentrate on how to preserve mission-critical data and reboot networks as quickly as possible.
Today’s businesses need to do it all. Technology is so nimble and dynamic that focusing entirely on it may leave your physical assets vulnerable to disaster. Yet you can’t completely ignore IT risks either. A truly contemporary business continuity plan must take a 360-degree approach to staying operational.
The Right Team
Begin with the team you have in place to react coherently to a continuity threat. As the business owner, you must be its champion. In tough times, everyone looks to leadership.
But this doesn’t mean you should go it alone. Every company, no matter the size, needs a business continuity team. And each person on that team must know his or her job. Often, these responsibilities can fall right in line with job duties. For example:
- An in-office manager can lead evacuation efforts on your physical premises.
- A telecommuter or largely mobile employee can handle off-site communications.
- An HR staffer can handle scheduling and benefits issues.
- A member of the IT staff can issue information and updates on technology issues.
The precise size and shape of a business continuity team will vary depending on the size and shape of the company itself.
Supply Chain Safeguards
Disaster doesn’t always strike the business itself: sometimes it hits your supply chain. This is a common concern of business owners and risk managers worldwide.
Try to diversify your supply chain so you’re not dependent on one or two vendors. This way, you may be able to shift supply orders to another provider in the event one of the others is disabled by disaster.
If that’s not feasible, at least create a list of backup vendors complete with company profiles and contact information. Be sure to regularly revisit and update this list. The last thing you want is to turn to an alternate supplier in a crisis and find that it no longer exists.
Financials and Insurance
From a financial perspective, your business continuity plan needs to answer several key questions, including:
What is our immediate and short-term financial status? First and foremost, assess your cash position. Are you burning dollars at an untenable rate? One of the many reasons to maintain a strong cash flow is that you’ll be in a much better position to weather a storm, literally or figuratively.
Where are our records? Maintain a clear path to backups of key records such as your financial statements, bank records, vendor agreements and employment contracts. Your CPA and attorney may be able to store copies of some of this important information.
Are we covered? No rational discussion of business continuity planning can take place without at least mentioning insurance. It’s not enough to have the right coverage in place; you’ve got to be able to quickly determine what each policy covers, who your rep is and how to file a claim. At least one member of your team should stand ready to make these determinations.
Technological Aspects
The technological aspects of business continuity planning used to be somewhat more complicated. When businesses relied on tapes or other tactile media to back up data, getting to those backups could be a problem when several feet of water or a pile of smoldering rubble stood in the way.
These days, many (if not most) companies use the Internet — or “the cloud” as it’s come to be called — to not only store data, but also to download or host applications. In the event of a physical disaster, the cloud likely has you covered. If it doesn’t, your business continuity plan should address off-site backups of data storage media.
Either way, your plan also needs to articulate procedures for replacing hardware, restoring communications (such as e-mail servers and phone lines), and keeping your company website and intranet (if you have one) up and running with salient information.
Last but not least, in today’s increasingly virtual world, every company’s business continuity plan needs to confront the specter of hackers. If your servers are breached, a clearly planned response is paramount. (For more on this, see the sidebar “4 steps to responding to a server breach.”)
Revisited, Revised, Rehearsed
There’s no quicker way to go out of business than to stop doing business because of an unexpected crisis. Every company needs a good continuity plan — regularly revisited, revised and rehearsed.