4 Steps for Developing an Effective Business Continuity Plan
11.29.2016 By AVAILITY
If Hurricane Matthew has your organization thinking about preparing for a natural disaster, you’re not alone. Many organizations that were in the eye of the storm are now reviewing their existing business continuity plans, while others are recognizing they need to have one.
A business continuity plan is a dynamic tool used during emergencies, catastrophic events and natural disasters where buildings, personnel, and technology may be impacted. A well-designed business continuity plan documents what processes need to be in place to ensure your organization is able to quickly resume normal business functions in the event of a disaster.
Consider the following four steps when developing your organization’s Business Continuity Plan.
1. Develop a Business Impact Analysis
Each department within your organization should develop a business impact analysis, which identifies the personnel and resources needed to maintain business continuity in the event of a disaster. Each department should document critical systems, processes, and business activities, as well as project the minimum recovery period that’s required for each. The business impact analysis should also take into consideration the potential impact on reputation, reporting, resources, and operations.
Each department’s business impact analysis should consider the following:
- Loss of facility: What would your organization do if you were to lose access to your main facility? What are options for alternative locations and how would you address issues such as power supplies, physical security, electronic surveillance, and protection from intrusion.
- Loss of personnel: How would you maintain operations if essential staff members are not able to make it into work?
- Loss of technology: How would you maintain operations if critical IT applications are unavailable?
- Loss of key vendors: How would you maintain operations if an incident affected a vendor’s ability to support critical functions?
2. Develop a Business Continuity Plan and Disaster Recovery Plan
Once the business impact analyses are complete, the next step is to coordinate with your organization’s Compliance department to document a business continuity plan. The business continuity plan identifies how your organization will monitor incidents that may cause a business disruption, and lists those functions which, when not performed within a specified period of time, would suspend or terminate business operations or jeopardize the health and safety of employees or clients.
A successful business continuity plan identifies clear objectives around the following:
- Employee safety: Employee health, emotional well-being, and safety should be prime considerations when designing a business continuity plan. Have a plan for ensuring employees and their families are safe and that there are adequate workplace practices and employee assistance programs in place.
- Recovery of essential activities: Document the processes and procedures required to continue critical business functions during and after a disaster.
- Company asset protection: Document how to protect and preserve your organization’s physical, financial, and intellectual assets, as well as your organization’s reputation.
- Effective Communication: Communicating to employees, clients, and vendors is essential before, during, and after a disaster. Create detailed instructions on how to distribute comprehensive, timely, and accurate information about the status of business operations and the current risk forecast.
A Disaster Recovery Plan (DRP) documents the recovery component of the business continuity plan and facilitates a smooth transition to recovery efforts following an incident, the escalation of recovery efforts in the event of a long-term disruption, and (iii) the return to normal business operations as quickly as possible.
3. Establish a Business Continuity Plan Leadership Team
The members of the business continuity leadership team provide direction and leadership in the event of a disaster by overseeing the response and recovery efforts. Those selected should be skilled communicators with expertise in logistics and in executing emergency response protocols. Leadership team members might include the chief executive officer, chief compliance officer, chief operations officer, chief financial officer, facilities manager, and human resources director.
In the event of a disaster, the BCP Leadership Team appoints a person to lead the team. As the incident unfolds, this leader determines whether to activate the business continuity plan. Activation includes the initial response to the emergency, assessment and escalation, declaration of the disaster or emergency, and implementation of the plan.
4. Implement Employee Training Programs
Implementing training programs can help your employees develop skills in how to respond in the event of a disaster. You should consider offering programs such as leadership training, tabletop discussions, scenario-based emergency response training, and disaster recovery exercises at least annually. Any insight you gain during training should be incorporated into your business continuity plan.
Don’t wait for the next storm forecast to evaluate or implement your business continuity plan. Make it a regular part of your organization’s strategic planning processes for 2017 and beyond.