In honor of Business Continuity Awareness Week, we spoke with Dan Johnson, director of global business continuity and disaster recovery at the managed service provider, Ensono. With his experience in the field of business continuity, Johnson was able to provide in-depth insight on what disasters companies should be prepared for and what your business continuity plan should include. Read below for Dan Johnson’s business continuity tips!
Types of disasters companies should prepare for:
Business Continuity Plans (BCPs) should be written for specific business units versus a scenario-basis, and they should be conducive to every type of disaster, whether it’s a hurricane, security breach or measles outbreak. By planning for both short- and long-term outage events, companies can remain resilient no matter the disaster.
The types of disasters companies should keep in mind when building their BCPs are:
- Cyber Attacks: Cyber attacks have become increasingly common for businesses in various industries. Without a recovery plan in place, companies can experience severe reputational and financial damages. BCPs should include steps for companies to respond immediately and effectively, as timely and transparent communication is essential to maintaining customer relationships and avoiding regulation fines.
- Pandemics: In the midst of Swine flu and the H1N1 virus, businesses took Pandemic Planning very seriously; however, it’s been put on the back burner recently. But with today’s measles outbreak, creating Pandemic Plans should be a priority, as managing a reduced workforce can be detrimental if there aren’t procedures set in place.
- Weather/Natural Disasters: Businesses need to analyze their geographic location and determine the weather probabilities in their area to prepare for certain disasters. For example, if your office is located on the East Coast, you should plan for hurricanes. To ensure business continuity through natural disasters, businesses should a relocation plan in their recovery strategy.
Procedures every business continuity plan should include:
The first step of the planning phase is Business Impact Analysis (BIA). This analysis looks at your most critical processes, systems and resources to determine financial and reputational impacts. By analyzing how a disaster could disrupt these factors, you can identify where your people, processes and technology will need support. Once you’ve determined the critical areas in your business, you can begin to build your BCPs centered around them.
An important area to focus on is Technical Recovery Plans (TRPs) to ensure your systems and infrastructure can be recovered. As part of these plans, you should identify the most critical data and software that the business relies on to operate, and identify strategies to recover the technology and information.
Next, outline a Crisis Management Plan (CMP) once there’s a recovery plan in place for the technical operations. This process will provide steps to respond to a business disruption in the case of reputational, operational or financial damages.
Finally, once your plans are created, they need to be tested regularly to ensure what you have developed works. Tabletop or Walkthrough exercises can help familiarize employees with the plans and evaluate the organization’s likelihood to recover from a disaster.
Consider the above business continuity tips, as well as our own business continuity best practices, when developing your strategy.