What is Business Continuity?
Business continuity plans are typically constructed by considering all aspects of an organization, including its structure, technology systems used by employees (e.g., email servers), supply chain logistics (e.g., food delivery), employee training requirements, etc. These plans require great attention to detail and could be overwhelming for small businesses, but these are the general steps to follow when creating a business continuity plan:
Step 1 – Identify Critical Business Functions
- Accounting & Finance
- Marketing & Communications
- Human Resources
Step 2 – Conduct a Risk Assessment/Risk Management
- Identify Risks: When conducting your risk assessment, it’s crucial that you identify all possible risks. Don’t be limited by what you think might happen—you want all possible scenarios considered so they can be addressed in your BCP. Identifying these risks could include natural disasters, cyberattacks, or even human error by employees or customers (e.g., if someone forgets their keys).
- Assess Risks: Once all risks are identified and categorized, it’s time to assess them further by prioritizing them based on severity, probability, and impact for each potential scenario. This will help determine which actions should be taken should something go wrong at any given time across different departments within your company structure or supply chain network (if applicable).
Step 3 – Establish Recovery Priorities
Recovery priorities should be based on the criticality of the business function being performed and its importance for your company’s bottom line. For example, suppose your company has an internal social media presence through which it communicates with customers and other interested parties. In that case, that function might have a higher priority than its website or email server.
Recovery priorities are also important when it comes to data. Suppose confidential customer information is stored on your networked storage device and fails catastrophically during an outage. In that case, this will significantly impact both revenue loss and brand reputation damage.
Step 4 – Develop Recovery Plans
The following should be included in each Recovery Plan:
- The steps required for recovering from a disaster (for example: “Immediately shut down all computers in use by customers and employees when the earthquake occurs”)
- The procedures for recovering from the disaster (for example: “After shutting down all computers, call IT support at extension 1234 and ask them to assist with restarting services once power is restored and testing has been completed)
- The person(s) responsible for implementing the plan (for example: “IT Support Team Lead”).
Step 5 – Test and Review Plans
Step 6 – Implement and Maintain the Program
- Implementation
- Maintenance
- Continuous Improvement
Implementation of the BCP is the final step in the process. The BCP must be implemented to ensure that it is effective. An effective business continuity plan will include regular maintenance and continuous improvement activities and a periodic review of its processes and procedures to ensure they remain current with changing circumstances, technology, and human resources.