A Business Continuity Plan is put in place to lower or eliminate altogether the downtime that comes after a disruptive event. These can come in many forms including fires, floods, user error, poor infrastructure, malicious activity, hardware defect, and this day and age, even terrorism. All of these can lead to loss of internet and telecom connectivity and even the loss of data.
Regardless of the cause, when a disruptive event occurs, a Business Continuity Plan will bring order to the chaos that will likely ensue in the wake of the event. The plan will provide a clear path to bringing the business back up to a functioning state in as little time as possible. It will outline which systems, data and resources should be brought back in what order and in how much allowable time in order to not risk closure.
Following are the seven key elements your Business Continuity Plan should have
1. An employee accounting system
If the disruptive event affected more than just your organization, your employees may have concern for their loved ones, they themselves may find themselves in a stressful situation and your BCP should have a way of accounting for the safety and wellbeing of your staff. Your staff is the single most important factor in the success of your BCP.
2. Chain of Command and Contact List
Once the safety of the employees has been established, the chain of command will detail who is responsible for each role, should the person originally in the position is not available. The contact list should not only include information for each employee, and their roles, but for any vendors your company rely on and clients that depend heavily on your product or service.
3. Clearly Defined Business Functions
Your plan should include a detailed list of the important parts of your business including HR, operations, accounting, marketing, sales, and so forth. Each function should detail the resources they rely on starting with staff, workspace and working all the way through to network infrastructure, files, databases and applications. External resources such as material for manufacturing and even fast internet connection, especially if there is a reliance on apps or servers in the cloud, should be included as well.
4. A Determined Amount of Maximum Allowable Downtime
Each business function should be ranked by importance to the business and their resources prioritized by criticality. For example, if you are an accounting service then high on the list of resources would be your client data and your staff. Whereas if you are a manufacturing firm, high on the list would be your materials and machines. To determine the order of priority for each resource, go through each one and determine the maximum allowable amount of downtime for each. With that you will be able to determine how long your business can tolerate being down.
5. Detailed Preventative Controls
The list of resources will also reveal a host of opportunities to install preventative measures that will support your Business Continuity Plan and in some cases even remove down time for that resource itself. That may mean hardware redundancy, or virtualization and will require a varied amount of investment. But as it goes, an ounce of prevention is worth a pound of cure. Your Business Continuity Plan should include the details of these preventative controls as well.
6. Your Organization’s Disaster Recovery Plan
Integral to your Business Continuity Plan is that of Disaster Recovery. Without it, your company is not fully protected from the possibility of failure to rebound from a shutdown event. While you will have strategies in place to keep the business moving, you will need to have one to recover any data lost. Your Disaster Recovery Plan will detail what data is being backed up, where it is being backed up (locally, cloud or both), and how to restore it. This plan can work independently of the Business Continuity plan, say if the disruptive event were limited to just server hardware where the data was stored, or in support of it. In any case, it is critical to have.
7. Practice Schedule
No plan is ever complete until it has been tested once and again. Tests will show where the fail points are and will also familiarize everyone with it so that it is not a cold run when it is truly needed. The Business Continuity Plan must have a schedule for regular tests of data backups from the Disaster Recovery Plan as well. The least desirable time to discover the backups are not valid is when you actually need them.
However complex or simple your Business Continuity Plan is, these are the seven key elements that will guarantee a significant increase in your odds of coming through any disruptive event relatively unscathed.