As (COVID-19) coronavirus seizes the world, the economy is grappling with how to respond to this growing threat. Businesses across the globe need to protect the health of their employees and minimize the impact to their business with robust business continuity planning.
What is Business Continuity Management?
At the highest level, a business continuity management program refers to the holistic management process that identifies potential threats to your company and helps you develop organizational resilience during and after an actual event.
There are various events, including the current coronavirus pandemic that can cause significant business disruptions. These disruptions may result in temporary or permanent loss of the critical requirements — including vital records, IT infrastructure and staff needed to execute business operations.
In order to protect a company’s viability, businesses can work to develop site-specific recovery strategies that focus on a disruption during a peak business cycle, when the services or output are at the highest level and most critical point.
Business Continuity Tools During Coronavirus
A Business Impact Analysis (BIA) enables a company to identify sites and business operations that, when absent, would impact profitability and threaten company survival. While the size and complexity of essential business elements required for sustainability vary among companies, the ability to quantify and prioritize critical business operations is a key business continuity element.
Completing a BIA will allow for each department within your organization to explain and discuss how the coronavirus, or another unexpected event, may affect their business function. Managers should also review the following business continuity planning elements for each critical business function:
- Identify the duration and point in time when an interruption would impair critical processes and develop recovery time objectives.
- Estimate the maximum allowable downtime for each specific business function.
- Test work-from home bandwidth and feasibility.
- Identify and implement actions to mitigate risk and develop tactical methods for continuing critical operations safely.
- Develop training and exercises for Business Continuity Plan (BCP) personnel assigned to support the continuity of operations.
Site-Specific Responses and the Coronavirus
A BCP should include site-specific details that can direct critical process continuation and restoration. The following continuity plan components should be included in a site-specific BCP.
1. Plan distribution list: Names, addresses, and contact information of those that retain secure access to the BCP.
2. Key contacts and notification procedures: Identify all primary and secondary contacts that must be made aware of the interruption to your business. It’s important to routinely verify contact information for accuracy, and train personnel in BCP activation and notification procedures.
3. Key staff roles and responsibilities: Develop position-specific checklists and procedures detailing responsibilities from business continuity implementation through recovery. Task teams should be formed, at a minimum, to cover each critical business process. Business Continuity Team structure, organization charts, and interfaces should be clearly communicated. It may be necessary to provide cross team training, in the event that primary team members are not available.
4. Off-site recovery location(s): Include address, contact information, available on-site equipment, and any necessary external equipment for effective operations.
5. Recovery action plan: Identify/develop incremental processes and procedures necessary to recover each critical business process. Response checklist timelines may include time increments such as 1st hour, 24-hours, 48 hours, one week, one month, and long-term recovery.
6. Customer data: Identify communication methods and necessary contact information in order to inform customers of disruptions of deliverables. Effective customer relations and communication may be critical in retaining clients and maintaining positive relationships during a business interruption.
7. Critical vendor and supplier contact list: Identify contact information of vendor and supplier dependencies and interdependencies. Transportation delays or events at suppliers’ locations could affect delivery times; therefore the plan should address this issue.
8. Alternate critical vendor and supplier list: Supply chain failures, like the ones we’re seeing across the world due to the coronavirus can be crippling to key business components. Through the planning process, alternate vendor and suppliers should be explored, and contact information and materials should be documented in order to reduce the impact of primary suppliers’ disruption.
9. Documentation and Insurance details: Identify details of insurance coverage and accurate contact information. The burden of proof when making claims typically lies with the policyholder. Accurate and detailed records are imperative. Documentation forms should be made available to all critical business unit leaders for timely documentation.
10. Technology requirements: Identify necessary hardware and software, and the minimum recovery time requirements for each critical business process.
11. Backup data details: Your plan should identify details of data backups and recovery methods (Recovery Time Objectives). If current backup procedures are questionable, mitigation measures should be evaluated prior to a business disrupting event.
12. Equipment requirements: Identify equipment requirements for each business unit, primary and alternate suppliers, and recovery time goals.
13. Review and revise: On an annual basis, or when a significant change occurs in organization structure, process flow or technology, or following an incident, incorporate newly identified hazards and vulnerabilities and mitigation processes into the business continuity plan. Include revisions in critical staff, facilities, IT requirements, vendors and suppliers and vital records.
While many countries are focused on ensuring consistent public health services, there is still a responsibility for businesses to mitigate the risks that the coronavirus poses to its employees, stakeholders and customers. BCPs allow businesses to plan, prepare and respond if the pandemic becomes more severe.