In business, every threat can result in the same consequence: the loss or temporary cessation of key business processes. In order to minimize impacts when a threat materializes, business continuity plans (BCPs) must be intuitive, yet dynamic, to account for each critical business process. Effective business continuity planning institutes a clear path to sustainability and operational recovery.
The following core business continuity elements should be included in a BCP. Each element must be cyclically assessed for accuracy, potential mitigation opportunities, and lesson-learned insights in order for established processes and communication to be effectively maximized.
1. Plan distribution list and contacts: Business continuity planners must be certain that the current employees listed in the plan, as well as those on the plan distribution list is verified for accuracy. If maintaining accurate contact information is challenging, consider opting for notification verification system with email or text message capability that enables the contact to verify personal information and automatically update associated response plans.
2. Communication: By aligning mass notification methods with typical daily communication habits (cell phone, emails, texting), planners can ensure key contacts are made aware of any business interruption and BCP activation. Clear and effective communication channels must remain available in order to disseminate information to employees, assess and relay damage, and coordinate recovery strategies. Provide employees training in primary and established secondary communication methods in case of disruption of primary communications.
3. Key Staff Roles and Responsibilities: From business continuity implementation through recovery, job specific checklists and assigned procedures should be incorporated in a BCP. Task teams should be formed, at a minimum, to cover each essential business process. Each site may require unique minimum staffing levels to remain operational.
In the event that primary team members are not available, cross team training should be conducted to provide backups. Planners should make appropriate plan changes as operations and staff evolve.
4. Off-site Recovery Location: Include address, contact information, available on-site equipment, and any external equipment necessary for effective continuity of operations.
5. Recovery Time Objectives: Incremental processes and procedures should be identified to meet specific critical business process goals. Recovery goals may include increments of one hour, 24-hours, 48 hours, one week, one month, and long-term recovery.
6. Key Customers’ Data: Identify effective customer communication methods and necessary contact information required to inform customers of disruptions of deliverables or services. Effective customer relations and communication may be critical in retaining clients and maintaining positive relationships during a business interruption.
7. Key Supplier Contact List: Identify critical business unit dependencies and interdependencies and key contacts. Transportation delays could affect delivery times. Plan and mitigate accordingly.
8. Alternate Suppliers List: The consequences of a supply chain failure on associated key business components can be crippling. Alternate suppliers should be included in the BCP to ensure consistent delivery and continued operations in the event primary suppliers are affected by similar business continuity circumstances. As a company’s needs change and new suppliers come online, plans should be updated to include these critical suppliers.
9. Insurance Details: Identify details of insurance coverage and accurate contact information. The burden of proof when making claims typically lies with the policyholder. Accurate and detailed records are imperative.
10. Data Backup Details: Identify the procedural details of computer backups, data restoration methods, and the minimum program needs to re-establish critical business processes.
11. Technology Requirements: Identify necessary hardware and software, and the associated minimum recovery time requirements for each business unit. Companies should examine current data center outsourcing to ensure continuity and accessibility or research continually advancing alternatives.
12. Equipment Requirements: Detail applicable equipment requirements for each business unit and recovery time goals. To prevent unnecessary downtime and additional recovery efforts, identify and procure necessary equipment and establish processes for continued operations and recovery.
13. Review Log: Incorporate newly identified hazards and vulnerabilities into the business continuity plan. A log can include necessary equipment used (requiring replacement or replenishment), altered processes, and lessons learned.
A web-based platform can speed up the cycle of business continuity events. By transitioning from paper-based business continuity plans to a web-based approach, companies have the ability to maximize data and streamline information. A web-based plan enables a standardized, enterprise-wide business continuity template, yet allows for site-specific details for each particular site.