Building a Robust Business Continuity Plan
They say time is money. If that’s true, then every second you save is more money in your pocket. For business owners and managers, an emergency or unpleasant surprise puts you on the clock. That’s why business continuity is so important—a quick, smooth recovery from an unexpected disruption means you can get back to business (and back to earning money).
What Is Business Continuity?
An “unexpected disruption” can take many forms: power outage, natural disaster, terrorist attack, infrastructure failure, cyberattack, human error, theft, sabotage, and so on. Continuity refers to your ability to stay operational throughout the issue or very soon after it. Long disruptions can cost you money, reputation, and customers. The faster you bounce back, the better.
Let’s look at two scenarios after a disruption to your business:
- Your team is in full-blown panic mode as you try to piece together exactly what happened and hurriedly sketch out a solution in order to get back to work as fast as possible.
- You’ve previously identified potential risks and likely scenarios and have a detailed plan in place to deal with them. Your employees execute the plan smoothly and carry on with their day.
So which do you prefer? If you chose option #2, then you’ve confirmed the importance of a business continuity plan (BCP).
In its simplest terms, a BCP is a prevention and recovery system designed to keep your business functional during an unplanned disturbance, in addition to protecting your assets—inventory, confidential data, financial records, etc.—and personnel. Without one, you’re trying to play uphill at the worst possible moment.
It’s similar to a disaster recovery plan, but more comprehensive in scope. Disaster recovery concerns itself mainly with tech and IT infrastructure. A BCP encompasses the entire business, including staff and customers.
Why Business Continuity Matters
Here’s a real-life example that proves the importance of BCPs.
In July 2022, Rogers Communication Inc.—one of the largest telecommunication providers in Canada—suffered a massive service disruption caused by the accidental deletion of an important routing filter during a system-wide update.
The impact was felt across the country: 25% of Canadians lost internet connectivity and 9-1-1 emergency services suffered. Many card payment systems failed. Traffic lights in Toronto went offline. Government offices were unable to provide services. The Weeknd had to cancel a concert performance. And much more.
It took days before everything was restored, costing the economy an estimated $142 million. Rogers itself hundreds of millions of dollars in customer refunds, lost clients, tarnished reputation, and lawsuits.
It was clear from the onset that there was no business continuity plan in place. A BCP allows you to minimize downtime, mitigate financial loss, maintain your reputation, protect customer trust, enhance your organizational resilience, meet regulatory requirements, and safeguard your employees and investors. In this scenario, Rogers dropped the ball and suffered for it.
Don’t be like Rogers. Have a plan, test the plan, and tweak the plan.
Building Your Business Continuity Plan
A BCP is a multi-faceted document. It should have contact details for major stakeholders, checklists, step-by-step procedures, diagrams, flowcharts, and a glossary of terms, along with a predetermined review schedule. And it should be available to everyone in your organization, ideally in both hard copy and digital formats.
The Steps of Creating a BCP
The BCP creation process looks something like this:
- Gathering and analyzing information, including a business impact analysis (BIA) and risk assessment
- Developing a plan
- Implementing the plan
- Testing the procedures
- Reviewing, maintaining, and updating the plan
Start simple and ask some basic questions. What would happen if a major snowstorm hit the area (or tornado, hurricane, fire, earthquake, flood, etc.)? How would a blackout affect your business? What if hackers locked your computer system with a ransomware attack?
It’s a good starting point, but to create a comprehensive and robust BCP, you must consider a broad spectrum of risks.
Major Areas of Concern
Hubspot lists eight types of business continuity that must be addressed. These include:
These are the key areas to analyze. Each contains a multitude of potential risks and disruptions that you must anticipate and plan for.
Assessment and Planning
Within those key areas, follow these steps to create a comprehensive business continuity plan:
- Risk assessment and identification. What possible risks exist for each? Consider categorization, analysis, assessment, mitigation, and documentation for each identified risk.
- Business impact analysis. If the identified risks occurred, how would they actually impact those areas? What would be the financial, legal, operational, regulatory, and customer-related consequences? Are there any dependencies or interdependencies across different systems and resources? What would explicitly happen if, for example, you were locked out of your computer system by hackers demanding payment?
- Emergency response procedures. What specific action would you take to mitigate each threat? Write them down, step-by-step, to eliminate any need for further explanation or confusion. This might include evacuation or shelter-in-place procedures, incident assessment and documentation, asset protection, and emergency contacts.
- Communication strategies. How would you stay connected to your employees, customers, suppliers, and other stakeholders in the event of each risk? What platforms would you use? How will you ensure clear, concise, and consistent messaging? What will be the timing and frequency of messages and updates during a disruption event? And who needs to know?
- Recovery and backup plans. How will you safeguard and restore critical systems, data, and operations? This should include data backup processes, backup frequency, data and system recovery procedures, and testing and validation schedules.
A proper business continuity plan takes time and money to create and maintain. But it’s an investment in your business, staff, and customers. It’s much better to have one and never need it than vice versa.
There are countless articles, blog posts, and templates available online that can help you develop the plan itself.
Additionally, the Department of Homeland Security offers a Business Continuity Planning Suite to assist at every step of the way. Please note that it is only available for Windows, not Mac.
Business Continuity Plans in Action
The Rogers fiasco mentioned above is an example of the tremendous cost—financial, reputation, and otherwise—of getting caught unprepared. But there are plenty of examples that show companies surviving relatively unscathed because they already had a BCP in place.
Marriott International discovered a major cybersecurity breach in 2018, but they were able to respond quickly and with limited damage because of their comprehensive BCP. Consumer trust remained high. In fact, it likely increased as a result.
During Hurricane Sandy in 2012, IBM activated its emergency response plan and swiftly relocated employees and resources to alternative sites out of harm’s way. This allowed them to stay operational during the recovery and cleanup.
The London Stock Exchange suffered a massive power outage in 2019 that could have disrupted trading and the market itself. Instead, their BCP allowed them to seamlessly switch to backup systems and keep trading and the market operational and stable.
And finally, Starbucks had one of the best responses to the COVID-19 pandemic because of its extensive continuity plan. Unlike other businesses trying to figure it out on the fly, they had step-by-step procedures outlined for just such an event, which they quickly implemented in order to stay open.
A continuity plan is an extensive document. It’s no easy feat, but definitely worth the investment.
To make the creation process a little easier, it’s a worthwhile exercise to consider the possible obstacles and stumbling blocks before starting. These might include factors like:
- Limited resources and budget
- Lack of managerial support
- The complexity of your organizational structure
- Subpar risk assessment
- Lack of understanding
- Resistance to change
- External dependencies
Which might you encounter as you begin to develop your business continuity plan, and how could you reduce or eliminate them? Anticipate and mitigate in order to set yourself up for success.
Business Continuity with Deep Sentinel
Safety and security are two of the eight types of continuity, and Deep Sentinel is leading the charge in those areas.
Deep Sentinel keeps your premises—and employees—safe and secure with next-generation business security cameras, AI, and active professional monitoring. LiveSentinel guards engage with suspects via 2-way audio—which is often enough to stop them before committing a crime—and notify the police of a verified crime in progress if necessary. That verification is the difference between immediate police action and being deemed a low priority—if the police have the resources to respond at all.
For the sake of business continuity, prevention is always better than reaction. Deep Sentinel offers both. Proactive live guard intervention stops all but the most brazen criminals in their tracks. And in the event of a crime, your business gets a fast and reliable response.
Battery-operated wireless business security cameras ensure that your protection continues even if you lose power. Combine these with a solar charging kit, and you’ll be good to go even if the outage lasts longer than expected. Or choose a PoE camera system for reliable day-to-day data and power stability, particularly for large properties.
When it comes to business and security, consistency is key. Deep Sentinel will continue to be there when you need it the most, providing safety and security in a tumultuous world. That’s one less thing to worry about.