In our many years of experience as IT Support Vermont consultants, we have hardly come across businesses who did not have a business continuity plan (commonly misunderstood as data backup or disaster recovery) in place. And yet, when real disaster struck, whether manmade or natural, surprisingly few of those businesses survived unscathed and jumped right back in. So, what’s happening here? If businesses are aware of the importance of preparedness for business continuity, why is there such a low yield in terms of results?
The real reason behind this is manifold. It ranges from psychological preparedness of the entire organisation to the realities of an actual disaster event to the level of preparedness. But mostly, the fault lies with the inability of many businesses to fully comprehend the meaning of business continuity and unsurprisingly, leads to the lack of preparedness.
What is business continuity?
“But it ain’t how hard you hit; it’s about how hard you can get hit, and keep moving forward.”
Just like the true measure of human strength lies in our resilience, business continuity (BC) refers to the ability of a business to jump back and resume normal functioning from major disruptions. This should be the case irrespective of the cause – natural disasters like fires or floods or man-made issues like physical sabotage or attacks by cybercriminals. An effective business continuity plan should include detailed guidelines and resources on how the organization should resume normal functions when a disaster strikes. This will cover everything from business processes, assets, roles and responsibilities of human resources and business partners, location of physical and digital backups of critical data and more.
Much more than data backup or disaster recovery
Most businesses tend to think that if they are meticulous with their data backups and secure storage – they should be safe in case of a disaster. While secure data backups are a critical component of business continuity, they only form a small part of the plan. Even a well-planned Disaster Recovery (DR) plan only focuses on restoring IT infrastructure and operations. A Business Continuity plan is much broader in scope and involves planning for the entire organization to resume normal functioning and become as profitable as usual.
Now that we understand what a business continuity plan is, let’s look at the 10 steps to build a successful business continuity plan.
Step 1: Understand that the scope of a Business Continuity Plan covers operational risks, not just IT or data backup.
The aim of the Business Continuity Plan (BCP) is to restore your entire business operations to its normal output as securely and quickly as possible following a disaster. This includes restoring infrastructure and technology operations, but also covers all other functions in your business. The best plans will always focus on worst-case scenarios; include requisite cross training for employees and more.
Step 2: Disaster Recovery Plan is a part of a Business Continuity Plan
Resuming normal business functions, of course, includes putting your technological house in order. But DR cannot function on its own without the rest of basic organization and functions remaining available. For instance, if your call center gets flooded, should there be a backup centers or would you train in-house resources to handle that responsibility in the interim?
Step 3: Define key business activities
As was seen during the pandemic transition, companies that were prepared with clear key business activities, processes, and systems were able to put their houses in order much faster even with global remote.
Step 4: Categorize disasters and prepare for the unexpected
While it’s easy to identify and categorize potential threats (natural, technological and more), disasters have a nasty habit of throwing up unexpected impact (surprise!). While you should definitely plan for the specific course of action in each category, you should also implement good ‘rule of thumb’ procedures that can keep you covered from unexpected impact. For instance, a lot of public and private institutions prohibit the top two high-ranking officials on the same plane.
Step 5: Define the potential cost of the disaster
Define the cost of the disaster through calculating the loss of productivity, revenue loss, opportunity loss and losses due to customer dissatisfaction. Multiply by the time period you estimate will take for you to resume normal operations.
Step 6: Define a range of plausible recovery periods
The range of your recovery period will really be determined by the scope of losses you incur during the unproductive period. The preparedness of a company losing tens of thousands of dollars per hour is going to be markedly different from one losing hundreds or thousands at most. The ideal recovery time for the former should be in minutes (and cost much more to implement) than the latter who might be better off negotiating the cost of recovery with recovery times a bit more.
Step 7: Define the budget allotment of the disaster
Most organizations fail to deploy an effective BCP in time simply because they never really got around to allocating a budget for something that might never happen. Then the disaster strikes and before you know it, you could end up paying a lot more to resume operations than if you had taken the time and budget allotment beforehand.
Step 8: Consider external vendors for disaster management
Disasters are unpredictable and there could be delays involved despite the best-laid plans. Consider safeguarding your production output by contacting vendors who could potentially carry out the requisite services in the interim period.
Step 9: Data protection is key
Yes, your data is key to your business recovery. It should always remain secure, accessible, recoverable, and easily discoverable. Consider distributing key data across your offices, so it remains accessible even if your key servers become unavailable.
Step 10: Make it as real as possible for your employees
Every BCP should include a key component for employee training. Ideally, you should set up a clear communication plan, identify key members for the continuity of each business function (and teams) and allocate roles and responsibilities to them. Your training drills should not be limited to just planning and simulation exercises are crucial in making disaster scenarios believable for employees.
Ready to develop your comprehensive business continuity plan?
Get in touch with TGVT business continuity experts today for assistance on developing a detailed and immediately actionable plan to protect your business. As the most premier institution in providing Managed IT Services Vermont, TGVT’s methodology and process is meticulous.
We provide you with a detailed framework of requirements, efforts and deliverables – each of which then lead up to the next phase of a continuous improvement cycle of business continuity.