Risk is a natural and expected aspect of any organisation. In an ever-changing world, the number of risks a business or educational establishment faces is only on the increase. While risk should be avoided where possible, sometimes a situation is just too much to be contained and results in a disaster. Would your organisation be able to withstand system downtime, knowledge loss, client dissatisfaction, reputation damage, revenue loss and more?
A disaster could happen at any time and come in many forms:
- Cyber Attack
- National Terrorism
- Power Loss
- Connectivity Loss
- Supply Chain Failure
- Natural Disaster
- Key Employee Loss
- Accidental Damage
- Violent Attack (on property, equipment or personnel)
Could you keep going under any, some or all of these circumstances?
What is Business Continuity?
Business continuity is the ability of an organisation to deal with unexpected disruptions so they’re able to continue to function without any significant losses. Some disaster scenarios make this seem like an impossible task, but the better you plan, the easier you’ll be able to rebound and recover.
Your business continuity planning should assume nothing. Look at each scenario from every angle, taking into account possible anomalies, worst-case situations and combined events. While you can never know how any disaster will play out, a fluid and adaptable plan is a worthwhile foundation.
The Importance of Business Continuity Planning
It’s a commonly believed statistic that around 40% of small businesses won’t ever recover from a disaster, and a significant, but smaller percentage fail within 2-3 years of one. While various sources citing these figures are a few years old now, we’ll assume the general sentiment to be true. Furthermore, depending on whose research you trust, anywhere from 25-75% of small businesses don’t even have a business continuity plan.
When putting these two assumed statistics together, we would conclude that smaller businesses and entities are more likely to fail because they are less prepared. The short response here is, ‘be prepared’. Whether you ultimately succeed or fail in the years following a disaster, is it really worth thinking about how much worse it could have been had you not made a plan?
Business Continuity vs Disaster Recovery
It’s easy to use these as interchangeable terms but important to note this is incorrect. A disaster recovery plan is short term and focussed on the steps to take to pick up the pieces following a disaster. It’s generally aimed at IT and operational activities. A business continuity plan involves returning the business to the fully functional state it was in pre-crisis, likely with pre-planned alternative solutions. Its purpose is to protect the core operations, internal and external stakeholders, while avoiding any negative outcomes.
Devising an Effective Business Continuity Plan
Start by assessing your business processes. Which departments are the most vulnerable? Where would the greatest losses come from if operations were to cease for a few hours, a day, a week, or longer? Once you can identify the impacts that could come from a disaster, you can develop a plan.
Here are six recommended steps to creating your Business Continuity plan:
- Identify what the plan is to cover
- List the key business areas
- List all critical functions
- Identify areas where departments or functions are dependent on one another
- Decide how much downtime is acceptable for each function
- Formulate a plan to maintain operations
Alongside the plan, checklists of supplies, equipment, suppliers, employees, site locations, backup locations and emergency contact information should be easily accessible and in a known location(s).
Cover as many scenarios as you can imagine, as well as combinations. Make sure employees in different departments and at different levels are aware of the plan, how to access it and what authority they have in relation to it.
Once you’ve created your plan it’s important to regularly review it as aspects could easily become outdated – employees could leave, sites shut down, technology change, etc.
Test your Business Continuity Plan
You don’t want to wait for a real disaster to know your plan is sound. Testing your plan against some challenging scenarios is the best way of seeing if it’s robust enough for the job.
Testing is a great way to incorporate staff training. Getting the team involved is the best way of ensuring everyone relevant is aware of their role.
You could test via three methods: table-top exercise, structured walk-through, disaster simulation. The first is as simple as it sounds, reviewing the plan in grand detail from every departmental aspect. The second involves each team member working through a mock disaster to identify any weaknesses. This could involve role playing and cross-departmental activity. The third is running an actual disaster simulation, involving all equipment and personnel needed to realistically assess if business functions can actually continue by following the plan.
It’s good practice to involve different employees on the test team each time, as having fresh eyes can detect gaps in the plan. It’s also advisable to hold an emergency evacuation drill every so often – even once a year – to ensure all staff members are safely able to leave their place of work in a timely manner.
IT and Business Continuity
Technology is integrated heavily into almost every aspect of business and education. Some companies are conducted wholly through technology. Some teachers would struggle to conduct a lesson without access to their daily tech toolkit.
Many typical disasters are localised: a flood, damaged transport infrastructure for employees, a neighbourhood power outage. If all your IT infrastructure is in one location and disaster strikes, your business won’t be able to pick itself up and keep on going. You will have to face downtime, while your customers lose their loyalty and get picked up by your competitors.
It’s therefore expected that IT operations are a huge part of your continuity planning. Building in redundancies, either on your own or with a trusted Managed Services Provider should be top of your to do list. As well as accounting for physical redundancies with remote working capabilities, cloud backup, failover connections, and more, time should be given to planning for cyber-attacks.
M-Tech can work with you to develop the IT aspects of your business continuity solution. We can offer fully managed options you can rely on in an emergency, including cloud and hosted services (servers, desktops, telephony). Contact us today to find out how we can help your business survive a disaster.