Before completely rewriting your Business Continuity Plan, it helps to understand the fundamentals of business continuity. I put together the following FAQ to give you a better understanding of the underlying information and provide a little more context, and hopefully answer some of your lingering questions.
Business Continuity FAQ
What is a Business Continuity Plan?
A “Business Continuity Plan” (BCP) is a documented plan that outlines the potential impact of a crisis and sets in place policies designed to help the organization recover. While disaster almost never gives us enough forewarning, a Business Continuity Plan is best created before a crisis and should always include the company’s key stakeholders. The primary goal of a BCP is to shield workers and assets for the duration of an emergency.
This involves: assessing the likelihood of a particular crisis occurring – and its possible frequency determining its possible impact on your operations This kind of analysis should help you to identify which business functions are essential to day-to-day business operations.
Minimize the potential impact of crises Once you’ve identified the key risks your business faces, you need to take steps to protect your business functions against them.
What constitutes an “emergency” regarding a Business Continuity Plan?
An emergency is any scenario where a business can no longer operate as usual. This may include a natural disaster like a fire, flood, or tornado, but may also include events like a power outage, bomb threat, compliance breach, active shooter, cyberattack, employee injury, or an interruption within the chain of command or supply chain. Every business needs to review their ability to respond to threats proactively and prepare a BCP to ensure minimal disruption, and remain competitive following a threat.
What is Crisis Management vs. Business Continuity?
During a crisis, your organization is expected to execute the crisis management plan and during a disaster, the business continuity plan. The decision making process for the management of the crisis or catastrophe is shouldered by the senior management team. The execution of the necessary crisis response and should there be a denial of access to the “people, techniques and infrastructure,” the recovery activities in accordance with recovery strategies and business continuity plans will be executed.
What is perplexing is the overlapping of activities for the crisis response and continuity of operations. It is good to begin any dialogue from the definition of a crisis and disaster. The question to ask when the incident occur, “Is this a crisis or a disaster?” For the readers, this is the start of an extended dialogue as the whole concept on the differences can’t be concluded here.
What should a Business Continuity Plan include?
Business Continuity Plans are complicated and vary from company to company. You must tailor your efforts to best fit your organization’s specific requirements. When creating your plan it is always advisable to seek outside counsel, and input from various subject matter experts outside the organization. At Chesley Brown, we help guide clients through this process to ensure they make the best decisions based on objective information. Here are some of the most common things companies look for when building their BCP:
A Business Continuity Plan generally includes:
- Protocols for coordinating with local emergency personnel
- Detailed instructions of where to go during an emergency
- Goals and objectives
- Information on data backups and site backups
- Key roles and responsibilities
- List of tasks required to keep operations moving
- Detailed list of your most critical assets
- Plan maintenance protocols
- Policy, purpose, and scope of plans
- Risk mitigation plans
Why do Business Continuity Plans matter?
Business Continuity Plans are an essential part of any business. Threats, disruptions, and failures will cause a loss in revenue and higher prices so as to eventually have an effect on growth. Businesses can not rely on insurance alone, as insurance frequently only covers a fraction of the cost associated with a disaster, not to mention reputational damage. It’s essential to plan thoroughly to shield yourself from the impact of potential crises – from fire, flood or theft to IT system failure, restricted access to premises or illness of key staff.
During a crisis, your organization is expected to execute the crisis management plan and during a disaster, the business continuity plan. If, however, you’ve got a large quantity of consumers/personnel and a public facing set of services A Crisis Management Plan (CMP) is a fundamental part of your BCP.
What’s the difference between Emergency Preparedness and Business Continuity
It’s especially important for organizations to understand the difference between emergency preparedness and business continuity in order to ensure that they are correctly accounting for each. Related terms include phrases Emergency Preparedness and Business Continuity, Emergency preparedness, business continuity, crisis response, and emergency management. With so many similar terms flying around it is no wonder many people continue to confuse these and other related terms — often discussed as if they are synonyms that all refer to the process of responding to and mitigating a crisis event. However, while overlapping in some key activities, each is an individual competency.
Businesses that have both emergency preparedness and business continuity departments are already a step ahead, since these are distinct functions that can both make or break the success of a company. Be sure to give additional consideration to a Disaster Recovery Plan which deals with the recovery procedures to be put in place when a disaster strikes. A Disaster Recovery Plan documents the procedures, policies and actions that limit the disruption and the steps that need to be taken for recovery.
COVID-19: How a business continuity expert helps in a crisis
What would happen to your most vital infrastructure and information systems if a disaster were to hit this very second? Are you fully prepared? The novel coronavirus outbreak has revealed in stark detail how unprepared many organizations are to handle a crisis. Luckily, our experts are here to help. By applying over thirty years managing risk for organization of all sizes in both the public and private sectors; our team has the global expertise and resources needed to safeguard your business’s key operations regardless of complexity, geography, and budget.
Many business owners struggle to fully grasp the myriad risks they face. That’s why we’ve built a framework that teaches businesses how to anticipate and navigate risk before it becomes a crisis. Be sure to download your FREE copy of “The 7 Step Guide for Building Business Continuity Plans that Actually Work” for our complete list of strategies for preparing for and navigating a crisis effectively.
Contact us today to discuss how Chesley Brown can help your organization anticipate and navigate risk before it becomes a crisis.
For industry-leading tips and analysis sign up for our blog below.
The security services industry is one of the fastest growing industries in America today. With so many new entrants, technology developments, and emerging threats, it can be exceedingly difficult to keep up with the myriad…Read More
For decades, the US has been a victim of economic espionage — a foe that is now costing American companies billions of dollars in lost revenue. From hacking government websites to infiltrating research institutions with…Read More
By: Dell Spry There are numerous similar, seemingly inconsequential, soft targets scattered across our country unprotected by a single surveillance camera or even a strand of barbed wire. Is this issue getting the attention it…Read More
What is the SolarWinds Supply Chain Attack? SolarWinds, the Austin-based cybersecurity firm, found itself in the middle of a catastrophe due to internal security lapses. The firm recently earned headlines for making it to the…Read More