Hurricane season is here, and for sure you have prepared yourself at home in case of disaster. But have you also prepared your business continuity plan? Here is a short guide with some tips to get ready!
It is my first quarter living in the US and already have to deal with a hurricane preparedness plan for Harvey! In Argentina, where I used to live, my car was nearly flooded several times and I got caught by a terrifying hail in the middle of the highway, so I truly believe the US plan for preparedness is great. Everybody is aware of the situation, constant communication is key, and schools /offices close earlier to avoid people going out.
Nevertheless, of course nobody told me what to do about my business. Maybe you have a store full of products, or an office full of official documentation that you cannot afford to lose. You may even have a home based business, but still you have a computer with information, or deliveries to get done. What’s more, you need to have it for ISO 9001 reasons. The 2015 version requires that you have a risk management assessment and an action plan. This could be part of it. Are you ready to protect your business from a disaster?
Planning stage
There are actually four stages for emergency management: Preparedness, response, recovery and mitigation. You should be able to document action plans for each of them.
Business Continuity plan and Disaster Recovery Planning are tools to allow you to consider the issues and steps needed to prepare for a disaster or emergency so that you can manage the crisis and take appropriate steps to ensure the organization’s continued viability.
The most common scenarios you need to prepare are:
- Loss of people. Depending on the type of business you have, You may also have to be prepared to handle changes in operations, organizations and critical individuals, in case some people cannot work (disease disaster like pandemic flu), are not able to get to the workplace (hurricane or flood) or cannot work remotely (no electricity or access to other facilities).
- Loss of facilities. You need to think not only about losing the building, but also hard copies, tools or machinery inside it.
- Loss of IT. You need to list the owners of critical information, software and hardware should have documented and periodically tested plans to provide for the continuation of business in the event of a prolonged service or facility interruption
- Loss of internal or external supplies. Just as we all do at home, prepare for having no access to more food, water, papers, or whatever supply you may need to work.
BUSINESS CONTINUITY PLAN (BCP)
A BCP addresses how critical business processes will be performed when a business site, employee, computing service, application, data or other critical resources are unavailable due to a major disruption to normal operations. One way to describe critical resources is as a hierarchy of requirements for the business process. At the lowest level are the basic or most critical requirements (e.g., telephone service or SAP) and at the top are the less-used services and applications that help the process function but are not essential to its survival (e.g. stewardship applications). A BCP is invoked after a business process is interrupted and decisions are made as to how to respond to the situation. A BCP typically includes but is not limited to the following:
- A definition of the assumptions and scenarios used.
- A list of the critical services the organization will continue to provide during the crisis
- A plan and detailed alternative actions and procedures required to continue operating these critical services
- Roles and responsibilities for staff during the disruption and transition back to normal production. It is recommended that part of the staff is trained on specific actions to take during emergency that are able to coordinate the different teams. You don’t want to assign people to new tasks in the middle of the disaster! You may even want to assign them laptop computers of company paid phones.
- List of critical applications and IT required.
- A list of documents, supplies, reference books and other critical business items stored offsite that must be retrieved following a disaster.
DISASTER RECOVERY PLAN (DRP)
A DRP intends to identifies detailed steps that are executed for recovery (e.g., of applications, hardware, operating systems, etc) in the event of disaster conditions.
A DRP is invoked the disaster has been declared (like loss of system or reduced staff) and commence disaster recovery.
A DRP typically includes but is not limited to the following:
- Documentation of cost analysis and contract negotiations with providers of alternate facilities.
- Identification of alternate facility providers and contact information.
- Location of backup sites if needed
- Identification and configuration of backup hardware components.
- Location of backup copies of software.
- Frequency and location of data backups.
- Alternate site contact maintenance.
- Staff roles and responsibilities.
- Detailed workforce scheduling.
- Contact information.
- Recovery timelines for critical services.
- Detailed steps for recovering critical systems and services (hardware and software).
- Procedures for switching back to normal functional mode at a new or restored site.
Mitigation
After testing the plans or actually implementing them, try to be hard on you and your team and think of anything that went wrong and how it could be improved. Once we did a survey to the people who had had to work from home, to identify key drivers for improvement. Prepare your Pareto (prioritization tool) and get ready for the next event!
Key recommendations
- The BCP and DRP must be planned well in advance, so that they can be tested and maintained periodically,
- BCPs must achieve a balance between cost of the impaired service and the cost of various continuity solutions.
- The BCP and DRP of each location must be approved by top management. You can create a standard and then add additional chapters for each particular location or operation.
- Communicate, communicate and communicate with your team. Communicate before by telling them to work on a BCP and test it. Communicate during the emergency to make sure everybody is on the same page and that you are ready to help them. And finally communicate when things are going back to normal, or when the alarms need to be switched off because the event is not critical any more.
I hope you all be safe, and please write your comments or questions below!
Luciana Paulise
Founder & CEO Biztorming Training and Consulting LLC
0 Comments