If you ever find yourself having to defend the notion of creating a business continuity plan, consider the case of The Worst-Case Scenario Survival Handbook. First published in 1999, it went on to sell over 10 million copies worldwide.
The secret to its success? Some readers enjoyed the authors’ deadpan advice for landing an airplane or surviving a shark attack as a kind of psychic balm to soothe their anxieties. Others simply enjoyed learning real-life strategies for escaping killer bees.
Both of the readers’ experiences are valid and both underscore the inherent benefits of creating a business continuity plan for your organization (sometimes referred to as a business contingency plan). When executed correctly, these plans can help your organization face and overcome its own worst-case-scenario.
What Is a Business Continuity Plan?
A business continuity plan is the set of protocols, procedures, and policies. It enables the organization to preserve and protect essential operations in the face of disasters, emergencies, or threats.
Here’s what you’ll find in most business continuity plan examples:
- The objectives of your organization when responding to a crisis
- Strategies for mitigating risks and allaying losses
- The roles and responsibilities of key team members
- All tasks necessary to keep business operations running smoothly
- The location of resources and key meeting spots
- Methods for backing up important data and related information technology concerns
- Contact procedures and information for team members, stakeholders, and emergency personnel
- Provisions for regular plan updates and practice
No matter what type of business you’re company is in, the fundamental components of your organization will be essentially the same. Naturally, you will want to tailor any business continuity plan template to the specific needs of your organization or industry. The name of the game is creating what amounts to a survival handbook for your business.
Why Does a Business Continuity Plan Matter?
You know those fire-engine red shadow boxes with the words “In Case of Emergency Break Glass?” Behind the glass is a switch that engages an alarm or sprinkler system, allowing savvy bystanders to save the day if a fire occurs in the building.
Essentially, your organization’s business continuity plan is the switch on the other side of that glass. It can both sound the alarm, and it can implement protocols that can save your business during a crisis.
Disruptions such as natural disasters, utility failures, terrorism, disgruntled employees, cyber-attacks, and — as we have recently witnessed — global pandemics can strike at any time. Your organization’s business resilience is dependent on the quality of your business continuity plan.
A plan that is proactive, prudent, and practiced can help your ensure your organization’s survival in three distinct ways:
- Expect the unexpected and react accordingly
- Avoid panic and be able to make responsible, rational decisions despite the disruption
- Be able to continue serving customers during and after a disaster
The bottom line is that a solid business continuity plan template is good for your organization’s health, the well-being of its stakeholders, and its operations.
The Backstory on Business Continuity Plans
One of the key concepts of business continuity planning was developed during the latter half of the 20th century. It came about through the emergence of computers and — more specifically — data storage systems.
It’s hard to imagine blue-chip companies (including top financial and insurance institutions) relying on delicate, half-inch magnetic tape spun onto clunky reels. But that’s how it worked — if it worked.
Incalculable amounts of ones and zeroes, representing vast amounts of private (though woefully unencrypted) data flew through primitive computers that looked like a cross between a Walkman and a refrigerator. Literally hundreds of miles of tape were located off-site as back-ups in case their onsite versions were physically destroyed in a disaster.
As computing evolved during the ‘80s and ‘90s, however, data storage development kept pace with the growing global economy and more effective systems evolved to meet new challenges. Not only did data need to be backed up, but it also had to be shared through networks. This brought a host of additional concerns, specifically around cybersecurity.
Throughout this evolution, companies began to consider business resilience as a guiding principle beyond the scope of their IT department. At stake was the possible erosion of their competitive advantage, and the fear that customers might turn to competitors.
Devising programs to promote business continuity best practices quickly became a key component of the business contingency plan for forward-thinking companies.
These days, of course, there are countless platforms including app and cloud-based systems that not only provide a way to preserve an organization’s data, but they also enable employees to securely share critical information. Mobile-first solutions like Beekeeper can keep the entire company connected and informed before, during, and after a crisis.
The Four Building Blocks of Your Business Continuity Plan
1. Determine Your Plan’s Objectives
To kick off your organization’s business continuity exercise, it’s important to identify its goals and benchmarks for a positive outcome.
Business continuity plan sample questions to consider might include:
- Which departments will be covered by the plan?
- How will you track the time invested in researching and generating the plan?
- What does success look like?
Think of this stage as a roadmap, but start with the destination and work backward from there. Knowing where you want your organization to “arrive” will help get you to envision how to get there successfully.
Knowing when to put your business continuity plan in motion is just as important as having one. Determine what thresholds a crisis or disaster situation must reach to determine which business continuity plan example to follow.
2. Conduct a Business Impact Analysis
A crucial element of a successful business continuity plan is understanding what’s at stake for your organization. Assess how threats and crises may impact various aspects of a company. This helps you gain clarity around what you need to protect, and why you’re protecting it in the first place.
Though no business has a crystal ball that will help it foresee every potential pitfall, it’s important to honestly reflect on your organization’s vulnerabilities and potential liabilities. This will help business leaders to come up with the most rational solutions.
The business impact analysis should also inventory your essential business operations and help identify what is mission-critical. Knowing what it will take to sustain business continuity and build business resilience will help determine what resources are necessary to maintain core business operations.
3. Choose Your Team
Your crisis management team is just as important as your business continuity plan. Consider the specific tasks and resources each of your organization’s departments will need and assign roles accordingly.
Think strategically in terms of interdependencies within your organization. Consider the order that certain tasks must be completed and who will own the process.
Typical questions to consider are:
- Communications — Who is responsible for communicating with employees, stakeholders, the media, and the general public?
- Information Technology — How will it safeguard the organization’s ability to maintain continuous operations in an emergency?
- Human Resources — How will the business protect, serve, and facilitate the work of its employees and contractors?
- Facilities — What determines if a building is safe if it is subject to a natural disaster or other physical threat? What safety precautions are already in place and what procedures are in place in the event of an evacuation?
- Finance — Having access to critical financial information and insurance records could prove vital to maintaining business continuity. This includes access to capital as well as all company accounts and credit cards — who has this access?
- Legal — Chances are any crisis that befalls an organization will bring with it some order of legal component — is your legal team empowered to make decisions that will protect the company and its stakeholders?
Be sure to assign alternate team members for each position in the event that someone is unavailable. Also, include all points of contact for these team members and be sure they are acquainted with each other and
4. Strategize for Before, During and After a Crisis
No two crises are exactly the same but they will share some commonalities, the most basic of which is a beginning, middle, and end. Fortunately, each of these phases can be targeted by having the arrows of Prevention, Response, and Recovery in your quiver.
Prevention
As comedian Groucho Marx once remarked, “An ounce of prevention is worth a pound of bandages and adhesive tape.” Anticipating disasters and putting preventative measures in place can save both dollars and heartache.
For a recent business continuity example in practice, look no further than those companies that already had systems in place for remote workers when the pandemic struck. Those that could easily pivot into having their staff work from home (and stay connected through a digital workplace) maintained business continuity despite the quarantine where those that didn’t have a platform or procedures available lost weeks of productivity as solutions were improvised.
Response
Each member of your business continuity team should not only know their own duties in an emergency but how their activities fit into the larger picture of your plan. In addition to preparing safety protocols, the team should chart if-this-then-that action flows to visualize viable contingencies that can be implemented in real-time. The more your team practices this process, the more prepared they’ll be to respond to issues as they arise.
Recovery
Once some measure of control has been exerted over a crisis event, it’s time to implement your organization’s recovery strategies. Know your milestones and prospective timeline and be realistic when considering and committing to these initiatives.
There is often an impulse to be a cheerleader or use platitudes when speaking about the recovery of one’s organization — resist it. Instead, establish clear objectives and give stakeholders reasonable estimates when activating a recovery plan, whether that’s bringing a new facility online or dispensing of certain assets to remain solvent. Establishing a recovery plan differentiates determination from desperation.
Top Business Continuity Best Practices
A worthy business continuity exercise every business should consider practicing comes courtesy of the British Standards Institution (BSI).
The book Exercising for Excellence from BSI recommends three tests to validate your business continuity plan’s effectiveness and promote organizational acceptance.
It can be broken down as follows:
Beginner Level
Gather a small group of team members and rigorously attempt to “poke a hole” in each aspect of the plan. Start simply by asking the question “Why?” at key junctures and pivot points in the plan to ensure the reasoning is sound and not based on intrinsic biases like “that’s what we always do.”
Your organization doesn’t always “do” emergencies either so it’s likely that a plan that adheres to conventional operational assumptions will fail.
Intermediate Level
Invoke the element of surprise. Invite teams from multiple departments to evaluate various aspects of your business continuity disaster recovery plan. Then enact the procedures while new variables are introduced.
For example, if a team member is tasked with releasing information to stakeholders via email, “surprise” them with news that the email servers are down. How do they proceed? The improvisation required in this kind of situation could lead to a viable solution that can be added to your plan.
Expert Level
To really test your team’s readiness to kick your business continuity plan into high gear, consider going for “maximum realism.” This means activating the exercise without notice. At some random-seeming time, announce the exercise like a pop quiz. Then evaluate how your response team handles it.
Naturally, it would be inappropriate to pretend an actual emergency is occurring; however, a short-notice test of the plan should help you assess where the pain points. This allows you to uncover where the plan can be improved. No business continuity disaster recovery plan is complete without rehearsal. It leads to better all-around preparedness, readies the team for their roles, and forms the bonds necessary to help everyone perform their best.