Business Continuity: How to Plan for the Worst
If the last year has taught us anything, “hope for the best and plan for the worst” should be the new mantra of business owners and IT professionals. No one could have predicted the global pandemic that wreaked havoc on industries and businesses around the world; yet, those companies with a business continuity plan were far better off than those without one.
A business continuity plan is similar to an insurance policy: you hope you won’t need to use it, but in the event of a disaster, this plan can be extremely helpful. Business continuity plans are slightly different from a disaster recovery plan. Here’s what goes into a business continuity plan and tips for how to get started.
What is a business continuity plan?
A business continuity plan determines how a business will continue to operate after an unplanned disruption or crisis. The BCP is comprehensive and looks at everything from supplies and equipment to data backup and even key personnel — including emergency contact information for first responders. A plan will include detailed strategies for both short-term events (like a power outage) and long-term service disruptions (for instance, a flood or fire).
You may be wondering, what’s the difference between a business continuity plan vs a disaster recovery plan? A disaster recovery plan focuses specifically on recovering the IT operations and infrastructure following a crisis. A disaster recovery plan is just a piece of the larger business continuity landscape — your BCP should include a disaster recovery plan in addition to the other elements of continuity planning.
A business continuity plan needs to answer three main questions in the event of a disaster or service interruption:
- How will employees communicate?
- Where will employees work from safely?
- How will employees continue to do their jobs?
Business continuity planning will look different for every company. For some, the focus will be on the issue of supply chain logistics; for others, data recovery and information technology will be more critical.
“Business, security and IT leaders should work together to determine what kind of plan is necessary and which systems and business units are most crucial to the company,” wrote CSO Online. “Together, they should decide which people are responsible for declaring a disruptive event and mitigating its effects.”
Here’s one outline of what your business continuity plan might look like.
Business continuity plan template
A business continuity plan will lead your team through the process of imagining a disaster scenario and how you will respond. It will identify a budget that you can draw from in the event of an emergency, set up a chain of communications, and help you identify the backup tools and systems you need to ensure continuity of service. This template can be customized depending on your organization’s priorities.
[Section 1] Plan Administration: emergency contacts, plan objectives, budget, timeline, and communication plan in the event of a crisis
[Section 2] Key Stakeholders: members of the business continuity team with their roles and contact information — for when there is no immediate emergency
[Section 3] Business Impact Analysis: steps to analyze the main operations of the business: when one function goes down, how does it affect other operations? Include an incident report form/checklist.
[Section 4] Strategic Response: include proactive strategies to prevent disasters, along with immediate and long-term strategies to recover from a crisis
[Section 5] Training and Resources: detail what training employees need to prepare for business continuity, as well as the resources (e.g., data loss prevention software, offsite storage) to prevent a total business shutdown.
[Section 6] Testing: how often will you test this plan for efficacy?
You may also want to include a plan for how you will reflect on the success or failure of your business continuity strategy once you’re out of crisis mode. And, it’s especially important to stress-test your continuity plan to make sure it has everything you need.
Business continuity planning steps
Business continuity planning should be an iterative process: and while the template above is quite detailed, the most important thing is to keep your plan up-to-date.
“One common business continuity planning tool is a checklist that includes supplies and equipment, the location of data backups and backup sites, where the plan is available and who should have it, and contact information for emergency responders, key personnel and backup site providers,” said IBM.
Once you have gathered this information, follow these business continuity planning steps.
- Assign a business continuity team: Select a program coordinator, IT officer, and executive leader who are responsible for implementing the business continuity plan.
- Identify the end goal: A BCP can serve different purposes, whether it’s restoring your company’s reputation, responding to customer’s needs, or protecting valuable information. Figure out what the first priority is and allocate resources accordingly.
- Interview members of your organization: Managers from key business areas can tell you which tools and resources their teams must have to perform their functions. Identify where there are dependencies between different teams and functions — for instance, how might downtime for the accounting team impact your organization’s marketing campaigns?
- Perform a threat analysis: Understand what the risks are and how serious they might be. Determine what security systems are in place to deter some of these threats and where there may be vulnerabilities.
- Start your Business Impact Analysis to see how different threat scenarios might play out, and write your plan accordingly.
Protecting your sensitive data is even more important in times of crisis. Part of your business continuity planning should involve integrating data protection tools into your workflow — so no matter what happens, your valuable information is safe. Tools like Nightfall can help protect your company from data loss at all times. By integrating with popular remote work platforms like Slack, GitHub and Google Workspace, Nightfall can identify, classify, and protect the data you need to keep secure — such as addresses, names, passwords, and credit card numbers. Many organizations use Nightfall as the first, automated response to data leakage events, preventing the need for disaster recovery altogether.
Learn more about Nightfall’s approach to cloud security by scheduling a demo at the link below.