Covid-19 disrupted life all around the world, affecting each and every one of us. It shook every sector most notably healthcare, gastronomy, education, manufacturing and retail. Supply chains were severely affected with 94% of Fortune 1000 companies seeing supply chain disruptions and 55% of companies plan to downgrade their growth outlooks according to Fortune.
Being prepared for such an unexpected disaster isn’t always first on the agenda as 75% of small businesses do not have a Business Continuity Plan in place. A disruption to the working day can cost a company thousands to millions depending on its size and in many never recover from such disruptions. Covid-19 has opened the eyes of many business owners on the necessity of a business continuity plan as the majority who did not have one in place and relied heavily on insurance were confronted with the disappointing fact that most insurance companies would not cover them.
A business continuity plan is a strategy that provides a range of systems of prevention and recovery from different risks ranging from natural disasters, fire, floods, global pandemics and cyber-attacks. The main objective of a BCP is to analyse the risks that your company faces, pin point critical areas of business and how you will prevent and recover from a crisis if it does take place. Many companies believe they are too small to need a BCP or that they will not be subject to cyber-attacks or IT disasters. On the contrary, small businesses and mainly healthcare organisations are extremely vulnerable to cyber-attacks, ransomware and IT disasters often brought on by insiders due to lack of training. Moreover, small businesses are less likely to recover from such disasters. A business continuity plan ensures that you are prepared for any worst case scenario and that you can recover swiftly.
The framework for a BCP needs to contain a Business Impact Analysis (BIA), recovery strategies, testing and a thorough plan development. The business impact analysis establishes the financial and operational consequences of the disruption of business functions within your business. The BIA also identifies two key parameters of disaster recovery: the recovery point objective and recovery time objective. The recovery point objective (RPO) refers to the maximum tolerable amount of data that a company can lose whereas the recovery time objective (RTO) refers to how to quickly the area of a business impacted needs to recover before causing significant damage to the company.
There are five steps to focus on when working on a Business Continuity Plan for the first time:
(1) Ensure you have a main risk/crisis management team which is responsible for preparing and responding to risks.
(2) Communication is one of the most important factors of responding to a disaster. Emergency call trees are used to quickly notify those in charge in times of crisis, they are also very helpful when alerting employees and keeping them in the loop with updates. Emergency call trees should be tested and information used in them should be verified.
(3) Establish your business impact analysis and constantly monitor the possible risks that your company faces, these can include: interruptions to supply chains, operations, infrastructure, increasing costs, decreasing demand, emergency management etc.
(4) Identify critical business functions which you will need to focus on and check more regularly and decide maximum tolerable downtime.
(5) Create scenarios and exercises to test your planning, update and change if needed to ensure that you are prepared for any risk which your company may face.
By F Istrefi