- Governance, Risk & Compliance
- Business Solutions
In business, as in life, it’s impossible to predict when disaster could strike. Imagine for instance a flood spreading into a business district. Businesses could lose power for weeks, or suffer permanent damage to their business infrastructure.
So all risk managers need to ask themselves, in scenarios like this, does the business need to completely move shop immediately? Do you shut down until things are operational again, or does the business have the project management and business continuity pre-planned for such disasters?
A Business Continuity Plan helps you prepare for disruptions in business activities, in case of uncontrollable internal or external events. It details a process and strategy to help employees respond to operational disruptions, communicate effectively and continue being productive with their time.
It's also vital for a Disaster Recovery Plan to be in place and function as part of the overarching Business Continuity Plan. Simply put, the Continuity Plan must address the business as a whole, while the Disaster Recovery Plan works alongside it to return business functionality and ensure vital information is accessible during and after the disaster.
During the actual disaster that is disrupting the business, it is always too late to react if a plan is not in place. This means every single organisation, regardless of its size needs to adopt a Disaster Response and Recovery Plan as part of its Business Continuity Plan. Of course, senior management all the way up to the CEO will need to approve this.
A major part (and some go so far as to say the most important part) is to build a Business Impact Analysis Report to show the actual impact the disaster had on the business. At the end of the day, this is all senior executives need to know. These reports generally include critical steps for the business, and an assessment of the risks that threaten the critical processes and disaster recovery priorities. ReadiNow GRC solution can help guide you here.
Here are 4 key things you need to know when creating a Business Continuity Plan:
Having relevant training, testing and an overall maintenance plan in place to supplement the Business Continuity Plan is necessary for its success. You can test it by simply walking employers through a paper process, or conduct a complete interruption test such as a fire alarm to gauge employee reactions.
You should continually test critical organisational processes to ensure the plan is operational. As you gradually train existing and new employees, ensure all documentation is up-to-date and easily accessible and you are using the right tool for the job. ReadiNow can help you with this.
A central part of recovery is ensuring that time-critical processes become functional as soon as required. It's important to develop a category system, these can include defining the Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for relevant business processes. This essentially means that it determines how long it takes for a system to recover and the amount of time that data can be recovered.
It's important to have a system in place to prioritise the potential risk. Some programs allow you to learn how to execute and develop project schedules, and ultimately define how each of the disaster recovery items will take and what scheduling of activities will look like.
A strong communication plan is vital, and if clear and concise communication is not your expertise, ask someone in marketing for assistance to get your message across simply and easily for employees to understand. It's important to define how you will communicate with all internal stakeholders and what kinds of communication is effective for the type of culture that your organisation is part of. For example, text messages are very helpful for younger employees and phone calls may be more effective for a more senior audience.
Once you have your disaster recovery phase operational, all you need to know how to do is communicate it effectively and optimise it to the changing landscape.
Businesses will always face multiple different threats, and vulnerabilities both internally and externally that will impact business operations and processes, which inevitably fall into the following categories.
Once you have your list together, you need to define these threats and think about the likelihood of them occurring to your organisation. Try to understand how vulnerable your company is and the full business impact of such threats.
Different programs can help you understand how to predict risks and evaluate their impact and explain the importance of risk activities that need to be completed within your organisation.
E.G. if there is a flood and the power goes out, is there a meeting place for your employees to work and continue operations? Are there external meeting rooms available with wi-fi and internet your employees can attend during these events. These are the types of questions risk managers need to ask themselves.
At all costs, produce time-critical processes and avoid internal team bias. When producing a time process report, it cannot be created in isolation or in a vacuum. You must interview all department leads, asking them questions on their input and output processes, loss and overall business impact, recovery time, recovery site requirements and how to reduce the disaster recovery time.
There are programs in place that assist with planning Business Continuity Planning projects and getting the required approvals from senior management. ReadiNow enables you to classify staff roles and responsibilities and digitise the scope of the project.
If you are interested in building a strong Business Continuity Plan and digitally transforming your organisation, request a demo by going to www.ReadiNow.com and see why so many risk managers are making the move.