Unfortunately, things happen that can affect your business operations, whether it be a natural disaster, a power outage or an emergency event. It's best to prepare and have a business continuity plan to ensure you can keep your employees safe and your business running during difficult times. Think big picture to craft an effective business continuity plan.
Here are 4 Business Continuity Planning Essentials
1. Ensure employee well-being.
Communication during and following an emergency presents a variety of challenges. So, crafting an employee safety and communication plan that works is absolutely essential. The specifics will vary widely from company to company, but your emergency safety and communication plan must address the following:
- How the company will ensure employees are safe during a disaster event
- How it will communicate essential information to employees following the event
The first part will depend heavily on the nature and location of your business. Safety planning for a large manufacturing facility will obviously be different than for a small real estate office. Because of this, it's very difficult to provide best practices for this part of your business continuity plan. However, the key is to match your safety plan to the specific needs of your organization.
For the second part, you will need to first gather a variety of information and make sure that it's well documented, easily accessible and stored in a number of secure locations. This should include up-to-date employee contact information (email, mobile and home phone numbers, emergency contact information, etc.) It should also include a methodology for contacting employees.
Email is the easiest way to reach a large group of employees, but if your company's email server is down, you are out of luck. Some businesses employ redundant Exchange servers or cloud-based services to ensure email access. Of course, if you are without Internet access entirely, you'll need an alternative.
A call tree, sometimes referred to as a phone tree, call list, phone chain or text chain, is another popular method for distributing important information to employees during and following an event. Here's how it works. An employee initiates the call chain with a call to the next person on the chain. That employee contacts the next person on the list and the chain continues until everyone on the call tree has been reached. Other companies may automate emergency calls with purpose-built communications software/services.
Regardless of the methods you use to distribute information to your employees, your emergency communications plan should provide enough detail that it can be carried out if the plan's creator is not available following the event.
Your plan should also be flexible enough to accommodate for a variety of potential emergency situations. The response to a fire in your facility during working hours will be very different from communications following the widespread distribution of a defective product, for example.
Emergency communications should be brief and as accurate as possible. Depending on the structure of your organization, you may want to keep managers updated, allowing them to pass information to direct reports on a "need-to-know" basis.
Finally, it's essential to test and update the communications plan periodically. Testing will identify gaps in the plan such as out-of-date employee lists or contact information.
2. Keep customers in the loop
Managing customer relationships is critical to the ongoing success of your business. It's important to craft a plan for distributing information to your customers during and following a disaster event.
If an event occurs that is likely to impact them, it is essential to communicate the details of the issue and explain the steps you are taking to mitigate it. This might mean direct communication to your customers, but it could also mean messaging via traditional and social media. Failure to do so can have a negative impact on the reputation of your organization.
Take the way Toyota handled the reports of self-accelerating vehicles back in 2009 as an example. Instead of acknowledging the issue and assuring customers that the company was investigating the problem, the company opted to cite user error in a classic example of blaming the victim.
The problem was eventually pinned on floor mats, gas pedal design and faulty electronics. Although Toyota spent billions to replace components, their initial response created distrust among customers.
You will also need to handle a wide array of incoming communications following a disruption. This could mean: support requests, high volumes of email and phone traffic, media interest, etc. Your organization's ability to respond to customer needs following an event will have a direct impact on reputation.
Protect Your Reputation
So, how do you keep your good reputation intact? It comes down to careful preparation. First, you must be prepared from a personnel standpoint. Carefully planning communications with customers is essential. You will need to be able to respond quickly and clearly explain the steps you are taking to resolve issues.
All customer-facing staffers should be briefed and ready to deliver a clear and consistent message. You may want to consider using script templates, which can be adapted to address various events. Pre-scripted messages can be developed, approved by management and quickly distributed to customers following a disruption.
You also need to ensure access to communication infrastructure (phone, email, Internet access). This might mean redundant phone lines/services, hosted PBX systems, cloud-based email or redundant Exchange servers.
Larger businesses may need to invest in a secondary contact center to manage inbound and outbound communications. There are a number of vendors that offer call center services, temporary work spaces and even mobile data centers.
Testing or rehearsing all or parts of your customer communications plan should be considered essential. Testing is the best way to identify and resolve customer support weaknesses and communication infrastructure issues.
3. Enable IT Uptime
To understand the IT piece of disaster recovery and business continuity today, it helps to look at the not-so-distant past. It wasn't long ago that backup meant daily incremental and weekly full backups to take or a dedicated backup target.
Duplicate tape copies were created and shipped offsite for disaster recovery. Many businesses continue to use this model today, and depending on your recovery needs it may be perfectly adequate.
When creating an IT disaster recovery plan, it's important to understand two concepts: recovery time objective (RTO) and recovery point objective (RPO).
RTO is the amount of time that it takes to get a system restored following a failure or disaster event. RPO is the point in time to which data can be restored following the event.
So, if you performed a backup at 6pm each night and a server failed at 5pm the following afternoon, your RPO would be 23 hours and any data created during that span would be lost. For many organizations this was unacceptable.
Rather than relying on tape for disaster recovery, some organizations replicated data to a secondary site that mirrored their data center for DR. However, this approach required a massive investment in hardware, because it required two sets of identical servers, storage, switches, software etc.
Recovery-in-place and Disaster Recovery as a Service
Advances in virtual server backup and cloud computing changed all of that. Today, users can run applications from image-based backups of virtual machines. This capability is referred to as "recovery-in-place" or "instant recovery."
Recovery-in-place dramatically improves RTO because operations can continue while primary servers are being restored. RPO is reduced as well - snapshot-based, incremental backups at 15 minute intervals are a common practice. Virtual machine images can also be replicated to an alternate site or cloud for disaster recovery.
Many backup software products today have the ability to perform these tasks. If your current backup software supports it, you can set it up yourself. If you are relying on an older backup software product or you are starting from scratch, you might opt to outsource these tasks.
In this model, an appliance is typically placed on premises for local backup and recovery and data is replicated to the cloud for disaster recovery. Recovery-in-place technology allows you to run applications from the onsite appliance or from the cloud following an outage or disaster. This is commonly referred to as "cloud disaster recovery."
Testing IT disaster recovery plans is essential. Today's technologies and services have greatly eased the testing process. Because of the ease in which virtual servers can be created, users can set up DR test environments without the risk of harming production systems.
4. Keep Business Moving
Many organizations today have limited tolerance for application downtime. If your employees or customers do not have access to essential applications and data, there will be a direct impact on productivity and revenue.
While this sounds obvious, many organizations do not consider the actual costs of downtime for a business. To better understand the cost of downtime, consider the following example.
Let's say your business has 100 employees and on a typical day average hourly revenue is $1,500. In order to perform daily tasks, employees need access to email, a large database and a variety of file-based data.
Let's say the sum of this data mounts to 2 TB and you perform an on-premises incremental backup at 6pm each day which is also copied to a cloud backup service.
Given these parameters, a full restore from a local backup would take 8 and a half hours and downtime would cost your organization $34,000 in lost revenue.
When you look at restoring 2TB from a cloud backup following a disaster, the picture gets considerably more bleak. To restore that same 2TB over the Internet from a cloud service it would take 6 days and the cost to your business in lost revenue would be $614,000. These numbers will vary from business to business, but this example illustrates the importance of being able to continue operations while primary servers and storage are being restored.
Continuity of Operations
Application downtime is just one factor that can impact your bottom line. There are a broad spectrum of considerations depending on the size and type of your organization. However, there are a variety of examples that apply to many businesses.
Insurance - Insurance is an important factor in your recovery effort. For example, let's say your business has numerous warehouses full of goods awaiting distribution at any given time. The cost to replace goods in the event of a fire or flood could be massive and severely impact your ability to continue operations. So, it's obviously essential to select the proper insurance coverage for your business' specific needs. It's also critical to document all insurance information including plan numbers/login information, the process for filing claims, etc.
Training - Every business will need to identify employees critical to the recovery process. This might mean executives, department managers and IT staff. Whatever the structure of your business, you'll need to define business continuity roles and responsibilities. It's also important to cross train staffers on essential tasks, in case a critical employee is unavailable following the event.
Disaster recovery and business continuity planning should be considered a critical aspect of running a business. However, many organizations disregard it completely. Others have some kind of plan in place, but fail to grasp how time consuming the recovery process can be and the associated cost of downtime.
The good news is that today's data protection technologies and services have greatly improved the IT piece of business continuity. It's extremely important to test business continuity/disaster recovery plans. Testing is the only way to reveal gaps in your plans and address them proactively.
As a full suite IT and cybersecurity firm, Restech can help with your technology and business continuity plan. Contact us today to learn more.