Business Continuity and Risk Management
It’s easy to plan for good times. When everything goes as it should, you can focus on growing your business and meeting your corporate objectives. But what happens when things don’t go as planned? Maintaining business continuity through disruptions takes careful planning.
A business continuity plan details processes and procedures that will help keep operations up and running or restore them as quickly as possible in the event of a major disaster.
Here’s a look at important business continuity planning steps for organizations to take as they build their risk management and business continuity strategies.
Business Continuity Plan Risk Assessment
To be prepared for various risks, you first need to know what those risks are. Disruption can come from many different causes, including man-made, natural and technological events.
- Fire: Fire risks include building fires and wildfires. A wildfire in the area could cause smoke damage and prompt evacuations even if the fire never reaches the property. So also consider how evacuations and smoke could impact business operations.
- Natural Disasters: Hurricanes, tornadoes, winter storms and other storms may cause property damage, force business closures and prompt evacuations.
- Equipment Failure: Every type of equipment has some risk of failure. Consider how failure of HVAC systems, office equipment, manufacturing equipment and other systems could impact operations.
- Power Outages: Power outages may be localized or widespread, and they may be short or long-lasting. Consider how a power outage would impact operations.
- Cyber Security: A cyber attack is any computer-based attack on a technical asset. Examples of cyber attacks include ransomware attacks, data theft, SQL injections and distributed denial of service (DDoS) attacks. At best, your technical infrastructure will be at limited functionality until the issue is resolved. At worst, if you don’t have a data backup, you could potentially lose access to all your business data.
- Global Pandemics: An outbreak of a virus or other communicable disease could have a major impact on your business. Consider how stay-at-home orders, as well as outbreaks among workers or customers, could impact operations. Pandemics can throw a wrench in your business plans from all angles and directions. With citizens forced to stay home and do as much work from there as possible, to increased demand for certain items and decreased supply due to manufacturer shut-downs or disruptions across the supply chain. One of the most important plans to put in place if you fear a global pandemic is how your people will communicate with each other and conduct necessary business offsite. It’s also important to have options when it comes to supply in case your supply chain is disrupted.
- Civil Arrest: Protests, riots and other forms of civil unrest could cause curfews, business closures and property damage. Consider the possible impact on your business operations.
- Terrorism or War: Bomb threats, mass shootings and other terrorism or war threats could impact your business, employees, customers and daily operations.
- Supply Chain Disruption: If your business could not get the supplies or equipment needed, consider how business operations would be impacted.
Prepare for Risks and Create a Business Continuity Plan
Once a risk analysis has been conducted, the next step in a business continuity management program is preparation and risk management. Creating a business continuity plan is, admittedly, probably not the most fun day you’ll have at work. But it is a critical piece of running a resilient business, and it’s important that you, your business continuity team and the rest of your staff take this seriously. Consider the following when putting together your business continuity plan.
Identify Objectives and Goals of the Plan
Business continuity management extends beyond your information technology department and related IT systems — it applies broadly to all critical business functions, including human resources, operations, public relations and more. At the highest level, the objective of creating a business continuity plan is to keep essential business processes running or minimize disruption.
But every business is different — so you’ll need to identify the goals and objectives most important to the way you operate. Those goals will guide your risk assessment, the business continuity planning process and potential recovery strategies.
Establish an Emergency Preparedness Team
Select a few cross-functional managers or leaders, and anyone else you identify who may bring something valuable to the table. Make sure someone is designated as the leader to keep things moving forward and make decisions when necessary.
Perform a Risk Assessment and Business Impact Analysis (BIA)
Here’s where you’ll identify the biggest potential threats to your business, then research and analyze them thoroughly. Discuss with the team what would happen if you have to reduce, modify or eliminate essential services or functions. Be sure to document all the identified issues and related business impact.
Identify Essential eCommerce Business Functions
You’ll have to determine how your organization will maintain essential services/functions in the event of an emergency. Here are some of the essential services and functions that you’ll need to have a plan for:
- Inventory Management and Supply Continuity: Think about what happens when you encounter a product shortage. Supply chain issues are common in disasters like major weather events or pandemics. During a disaster, will you have enough inventory? Do you have an inventory management tool or system to help manage inventory? Do you have a plan for times with low or no inventory?
- Order Fulfillment and Shipping Deadlines: If a crisis hits, can you still fill orders and meet shipping deadlines? It may be helpful to diversify shipping providers. If you use a 3PL, ask them about the steps they take toward business continuity to gauge whether they’ll be able to fulfill and ship in disaster conditions.
- eCommerce Platform Functionality: If a crisis were to happen, can you adjust your eCommerce platform to show out-of-stock items? Can you handle an influx of customers in a situation where supply is greatly increased? Do you have strong cyber security and all of your data backed up?
- Maintaining Customer Service: During a crisis, customers need transparency and empathy. You’ll need to provide a communications plan for your marketing/communications teams and your customer support team. You may need to bring on more personnel to answer customer questions.
Prepare a Plan for Each Essential Function or Service
Your eCommerce engine runs as a combination of parts, including:
- Team members
Each of these parts has to have its own plan. How will you address the situation with your customers? Does that communication plan change when it’s the kind of disruption that may have also put their lives in danger? (E.g., as we deal with pandemic conditions, our customers are dealing with that too — and we have to be empathetic as well as informative in every interaction.)
Will you be prepared to switch to another supplier to make sure you don’t run out of inventory? Do you know what your options are if your shipping partner experiences a disruption?
Review and Make Sure Every Business Function Has Been Addressed
Leave no business function out of your plan, but that doesn’t mean that one doesn’t become more important as you look for ways to operate during disruption. You’ll want to make sure you’ve documented the following:
- Level of business risk
- Impact on employees and customers, and how you’ll communicate with them
- Emergency policy creation
- Financial resources that can be tapped into in the event of a disaster
- External organization or community partners who can work together with you to be mutually beneficial
Train Staff, Test, Revise and Update the Plan
Present the plan to all your stakeholders, and suggest being proactive by performing trial runs for a gut check that each part of the plan works as it should. This will help you identify any missing aspects or weaknesses. Then, once you’ve made any updates based on the feedback, begin to train all staff accordingly.
Implementation, Training and Testing
Once you have your business continuity plan written, implementation is the next step of the business continuity management program.
- Map out the logistics of implementation. Who is in charge of each step? When will actions occur? What resources will be needed at every step?
- Train everyone involved. Everyone who will be expected to play a role in business continuity efforts should be trained so that they know exactly what they will need to do.
- Iron out communication strategies. During an emergency, communication can become challenging. Regular lines of communication, such as telephones, may not be working, and contact information may not be readily available due to power outages, equipment failures, business closures or evacuations. Make sure you have plans and backup plans for communication.
- Practice the plan and conduct drills. It is easy for confusion and panic to overwhelm people when a crisis occurs. Practice drills may help your organization avoid this reaction and ensure that everyone knows what to do and how to do it. Drills can also help you identify problem areas where more preparation is needed.
Reassessment, Management and Business Continuity
After you’ve performed a risk assessment, written a business continuity plan, implemented the plan, conducted training and carried out practice sessions and drills, you may think you’re done. Not so fast. Business continuity plans are not a one-and-done task. Risks evolve and circumstances change, so you will need to review and update your plan. This should be done periodically. It should also be done after any major events that could require additional planning, such as changes to operations or the emergence of new risks.
When reassessing your business continuity plan, ask yourself these questions:
- What disruptions have occurred? How did these disruptions impact business operations? Was the business continuity plan carried out successfully? Was there any room for improvement?
- What new risks have emerged? Consider how technological, human and natural risks have evolved and how they could impact business.
- Have business operations changed? As a business grows or changes focus, the business continuity plan may need to be revised to reflect the new priorities.
- Are there new resources available? Consider how these resources could be used to improve business continuity planning.
- Is your insurance coverage still adequate? Consider, for example, whether there is coverage for emerging risks, whether your terms of coverage have changed and whether you need higher limits.
Planning for Whatever Lies Ahead
We cannot predict the future. However, there’s no question that every business inevitably faces exposures such as natural disasters, equipment failures and cyber attacks. Will you be ready?