Build a Business Continuity Plan in Just 4 Steps
Does your business continuity plan too complicated? Do you have a plan at all?
First things first – what is business continuity and how is it different from disaster recovery? Many business owners and executives use disaster recovery and business continuity planning interchangeably when in fact, they have different meanings:
- Disaster recovery is the process put in place to resume business operations after a disruptive event. Disaster recovery (DR), on the other hand, is the process put into place to resume business operations after a disruptive event. In other words, DR is a reactive step.
- Business continuity planning is a more comprehensive approach involving the strategic planning a business puts in place to ensure systems, processes and procedures can still function in the event of a disaster. In short, business continuity is a proactive step.
Business continuity vs. disaster recovery
Build an Effective Business Continuity Plan in Just 4 Steps with the “S.A.F.E” Approach
S: Support: Receive executive-level support for the plan.
A: Assess: Assess all threats and identify solutions.
F: Framework: Build the framework of your plan through a business impact analysis.
E: Exercise: Exercise, test and improve your plan routinely.
Let’s cover each step, one at a time.
SUPPORT: Receive Executive-Level Support for the Plan
Although it may sound simple, this step is critical. For many businesses, the first challenge in getting a business continuity program off the ground is getting support from a CEO or senior level executive. With rallied support underscoring the importance of the plan, leaders are more likely to get behind the plan and see it through to completion.
ASSESS: Assess All Threats and Identify Solutions
The next step in the S.A.F.E approach involves defining all threats and solutions at a high level by creating an “assessment map”, as shown below. Next to each threat, define a solution to resolve the threat along with a way to prevent that threat from occurring in the future.
For example, here’s how a cyber-attack might be broken down:
Solution: Data recovery plan
Prevention: Layered security approach, employee education
When it comes to cyber-attacks and data breaches, a layered security approach may be necessary to protect your network from a broad range of attacks through multiple layers of security. Additionally, a data backup and recovery plan should be in place, in the event your network is compromised.
Continue to follow the same steps to define each threat, identifying solutions and different ways to prevent each particular threat from occurring.
If you’re not sure which solution and method of prevention would be the best fit, contact us by phone at (262) 522-8560 or email and we’ll help you understand what solutions are available to you.
FRAMEWORK: Build the Framework of Your Plan through a Business Impact Analysis
Define critical functions and resources: In this step, identify how each threat would affect the survival of your business.
What functions and resources absolutely need to be up and running and, if interrupted/lost, could affect your ability to meet regulatory requirements or continue providing goods and services?
Define Maximum downtime: Record the longest period you can be without these systems.
The answer to this question will become the maximum tolerable downtime, or MTD, for those systems. This step is necessary when allocating your business continuity resources, so be sure to evaluate all systems that are critical to the operation of the business. You’ll want to identify and document any critical functions of the business that absolutely need to be up and running as quickly as possible in the event of a disaster. Then, record the longest period of time you can be without these systems.
For example, one department may initially indicate they need access to a particular system within 24 hours of a disaster, but further questioning might reveal they can effectively do their job while accessing a system several times a month rather than on a daily basis. This simple change could lengthen the MTD significantly and therefore dramatically affect the prioritization of resources.
Define Recovery speed: Once you know what systems need to be recovered, and how long you can be without these systems, define how quickly you will need access to those systems. The answer to this question becomes your recovery time objective or RTO.
To find your recovery speed, ask your Ontech IT consultant “How long would it take to restore XYZ system to working order in the event of a disaster?”
Assess impact: Finally, assess the impact of a disaster on your systems. Pay close attention to cases where the MTD (maximum tolerable downtime) is less than the RTO (recovery time objective).
It is these gaps where your recovery requirements are NOT in line with your business continuity plan. To fix this, meet with executives again, ensure MTD is accurate and confirm with your Ontech IT consultant that recovery times are truly insufficient for meeting these needs.
This step ensures all parties are on the same page and provides a path to negotiating a solution regarding expectations vs. realistic recovery time. Any remaining gaps are areas that may require additional investment to reduce the RTO or alternatively, increase the MTD.
EXERCISE: Exercise, Test and Routinely Improve Your Plan
Once you build a business continuity plan, don’t simply file it away as you would a business plan or mission statement. A business continuity plan is a “living process” that must evolve with the needs of the business as technology capabilities change. Test your plan and update it regularly (yearly – at a minimum) or as any time critical functions, facilities or systems change.
Finally, take the time to train employees to understand their role in executing the plan. Hypothetical walk-throughs, drills, exercises or simulations can stimulate great discussion and ensure your business continuity plan executes seamlessly in the event of a disaster.
Business Continuity Support and Resources
Need Help from the Experts?
If you need help defining your business continuity plan or you have questions, let us help you.
Don’t Let a System Failure Shut Down Your Business
One simple oversight in your plan can result in far greater losses than productivity alone.
Without a definitive plan in place, the aftermath of a disaster can affect every aspect of the business – from lost revenue, to compliance issues, decreased customer satisfaction and even the safety of your employees.
A catastrophic system failure creates chaos. Gone are billing and inventory records, customer lists … miscellaneous reports.
To recreate this information from scratch is expensive and time consuming. And depending on how much damage was done to the computer systems, it could be days, weeks or even months before operations return to normal. Be secure!
One of the best investments you can make in your business is developing a robust business continuity plan. However, according to AT&T, 84% of small businesses feel that recovering their data in the event of an emergency is important, while only 40% perform offsite data backups.
Some businesses may put off what they know is necessary because they presume a business continuity plan is a better fit for larger corporate companies. But what if there was a comprehensive backup, disaster and recovery solution that’s practically maintenance-free and priced to fit small business budgets? We will show you the quickest and most affordable way to ensure your business is covered in the event of a disaster.
Again, if you’re not sure which solution and method of prevention would be the best fit for your business continuity plan, contact us by phone at (262) 522-8560 or email and we’ll help you understand what solutions are available to you.
Schedule a time with your consultant or account manager today!