3 Reasons to Spend Time on Your Business Continuity Plan
- Nov 19, 2019
Yes, you do need to spend time on your business continuity plan!
If business continuity is all about the “what-if,” why should businesses spend time addressing what may never happen?
Michele Turner came on a recent episode of The Continuity Forecast to answer this question and share her top tips for creating a strong business continuity plan.
A subject matter expert, Michele has worked in the field of business continuity for over 20 years and is currently the head of Global Business Resiliency at Amazon.
Here’s the deal:
Business continuity is proactive versus reactive
Business continuity is about putting plans in place so you’re able to be proactive versus reactive when addressing business interruptions.
Business continuity planning drives efficiency
When business continuity is considered throughout the organizations, it helps the current state of affairs run more efficiently.
For example, think about going through some exercises to test the BC plan you’ve developed. When you conduct these tests, you’re looking at leveraging your standard operating procedures.
What organizations tend to find out when going through those tests and exercises is that they can tweak those standard operating procedures to make them more efficient, more streamlined.
Plus, when putting together a business continuity plan, they will often conduct a business impact analysis. What they learn from that analysis is going to be helpful in the event of a business interruption, but it also gives them a better view of their current environment, as it highlights threats, vulnerabilities, and gaps that need to be filled.
Business continuity planning helps you differentiate
Business continuity is all about getting your business up and running again.
If you can get your business up and running more smoothly and quickly than your competitors, that’s a huge advantage.
Practices that can be leveraged to help strengthen organizational resilience:
The business impact analysis
This analysis is critical to understanding the services or functions that drive your business continuity strategies. (This is similar to analysis of your cyber defense system.)
With both types of analysis, you must understand the key threat areas within your environment and the critical assets you have that may be vulnerable. Once you understand those elements, you can ensure you have good controls in place to catch anomalies and stop threats.
With risk assessment, organizations must consider their environment, the threats, and the exposures. Then, based on those threats and exposures, leaders must look at the resulting risk.
For example, say the supposed threat is a tornado.
What’s the vulnerability associated with that threat? One may be that you don’t have weatherproofed windows or a generator.
If the tornado occurs, the risk is that your systems will be impacted, and you won’t be able to serve your customers.
We see that a risk assessment is vital because it allows you to identify the impact in the event a risk comes to fruition, the likelihood that it could occur, and then the level of controls that you have in place to be able to manage it.
Michele’s top 3 tips for building a strong BC plan:
#1. BC is not a project.
Projects have beginnings and ends — BC is a program, a gift that keeps on giving.
It has a continuous process improvement cycle, so, make sure you’re framing your plan in that respect.
You have to ensure that, based on any changes in environment or strategies, you continually reevaluate your BC plan and readiness level.
#2. Ensure there is collaboration across departments and groups in your organization.
We talked about a few of the groups that might be involved in BC planning — business continuity, risk management, and cybersecurity. It’s crucial that these groups (and others) leverage and share information.
Sharing of information leads to unity, increased credibility, and a much stronger plan for the business.
#3. Don’t think about tests in terms of success or failure.
Of course you should continue to identify objectives as you go into exercises and tests, but if there are some objectives you don’t meet, don’t consider it a failure.
The key is that you perform exercises and tests in a safe environment where you can identify actions that must be taken to address these objectives.That way, in the event of a disaster, you’re in a much better spot.
So, you do need to plan for the “what-ifs.” Just remember, that by investing in these plans, you’re building a business that’s not just able to withstand a disaster, but will be stronger and more efficient through everyday operations, too.
Business never stops.
To hear more from The Continuity Forecast, check us out on Apple Podcasts, on Spotify, or on our website.