I might be slightly obsessed with Billions, the series. It is riddled with quotable quotes. My personal favourite? “It’s like Highlander: there can be only one” – Bobby Axelrod.
Despite my inherent dislike of Axe, I can’t help but respect his business acumen. In S2. Ep5 he shares this pearl of wisdom: “The greats never sacrifice the important for the urgent. They handle the immediate problem and still make sure to secure the future”.
How do you secure the future of your business if disaster strikes?
Building a robust business continuity program may be the last thing on your to do list, but it may be the most important item. Remember what happened to Delta Airlines about a year ago? A loss of power at their Atlanta data centre resulted in the airline grounding all its flights worldwide for several hours. According to news reports the total cost of the outage was $150 million.
What’s the worst that could happen to your business? Maybe a server outage is not a major concern for you, but what about a fire at your warehouse, or a flu pandemic hitting your work force?
Let’s look at 6 steps you can take to build your BCP.
1. Get buy-in and gauge risk appetite
As with any project or program, you need commitment and support from senior management. It is crucial to get the strategic decision makers on board for a business continuity plan as they are the key players who will provide leadership in a time of crisis. Make sure you understand the business risk appetite. A risk appetite statement provides a directive to management and staff about the organisational tolerance during an outage. How quickly does the organisation need the key services up and running after a disruption? Quicker response times generally comes at a cost. The organisation needs to find the balance between the cost and benefit of its plan.
2. Conduct a risk sssessment
Assess the risks across the organisation and identify possible disruption scenarios. Mostly they will fall in one of the following categories:
• Loss of data and IT or resources
• Loss of building
• Loss of personnel
• Loss of equipment or resources
3. Conduct a business impact assessment (BIA)
The BIA should look at key business areas and capture these aspects during a disruption:
• Operational impacts
• Financial exposure
• Technological reliance
• Resource requirements
You should identify time-sensitive operations and any contingency resources and plans available. Often business units already have contingency plans in place for small outages, you can formalise and incorporate these in the greater business continuity plan.
4. Develop the plan
The plan should cover at least these four stages:
• Emergency response procedures: Focus on the safety of personnel and security of the organisation’s assets.
• Crisis management response: This covers the first critical decisions about what the crisis is and what the organisation should do. The plan should identify the crisis management team, the responsibilities of team members and the criteria for conducting an impact analysis.
• Business recovery: It describes the procedures and activities necessary to restore critical functionality and services. It should identify alternate operational sites and key business resources required. A checklist would be helpful here.
• Business resumes: This stage involves returning the organisation to pre-crisis operational levels. The plan should contain a broad outline of responsibilities and key processes to get back to business as usual.
5. Implementation and training
There’s no point in having a well-documented plan if no one knows about it. Train all staff on their roles and responsibilities and who to contact should the need arise. We have some thoughts on why e-learning is the way to go.
6. Test it!
Regular testing and exercising is critical to success. People are more likely to respond well to a crisis if they have practiced what to do in advance.
And finally, if you’d like to talk to us about risk in your organisation we can always be coaxed out with the promise of caffeine or ale.