What COVID-19 has taught us about business continuity planning

COVID-19 has brought to life the benefits of proactively planning and preparing for potential events that can impact on your business. This time of turbulence and disruption has provided an opportunity to think of the ‘what-if’ scenarios that could significantly impede on businesses, and the disaster recovery plans that should be put in place to help manage uncertain times.

Proactive planning not only helps business logistics run smoothly when disaster hits, but also aids in ensuring that recovery and disruption time is kept to a minimum so business can get back on track faster.  

Below is a guide on what a business continuity plan is, what you should consider when making a business continuity plan, and how we can help you through this process to ensure that your business is foundationally sound to cope with disaster.

What is business continuity?

A business continuity plan is your personalised blueprint for business recovery. It’s the detailed business disaster plan that is put in place to cope with a range of threats – not just COVID-19. Disaster recovery means allocating the appropriate procedures and instructions to deal with natural disasters such as fires, floods, and severe storms; as well as cyber disasters such as cyberattacks or system crashes.    

What should I consider when making a business continuity plan?

The four key elements in developing your business continuity plan include prevention, preparedness, response and recovery (PPRR). The PPRR Risk Management Model is the most comprehensive approach to risk management and can help save your business time and money when responding to setbacks, incidents, or disasters.

The PPRR steps include:

  1. Prevention: risk management planning that addresses any potential threats, the likelihood of them happening, and their subsequent degree of impact on the business.
  2. Preparedness: understanding and analysing your business to identify and prioritise the key activities that are likely to be adversely affected by disaster to establish effective response and recovery.  
  3. Response: the immediate action processes put in place to contain, control or minimise the impact of an incident.
  4. Recovery: the recovery plan that incorporates elements that outline the action needed to recover from an incident to minimise disruption and recovery time.  

1. Prevention

List all the potential threats and the likelihood of them happening

As mentioned earlier, threats could be as large scale as a global pandemic or as small as a computer crash. Regardless, both incidents have repercussions that could result in extreme disruption to your business, making thorough business continuity management a critical component of your overall continuity plan.

With all the ‘post-COVID implication’ talk going around, it’s important to not disregard the everyday incidents that can occur without warning. The likelihood of cyberattacks, system crashes, and viruses are significant incidents that could result in the complete loss of data for your business and should not be oversighted.  

Back up, and take it offline

The largest cause of data loss comes from a virus called ‘Ransomware’ and is particularly harmful because it doesn’t just infect a single hard drive, it spreads through an entire network. This means that even if you have paid a premium for data storage, if it is not stored offsite and disconnected from the main network, your files are not safe.  

2. Preparedness

Identify where your business’ critical information is stored

Data storage is a key component of not only a successful continuity plan, but also a key component of a successful business holistically. All working files such as accounts payable, expense reporting, written policies, and budgeting records, as well as all dormant files for tax purposes, legal reasons, and to help with future planning, should all be stored in a place where they are protected and cannot be lost.

The longer your business is functioning and the larger it grows, the more data you’ll need to store, making it imperative that every file is stored in a safe and secure location that will not be affected if disaster hits. Data is an important asset to any business, and for some companies, it’s one of the most important assets.

The ergonomics of a data storage system is incredibly important for file use, retrieval, and overall efficiency. However, it is the security and safety of the data storage system itself that is of most importance to a business’s ‘prevention’ step of their continuity plan.

So ask yourself these questions:

  • How would you recover files if your business were to suffer from a natural disaster such as a fire or flood?
  • Is your data safe and secure from a virus network attack?
  • Are you able to quickly retrieve old files for legal reasons if the moment arose?
  • Would your files be recoverable if your system crashed?

If you’re unsure how your data would recuperate from any (or more) of these incidents, it’s important for the survival of your current business assets that you put in place a preventative plan to protect this data.  

3. Response

Make an actionable, realistic plan

The next important step is to prepare an incident response plan to aid in dealing with any number of crises. This plan should outline the types of incidents or crisis situations in which it will be implemented and the subsequent actions and processes to follow. This plan should also have clear implications for what to do immediately before a crisis, and if possible, during and immediately following.

An incident response plan should include:

  • A clear statement of the circumstances when the plan would be activated and the person with authority to do so
  • Incident response team details including key roles and responsibilities
  • An emergency kit
  • Evacuation procedures specific to your premises
  • A communication plan including communication methods and timings needed to keep everyone safe
  • A contact list of people you will need to contact during a crisis (include staff, emergency services, and relevant providers such as data storage suppliers)
  • An event log to record information, decisions and actions that take place during a crisis

4. Recovery

Create a roadmap to recovery

Once the threat has passed, you’ll need a plan to get back to business as usual. In this plan, you might like to think about how you will communicate with your staff and what support might be needed to transition back into a normal operating rhythm.

Let’s talk

Creating business resilience means taking the time to plan ahead so that you’re not having to use that time to recover from irrevocable damage. If you feel as though your business does not have the right continuity plan in place to protect and prevent against natural and cyber disasters, now is the time to establish one. Our team of dedicated Business Technology Advisors is here to help. Talk to us about your disaster recovery and data backup plan today.

Read Case Study