For many CEO’s, CFO’s and COO’s the topic of business continuity planning is one that falls under the column of “I know we need to develop this, but we’re too busy right now.” Inevitably the need to execute all or at least a portion of a business continuity program will probably find you as a business leader and when it does your company had better be prepared for what may strike.
When disaster hits few companies have shown enough resolve to survive when the planning stages were not completed before the event. The Strathclyde Emergencies Coordination Group (SECG) reports that 80% of businesses suffering a major disaster go out of business within three years of the event and that 40% of businesses that suffer a critical I.T. failure go out of business within a year of the event. When you are unprepared for a catastrophic event, mother-nature or man-made, your business more than likely will not survive it.
What to prepare for
When assessing continuity threats break them into two categories: external and internal.
External threats can include:
– Inclement or severe weather
– Theft (from an external source)
– Nearby business experiences a catastrophic event (from an internal source)
– A major supplier experiences a catastrophic event or, perhaps, goes out of business suddenly
– Fire (caused by someone externally)
Internal threats can include:
– I.T. system failure
– Theft (employee(s))
– Key personnel fall ill (e.g., sickness/disease outbreak, etc.)
– Fire (caused by someone or something internally)
Unfortunately, there is rarely a warning before a catastrophe strikes and when it does it can devastate. When business is disrupted for any length of time it can slice deeply into your profit margins. Lost revenues plus additional costs in getting the company back on line also means reduced profit margins. Although we are comforted by having insurance, it never completely shields us from the total costs of a shutdown.
Seven key phases to continuity planning
- Decision: Executive level leadership needs to agree that a plan is needed (the CEO cannot develop one all alone).
- Develop the team: Form a planning and development committee.
- Assess: Not unlike a SWOT analysis, the need to assess the unique needs, strengths, and weaknesses of the business is key. Where might the most devastating attack occur? Why would that type of attack be particularly bad for the company? How do we plan accordingly?
- Plan outline: This is a wide-reaching and daunting, to many, project. By creating an outline or a program shell the development team can then include the company’s subject matter experts (SMEs) to add in the details which will fill out the program.
- Testing: Do not let the first time this is executed be when an event strikes! Test what you believe to be true about your company’s strengths, weaknesses, etc., and how you plan on protecting them.
- Revise: The plan will most likely never be perfect. Require that your leadership team review and reassess this program annually.
- Test. Test. Test: Never stop running mock drills. Simulating a major catastrophic (as well as a smaller size) event will help fine-tune your team’s ability to respond.
No CEO would argue the point that it is the CEO’s number one duty as the top officer of the company to maintain and secure the future capacity and reputation of the business. It does not take a huge event to negatively impact the company’s well-being and ability to carry on. With some strategic planning and a completed business continuity program you can prevent tragedy that has destroyed others due to nothing more than leaving this project in the “I know we need to develop this, but we’re too busy right now” column.
(Writing by Patrick Proctor, vice president of operations at Stash Tea Company; Editing by Todd Aitken and Amy Canter)