Essential for protecting the integrity of operational functions, minimizing financial and data loss and safeguarding the well-being of personnel, business/crisis continuity planning constitutes a foundation on which businesses can quickly maintain, monitor and recover most, if not all, processes when a high-risk event unexpectedly occurs. Business continuity planning also establishes a rigorous agenda to ensure elimination of major disruptions to customer services in the event of catastrophic human error, technological failure, cyber attack or natural disaster.
Failing to develop and implement a flawless business continuity plan could result in a business suffering bankruptcy, lengthy litigation due to data breaches, reputational damage and even closure of the company.
Key Risk Scenarios
Since the beginning of the 21st century, many newly developed business continuity plans deal with the possibility of a cyber attack from professional hackers.
The latest big data breach involved Marriott International and the access by unauthorized parties to records of at least 500 million customers. According to details of the hack, unknown parties now have the names, payment information, phone numbers, passport numbers and mailing addresses of Marriott guests in their possession. The implications for Marriott International due to this breach could create a dire financial situation for Marriott owners and stockholders.
What other risk scenarios should large businesses be worried about impacting their financial and reputational stability?
Some of the more common ones include:
- Fires
- Bomb threats
- Flooding, tornadoes, earthquakes/other calamitous natural events
- Gas leaks
- Active shooter situations/violent crime events
- Loss of critical vendors
- Earthquakes
- Tornadoes
- Power failure/backup generator failure
No business is immune to suffering a major disruption of their processes. Managers and owners who think their company is too streamlined or too small to be hit should think again about the implications of coping with one of these risks without a crisis continuity plan. Even companies that outsource most of their core processing, data processing, and other IT services and/or systems are strongly urged to have a crisis continuity plan ready to be implemented at a moment’s notice.
Fundamentals of Business Continuity Planning
Developing a comprehensive, meticulous strategy to address the repercussions of a catastrophic event begins with a thorough risk assessment and impact analysis conducted by a team of professional crisis continuity planners. Moreover, the effectiveness of a continuity plan can be validated only by testing of the plan through practical applications. Crisis continuity plans and test results of a practical application event should then be examined by independent auditors who can determine where even the most minor flaws exist.
All organizational department managers should discuss the following questions during initial meetings about developing a business continuity plan:
- Which key risk scenarios are more likely to occur? (Some companies may be more vulnerable to large-scale weather events while others are prone to suffering cyber attacks or computer hacking).
- Is specialized equipment needed during the crisis? How will the equipment be used?
- How would departments be able to function if network/mainframe/Internet systems were not functioning?
- What points of failure are the most conspicuous and how significant would these points of failure be if they were impacted by a crisis?
- What are all the critical outsourced dependencies and relationships? How involved would they need to be in a business continuity plan?
- What vital security or operational controls would require implementation before recovery begins?
- What kind of cross-training for employees will be given? Has each department clearly defined key roles/functions each employee would perform during a catastrophic event?
Risk assessments may be even more important than the actual crisis continuity plan. When done properly, a risk assessment accurately prioritizes the potential for disruptions based on the likelihood and severity of the disruption. If your business already has a continuity plan, then an aspect of a risk assessment called a “gap analysis” will compare your company’s existing plan to what is essential for achieving desired recovery times and primary objectives for minimizing fallout.
The Unlimited Scope of Risk Scenarios
While many businesses develop crisis continuity plans that address common risk scenarios like cyber attacks, hacking and shooter situations, business should not limit their risk analyses and continuity plans to just these scenarios. During risk assessments, all assumptions and processes should be tested against numerous threats. In general, this results in a variety of outcomes. Some will need no action, some will need minimal action and others will need rigorous, comprehensive action to avoid a catastrophic outcome.
Developing realistic crisis scenarios that may or may not disrupt business operations, breach sensitive data and interfere with customer services takes time and should not be expedited due to lack of objective, expert insight into all risks a company is susceptible to at any time.
Can Bryghtpath help your organization?
Navigating your organization to build an effective business continuity program can be complex and time-consuming. Bryghtpath has the business continuity experience, methodologies, and solutions that can help you evaluate and mature your program. Learn more about our approach to business continuity in our Ultimate Guide to Business Continuity and our approach to crisis management in our Ultimate Guide to Crisis Management.
Contact us and let us help you strengthen your organization with the right solutions that fit your culture and business needs.