Updated 31 May 2022
5min read
To survive, your business must be resilient. This of course means growing and adapting to changes in the market. But it also means being able to survive the unexpected.
Besides the obvious challenges like competition and the economy, there are a whole range of other hazards that could harm or even end your business. Accidents, theft, fire, flood, tech failures and cyber-attacks are just some of the mishaps you need to safeguard against. This is why every business needs a business continuity plan – also called a disaster recovery plan or resiliency plan.
Business continuity planning is about ensuring that your business can pick up again after a damaging incident. Remember that even in the event of a disaster, debts, bills and taxes still need to be paid. Some customers may be patient and understanding if their orders are delayed – however, some may not. What’s more, if you can’t meet your obligations, you could quickly find the businesses becoming insolvent.
Your priority is therefore to get back up and running as quickly as possible – or at least to ensure that the most vital parts of the business are restored in good time, while you work to rebuild the rest of it.
At the very least, having a disaster recovery plan in place will reassure creditors and other stakeholders that you are taking steps to get back on your feet. In the best cases, a good plan properly executed can mean that there is little or no real disruption to the business.
There are three main types of events to plan for:
In both cases your main objective is to protect your critical assets. However, the impact of each kind will be different.
A fire or flood may do serious damage to your place of work, potentially making it unusable for months. This means you need to think about having a back-up base of operations. This may involve remote working, or you may need to find temporary office space (or a combination of both). The problem will be compounded if key equipment is destroyed or damaged, so think about how these could be replaced or substituted. Rarely, a disaster may result in the injury or even death of staff members. As well as being tragic in itself, this can have a double impact on the business if senior people are involved. In this scenario key person insurance can help to reduce the damage to the business.
With an incident like a burglary or vandalism, your priorities are different. Your workspace may still be usable, but you need to ensure that you and your customers are protected from any further consequences, such as data theft via stolen IT equipment.
As with malicious acts, data security is of paramount importance. You need to be able to reassure your customers and stakeholders that their data is safe. A cyber-attack may also shut down your IT system or delete vital data. Think about what alternative IT arrangements you could use, and how you can back up your data securely so that it will survive any such incident.
Any of these scenarios could also result in a PR crisis, for which you may need a separate response.
Your business continuity plan should grow out of the specific needs, vulnerabilities and setup of your business. For instance, your employees typically work remotely from multiple locations, your needs will be very different from a business based entirely on one small site.
The first step in creating your plan is to make a list of the top 10 disasters that could theoretically affect you. Next, rank the disasters according to
Each disaster will now have two scores – likelihood and damage – which will be a number from 1 to 10. For each one, multiply the two scores together to get a ‘risk score’ out of 100. Now you can list the disasters in order of risk, starting with the highest score.
Now go through the list one by one and imagine each disaster has just happened. What would you need to do first? Write down your priorities.
As you proceed down the list, you will find that certain priorities keep repeating. These will form the basis of your disaster recovery plan.
Regardless of the cause of the crisis, your disaster recovery procedure will generally follow the same basic steps. You should therefore create a master document which sets out this process in detail, so that when trouble strikes everyone knows exactly what to do and how to do it.
The following template should help you to build your own bespoke business continuity plan.
Your plan will probably need at least the following sections (it may have more).
Start by setting out the purpose of this document. Is it a general disaster recovery plan, or one that focuses on a specific area (e.g. IT)? Make sure readers can identify quickly that they have the right plan to hand.
Provide a list of the key people responsible for each area of disaster recovery, clearly indicating their role along with their contact details.
It is a good idea to have private social media groups (e.g. WhatsApp) set up in advance, but do not rely on these. An old-fashioned telephone tree makes a good backup solution.
There will be a variety of essential contacts outside your business whom you may need to call upon in an emergency. Depending on the circumstances you may need to contact your:
After the key contact information, include a short list of events that justify triggering your disaster recovery plan. Focus on those judged to be high risk or most likely.
Now set out the actual tasks required for disaster scenarios. You should have a core section covering general business continuity – i.e. what is needed to keep things running in a range of circumstances – linking to more specific sections that cover your highest-risk disaster scenarios.
Assign each task to a specific person, with backup personnel to stand in if the designated individual is not available.
In the appendices, place all other information relevant to your disaster recovery plan, such as notification procedures, the location of essential resources, alternative work locations, insurance policies etc.
As your disaster recovery plan develops, make sure it addresses these key areas.
Remember too that your business will change over time, so review your plan regularly.
Once you have a resiliency plan ready, don’t just put it aside until you need it. You may need to take regular actions to make sure it works effectively at the right time. Here are some ways to keep your plan effective.
One of the greatest benefits of business continuity planning is that it prevents panic setting in at the worst possible time. If you have a plan to hand, then no matter how grim the circumstances, having a practised set of activities to execute will help to keep you focused, and maximise your chances of surviving the crisis intact.