September 15, 2017
In the wake of the devastation caused by Hurricanes Harvey and Irma, questions have been raised about the potential for a business to continue after a disaster. Is it even possible? Yes.
But it does take thoughtful planning ahead of time. Would your organization continue to operate after a disaster? It’s a question that’s even more important today as climate projections suggest natural disasters like we saw recently in both Florida and Texas will increase in both severity and frequency.
At Marco, we developed an extensive Business Continuity Plan and Disaster Recovery Plan to safeguard our organization and the clients we serve in the event of a disaster.
We also provide Backup as a Service and Disaster Recovery as a Service to help organizations better prepare themselves.
Often times, disaster recovery and business continuity get wrapped up as one concept. But they are distinctly different. Business continuity focuses on answering the question “How will we continue to be able to operate – and at what capacity – in the wake of a disaster?” Disaster recovery, on the other hand, relates to retrieving your data.
You can have a solid disaster recovery plan and still not be able to operate. It is the business continuity plan that outlies access to applications and the tools. In my experience, organizations don’t fail because they don’t have the data. They fail because they lack the business continuity practices.
Here’s a look at five of the steps to take to begin building your business continuity plan:
- Inventory and rank applications.
Begin by listing all the applications your organization uses to operate and then rank them in order of importance with #1 being the most critical. Take the time to outline all the applications you use to operate. You likely have far more than you think. Be sure to engage all departments in the process.
- Identify your business-critical applications.
It is too expensive – and not necessary – to replicate all your applications to ensure access in the case of a disaster. At Marco, we have over 150 applications we use for varying purposes and we have identified five as essential to continuing minimal operations. How will you ensure they are accessible? The evolution of cloud services is increasing accessibility – and the related cost – for many.
- Outline the tasks.
Go beyond what tools you need to operate to map out the specific tasks you will be able to complete – or not – during a disaster. Break down processes into specific steps. Then determine what steps can be done remotely, which ones would need an alternate site and which ones are not possible in the wake of a disaster. For each task, identify a person (and a backup) that is responsible for doing the task in the case of an issue.
- Determine your mission critical roles.
Who are the people that you will need to perform the tasks? Based on tasks performed during and after a disaster, identify who will continue working and where, and map out a decision tree. In most cases, many employees will be sent home. Be sure your employment policies outline how you handle these circumstances.
- Map out scenarios.
What significant business disruptions could impact your organization – internally and externally? Internal disruptions affect only your organization’s ability to communicate and do business (i.e. building issues). External disruptions relate to natural disasters, power outages or criminal attacks.
Go deeper to think through scenarios at each of your locations. An outage at your organization’s main office, for example, likely will have more implications on other offices and the steps you take afterward will look differently. For example, building access may run from the main office. So, if the main office goes offline, employees may not be able to access other locations. Marco currently has 46 locations in 8 states. It’s very likely that the disaster is only affecting a limited number of employees. Although, a disaster in one community could have a nationwide – or worldwide – impact on your organization without a business continuity plan.
It’s also valuable to include the communications you would send out to customers and employees in the event each scenario occurs. It’s easier and more effective to write it now and then edit and send it later, than worry about this critical communication in crisis.
The most important step you can take is to test your plan. It can be nerve-racking to turn off your network, phones or another piece of technology to ensure the backup plan automatically steps in, especially when you are a hospital, financial institution or e-commerce retailer. If you don’t test your plan, it will test you.