The last five years have seen the rise of new and unforeseen risks, like the COVID-19 pandemic, the rapid increase of natural catastrophes and supply chain upheavals of unprecedented proportions.
In today’s business climate, the key to success and survival will be your ability to navigate during times of uncertainty and new challenges that can threaten your operations and even the viability of your organization. Many don’t make it: 25% of small businesses that are hit by disaster never reopen.
The smart players will have business continuity plans in place to help navigate a crisis, be that on a micro scale such as a fire at your business, or a macro-scale incident like a natural disaster or global supply chain disruption (such as the recent microchip shortage that’s disrupted the operations of thousands of companies worldwide).
Developing a plan does not have to be a major undertaking. If you use the right resources and approach it in a methodical manner, you can identify what you need to do to be prepared.
Creating the plan
A plan typically includes five sections:
Plan governance — A business continuity plan is usually managed by a committee that will define senior management roles and responsibilities. The committee is responsible for the oversight, initiation, planning, approval, testing and audit of the plan. It also implements, monitors and updates the plan.
Business impact analysis — Conduct an analysis that:
- Identifies your firm’s mandate and critical services or products.
- Ranks the order of priority of services or products for continuous delivery or rapid recovery.
- Identifies internal and external impacts of potential disruptions (like how long your company can function without a certain service or product and how long clients would accept its unavailability).
- Identifies areas of potential revenue loss and insurance requirements.
Plans, measures and arrangements — The committee should develop response and recovery plans that ensure continued operations for your enterprise. These plans should detail how your firm would ensure that critical services and products are delivered at minimum service levels within tolerable downtimes.
Continuity plans should be made for each critical service or product. Your plan should include the following five elements for each of them:
- Mitigating threats and risks: Ways you can reduce the risks that you are currently able to identify.
- Analyzing current recovery capabilities: Look at what plans you currently have in place and match them up against your risks.
- Creating continuity plans: Put together plans for how you would respond in case of a disaster or other threat to your business’s operations.
- Response preparation: This looks at what you should have in place now so that if a threat arises, you can execute your continuity plans.
- Planning for alternate facilities: Your team should identify facilities at which you could ramp up operations if your current worksite is unusable.
Readiness procedures — Once you have a plan, brief all staff on it and inform them of their individual responsibilities should you be faced with an event.
You will also need to train employees with direct responsibilities for tasks they will be required to perform, and be aware of other teams’ functions.
Quality assurance techniques (exercises, maintenance and auditing) — The plan should be reviewed regularly and amended as necessary (such as the identification of new risks). The review should uncover which aspects of the plan need improvement. Review the plan regularly to keep it robust.
Combine planning with insurance
While a continuity plan is essential, it should be combined with insurance. Typical coverages include business interruption, extra expense and contingent business interruption coverage.
You can use the business impact analysis to help decide which insurance coverage you may need, and the corresponding level of coverage. Some aspects of your company may be overinsured, or underinsured. Call us. We can ensure that you aren’t overlooking a risk, as well as that you have coverage for most of the risks you identified.
