Business Continuity Planning: Lessons from a Crisis

The unfortunate truth is that more business continuity planning happens after a disaster, than before one.

We originally intended to publish this article on business continuity planning in February 2020, following the recent bushfire impact on businesses. But we felt it was ‘too soon’. Yet just a few months on, all of us have been faced with another threat. The lesson is that waiting for things to settle down before preparing for new challenges, can invite the unexpected.

The COVID-19 crisis has again demonstrated that similar businesses, in similar industries, have been affected very differently by the same disruption event. Which is why the aim of business continuity planning is to ensure that when ‘business as usual’ no longer applies, the result is decided more by good management, than good luck.

While the immediate focus for managing the COVID-19 shock needs to be on cash, customers, and staff. As soon as possible, there will be no better time to develop plans to reduce your main business risks.

With so many businesses in a vulnerable state, few can afford another major disruption to occur without adequate plans in place.

Risk assessment

The starting point for any business continuity planning is to identify any short term risks that could prevent you from trading. Once the immediate threats have been addressed, longer-term risks such as industry changes can be assessed. Key risks will differ for every organisation, but they can include:

• Access to funding sources
• Key staff or skills loss
• Power supply
• Dependence on major customers and/or suppliers
• Industry disruption via a new competition model

With businesses being even more reliant on their IT systems now, extra attention should be given to the risk and contingency plans for:

• CyberSecurity breaches
• Telecommunications
• Access to company systems and data

For more details on items and actions you may need to consider, download our Essential Business Continuity Checklist.

When assessing risk, a good place to start is to talk with your key suppliers about how they would react to a significant failure, and how long it will take you to resume normal trading. If you don’t like the answer, you need a better plan.

Readiness planning

Once you’ve identified the key risks, you will need to chart a path for recovery. It’s vital to ensure your team members and key suppliers are on-board with the action plan. Key elements of the planning to be very clear on are:

• What triggers a disaster response
• What to do
• By whom
• In what order of priority
• In what timeframe

For example, if your datacentre is flooded, your plan should include when to notify your supplier that you require disaster recovery instead of accepting a normal response. What are you and your IT company each responsible for? What data and systems need to be accessible first and by what methods? And what SLA’s and systems are in place to ensure you can be back up and running within expectations?

Recovery

Once you have a recovery plan, it’s the execution that counts. Management and staff change. Suppliers change. Do they know where important documentation is? Will they be able to access it? Does the plan need to change to suit new circumstances or solutions?

The only way to be sure that your people and suppliers know what to do when under pressure, is to train and test, and to do both regularly.

A small upside of the current COVID-19 crisis is those who can work remotely, should be much better prepared to do so again. Documenting what worked, what didn’t, and what you would do differently is a good starting point for a remote work continuity plan.

Today, in the midst of the current crisis, business survival is the priority. But there will never be a better time to review your plans to ensure your business is protected against other forseeable risks.