Anyone with a good memory of the past 25 years can recall several events that impacted businesses for at least a few days, some permanently. Earthquakes, terrorist attacks, wildfires and violent storms all served notice that business as usual doesn’t go on forever. To remain operating after disruptive events, companies must have a business continuity plan (BCP) in place ahead of time.
Fortunately, modern technology makes continuity easier to achieve than it used to be. The popularity of cloud service providers (CSP (News - Alert)) for phone service or data centers is not only convenient; it also provides a measure of protection from disasters. Backups, redundancy and off-site locations of CSPs keep businesses running when normal facilities won’t.
But having a good BCP goes beyond protecting information assets. A company must continue to function in spite of major disruptions.
Regulators from the SEC (News - Alert), Commodities and Futures Trading Commission and FINRA recently developed some best practices for financial firms to follow to avoid. They include setting up alternate office sites, remote access to office networks for employees, providing upgraded contact information and using backup communications methods to reach staff.
The process doesn’t end with creating a BCP; companies need to keep their BCPs up-to-date. Technology improvements mean systems under the BCP should be upgraded. Regulations also change and as a matter of compliance, BCP plans will likely have to change too.
Like any new software rollout, dry runs need to be performed under stress to ensure that a BCP is likely to work in the adverse conditions of a disaster. It should also be a part of employee training and the training should be done regularly.
Most companies probably do not have to worry about a sophisticated BCP like a bank, brokerage firm or stock exchange regulated by a federal agency would. Some BCPs may consist of nothing more than waiting for power to be restored or for the roads to open. If your company is somewhere in between, it’s best to have a plan, test it and familiarize employees with it and revisit it fairly often. Things won’t go well if the first time anyone looks at the BCP after its creation comes the moment a disaster strikes.