One of the worst things that can happen to a small- or medium-sized business here in Baltimore is a major disruption. Imagine your business being hit by natural disasters like floods or hurricanes (which occur more often in Maryland, so you really need to be prepared) or human-made disruptions like bomb threats or a data breach. The resiliency of a business will depend on how quickly it can get back on its feet. That’s why every business should have its own business continuity plan (BCP).
What is a business continuity plan?
A BCP is a blueprint of what to do so that your company can respond to and recover quickly from a disruption. The BCP aims to make sure that your business continues to function, your assets are protected, and the impacts of the disruption on your employees, customers, and stakeholders are minimized.
A comprehensive BCP should cover things to do before, during, and after a disruption. However, changes happen all the time, and that’s why you should always review your BCP to ensure it’s always updated in response to the changes.
What to consider when reviewing your BCP
Reviewing your BCP can place an additional burden on your employees. So you don’t want the review to be done too often so that it becomes disruptive, but you also don’t want it to be too infrequent so that parts of your plan become irrelevant when a disruption occurs. The frequency of reviewing your BCP will depend on the following factors.
1. Spark events
Spark events are internal or external occurrences that trigger significant changes to your business, whether it be in your organization’s objectives, personnel, or resources. Examples of events that will spark change include:
- Structural reorganization due to mergers or takeovers
- Modifications in operations
- New products and services offered
- New regulations introduced
- Changes in customer requirements and habits
Such major developments will affect your BCP, so you need to review and assess your plan to make sure it’s up to date with your organization’s needs.
2. Testing your plan
It’s important to test your BCP so that you can identify gaps in the plan and spot potential improvement areas. Of course, testing your BCP means time and resources away from your regular operations, so it’s best to plan this well so that testing your BCP does not become a disruption.
3. Risk assessment
Knowing what possible threats and vulnerabilities your business faces is necessary when coming up with a BCP. Similar to testing your plan, risk assessments allow you to identify inadequacies in your BCP. The kinds of threats will affect how often your plan needs reviewing.
4. Feedback from stakeholders
Your business’s stakeholders are your employees, partners and investors, and suppliers. They are the ones who are immediately affected by your BCP, so it’s also important that you consult them during the planning or, at the very least, include their needs into the plan. And every time you need to update your BCP, you also need to get their feedback on the changes.
How often should you review your BCP?
The short answer is it depends. Each business is different and the circumstances that affect them are also varied. However, experts recommend the following timetable:
- Every six months – Create a high-level checklist of all your critical functions and the objectives of your BCP to see if they are still aligned. If not, then this is the opportunity to address any gaps and work on improvement areas.
- Every year – Conduct a checklist test of all other functions to address gaps and areas for improvement. Experts also recommend conducting an annual emergency drill to see if the staff knows what to do. This is a good opportunity to check if new hires are aware of the company’s BCP protocols.
- Every two or three years – Simulate a disaster/disruption, and go through the whole plan from beginning to end. This is a major drill, making it much more comprehensive than an emergency drill.
- Unscheduled BCP review – On a case-to-case basis, you can conduct a BCP review when your organization experiences a spark change.
Do all of these seem daunting to you?
Let us relieve you of the burden of having to worry about preparing your business for any major disruption. Our IT specialists at NetQuest will take care of your business continuity plan and disaster recovery solutions, so you can go back to what you need to focus on most: running your business. If your business is in and around the Baltimore, Annapolis, and Towson areas, contact us now.
