6 Tips for Creating Your Business’s Disaster Plan
Jennifer Post
Disasters happen. While they can’t always be avoided, they can be prepared for. So can other disasters, such as data loss or fire. In the case of any disaster, it’s important, as a business, to have a disaster recovery plan and/or business continuity plan in place for whatever is lost, whether it is data or physical property.
What Is a Business Continuity Plan/Disaster Recovery Plan?
While there are differences between the two, some companies merge them together into one team.
“A business continuity plan (BCP) is a defined, documented strategy designed to help business owners and their employees prepare for any event that may disrupt business operations, including natural disasters, single-building fires or floods, supplier outages and more,” said Mick Whittemore, vice president of IT enterprise operations at Paychex.
On the other hand, a disaster recovery plan (DRP) describes how to resume business operations quickly and is typically applied to details-level planning of an organization’s IT infrastructure and applications. The plan should enable IT to recover enough data and system functionality to operate the business, according to Whittemore.
Why Does a Business Need One?
Very simply, if a business wants to continue operating as usual after a disaster, it needs a BCP and a DRP. “With the proper planning, the loss can be a bit less devastating, and in some cases, you could even prevent certain damaging situations from happening. A disaster restoration and business continuity plan can significantly reduce the effects of a loss,” Jay Shelton, senior vice president of executive risk at Assurance told Business News Daily.
What Factors Should Be Considered?
There are many factors that need to be considered for either plan. Shelton breaks it down:
1. Establish a Planning Team. This team of employees or volunteers is responsible for the development of the emergency maintenance plan.
2. Set Goals. Identify goals for what your plan is going to accomplish and establish answers to questions like, “Where do we relocate?” and “Whom should I partner with?”
3. Analyze Capabilities and Hazards. Gather information about current capabilities and possible hazards and emergencies.
4. Develop Action Plans. Each type of possible disaster should have its own action plan. This helps a potential contractor understand what's needed and how to begin work immediately following a disaster.
5. Create Written Documentation. This should include backup protocols.
6. Ensure Everyone Is Familiar with the Plan. All staff members, from management to maintenance, should understand the plans. Integrate plans into company operations and employee trainings.
DRPs should have before, during and after sections. This allows you to identify potential proactive measures, plan for response during the event, and think through recovery steps, such as possibly relocating operations to alternate facilities, according to Scott E. Smith, certified risk manager and vice president at Chubb Risk Engineering Services.
The plans could also be broken down based on departments or areas of business.
“They are really a collection of plans. There will be an IT plan, the manufacturing plan, the engineering plan, the facilities plan, the sales and marketing plan, the communications plan, etc. Each plan will have a checklist of steps to be taken in advance (for a BCP) or after an incident (for a DRP),” said Matthew Bradley, regional security director of the Americas at International SOS.
How and When Should Employees Be Trained?
Employee knowledge is a big step in creating a BCP or DRP. This means that all employees must be trained on how to put the plan into action.
“Employees need to be informed about their roles and responsibilities in support of any recovery effort. They should be trained when the BCP is first developed and then refreshed every year as the document is updated.” Whittemore said.
While existing employees benefit from training at the time the plan is created, incoming employees need to be informed about the process.
“Employees should be trained on the plans once they arrive at the company,” said Bradley. “Many companies use simulation exercises or drills to implement parts of the plan to ensure critical infrastructure is working.” Bradley added that using e-learning to introduce the plan is fine, but the best practice is to simulate the plan at least once a year.