Disasters come in different shapes and sizes – Awareness and Planning are the keys to your Business’ Recovery.
There are so many ways that your business can be impacted by disaster – here are just a few to consider when creating a Disaster Management Program and starting the Planning phase of the project.
Significant Natural Disasters might include Super Storm Sandy, the winter storms we’ve experienced lately, Tornadoes, Hurricanes, Forrest Fires, Power, Phone, and Internet Outages. There are also smaller disasters that can hit at any point like a fire in your office building, a hot water leak that results in flooding, an issue at an adjoining business that impacts your business, and, disasters that hit your customers and vendors which in turn impact your business.
When and how do you plan for such disasters?
If you have a plan – when was the last time your reviewed it?
If you do not have a plan – get started today!
- Designate an individual who will be responsible for overseeing the Program Management and Initial Planning for your Disaster Recovery.
This individual will:
- Define the scope of the plan
- Create a timeline for the plan
- Clearly define the expectations of the plan
- Identify department personnel responsible for assisting with the overall Business Impact Analysis
Items to be included in the scope of the plan:
- CEO Succession Planning
What is your succession plan if the Principal(s) are incapacitated?
Who has authority to make and communicate decisions?
- Business Impact Analysis
What is absolutely required to keep the business running regardless of the type of disaster?
- Review each business function for example
- Sales representatives use phones and computers to communicate with customers – what if the phone lines are down and the Internet is out?
- Delivery is made using major highways that were destroyed by a storm or earthquake – how will deliveries be made?
- Your inventory was in a warehouse that was destroyed by fire or a hurricane – how will you re-stock to meet customer orders? How fast must this happen in order to keep your customers?
- Assign an impact type and value to each business function. These can be charted and ranked:
- Functional Area (e.g., Accounting, Human Resources, Purchasing,
- Function Name (A/R, A/P, Website, Payroll, Vendor Relations,
- Purchase Orders…)
- Risk Type Code: Financial, Customer, Regulatory (if applicable).
- When will impact be felt? Immediately, Within Hours, Within Days
- Up to One Week, After Two Weeks etc.
- Customer Impact: None, Low, Medium, High
- Financial Impact: None, 0 to 10K, 10K to <100K etc.
- Recovery Time – create sensitivity code to suit your business
- Alternate Site – Identify specific locations
Once this phase of planning has been documented you can allocate the funds required for your systems and facilities insuring that your business is ready for whatever nature or human disasters might arise.
Come back next week for more tips on how to Implement your Disaster Management Program.
Useful Books on Business Continuity and Disaster Recovery
By Wallace and Webber (Amacom 2010)
Protect vital operations, facilities and assets
The Definitive Handbook of Business Continuity Management
By Andrew Hiles (Wiley 2010)
A classic guide to business risk management and contingency planning, with a style that makes it accessible to all business managers
- Data & Information Technology: employee contact info, payroll, customer data, vendor data, web site content and administration etc.
- Communication: phone, email, fax
- Documentation: contracts, licenses etc.
Once this evaluation is completed, determine if additional equipment is required to insure redundancy, or, what services might be required from an outside vendor. Next Steps:
- Purchase and deploy necessary equipment or contract with a vendor and insure that employees are aware of system back-ups
- Document any changes in procedures required that affect particular departments to insure that all data is synched
- Create and document any new procedures required as the plan is implemented (who will insure data back-up, adds or drops to employee contact list etc.)
Insure that your company has a working relationship with law enforcement, local or regional emergency service organizations, and contractors and vendors like Wilmot Modular that can respond to your business disaster quickly. Establishing an ongoing relationship prior to a disaster will insure that the lines of communication are clear and that response times are decreased – you won’t have to explain who you are and what you need.
Now that you’ve clearly articulated and implemented the plan the next step is to educate and train your employees and to identify where the contents of the plan will reside, how it will be accessed, and what final precautions need to be taken in order to insure that critical information is secure and accessible.
There is a great deal of helpful information available with a simple web search. For a nice snapshot of implementation steps with further explanation you may want to view this presentation:
Our next article will focus on creating exercises and testing your plan to insure that your team is fully trained and informed should you need to execute your disaster recovery plan.