What would happen if a tornado hit your distribution center? If a key person or piece of technology is
knocked out for an extended period? If a snowstorm kills power to headquarters? Is your business ready to cope intelligently and systematically with a business interruption?
One way to be sure your business is ready is to have an updated contingency management plan ready for use.
“There is no silver bullet,” says Rod Keeley, business continuity manager with Westfield Group. “But having something is better than having nothing.”
Smart Business asked Keeley for more information about planning for business interruptions.
When did contingency management become such a hot button for businesses?
It started with Y2K, the computer software compatibility issue back in 1999. People began to realize that a single issue could totally disrupt their business. Then came September 11 and storms like Hurricane Katrina.
What is the first step in building a plan?
Create a business impact analysis (BIA). This is a survey to help you identify where your risks and vulnerabilities are. It also highlights ways to mitigate the risks.
Look at your business as a whole, not just information technology and computers. In our case, we have identified 17 business-critical departments in addition to our information technology department through our BIA and contingency plan.
Is this disaster recovery?
Business continuity is for business operations and processes. Disaster recovery is for the information technology and telecommunications that support these business processes. In our case, I have a peer on the IT side and we work together.
Where do you start?
We look at the biggest risks that could
impact our business. As an insurance company, we have that mindset as part of our culture. We look for ways to identify and mitigate risk. Contingency management is really just another part of your overall risk management program, and you should give it the same attention you would your insurance coverage or risk control measures.
It is important to get buy-in from the top down. The executives and department heads need to be fully committed. Sometimes you run into someone who will say, ‘We’ve been here 150 years, nothing has happened, what’s the risk?’ But stuff happens every day.
For us, it was not a hard sell since we sell protection. But you have to get that buy-in from the top.
What do you look at?
The question to answer is, ‘How will we recover from a disaster?’ We look at technology to help us communicate internally, with the media, our customers and our agency partners. We always plan for the worst case … but it is often something much less disastrous that will trip the plan; a weather incident, for example, that shuts down the system.
Any business interruption should trip the plan. It does not need to be a worst-case crisis or major emergency. Even a power outage or security breach is covered.
Next, look at what will be affected your financials, brand image and ability to serve customers. Then find ways to close the gap.
And how do you close the gap?
We have a plan for each of our critical units, with manual work-arounds for every contingency we can think of. It has a list of steps to take, who to contact, what needs to be done. For computers, you can look at services that replicate the data center off-site. Depending on your needs, that might be 20 miles away or 100 miles away. This allows you to mirror or back up your data on a daily, weekly or monthly basis. Obviously, that requirement will change if you are a financial firm, a hospital, or a plumbing supply outlet.
It may sound trite, but you need to take a holistic approach to the business and what needs to be protected. Look for any vulnerability that will impact your ability to continue to support your customers.
Are there places to go for help?
One good group is the Contingency Planners of Ohio (www.cpohio.org). I attend their meetings regularly. There are similar groups in other states.
How long does it take to get started?
It’s an ‘as-soon-as-possible’ job. Get executive buy-in and then start writing the plan. Start with each department and look at its business processes. Re-examine the business processes every time a new group or focus is added to the business, then test how well each part of the plan works.
ROD KEELEY, certified business continuity planner (CBCP), is the business continuity manager with Westfield Group. Reach him at (330) 887-6438 or [email protected]. In business for more than 157 years, Westfield Insurance provides commercial and personal insurance services to customers in 17 states. Represented by leading independent insurance agencies, the product we offer is peace of mind, and our promise of protection is supported by a commitment to service excellence. For more information, visit www.westfieldinsurance.com.