While you struggle to recover, your customers struggle to deal with the loss of your services. No matter how much they value your company, they need their supplies or services. And, if you're not prepared to deliver, your competition will.
But you can avoid this scenario if you prepare for the worst and develop a business continuity plan. Doing so requires a systematic approach, dedicated resources and support from each department. Your plan must address your company's specific operations and processes.
Here are some steps to help get you started.
The first step to any plan is to identify the project as a key business initiative. Appoint a lead person and dedicate the time needed to complete it.
This should be a full-time assignment. A lack of dedicated resources and commitment will doom the process.
Next, run what-if scenarios and see how your firm responds. Examine your processes, facilities, supply chain and infrastructure for these features.
* Threats. Determine what catastrophes may be in store for your company. What can damage from these events do to your operation, and how long would the impact last?
* Assets. Identify all the fixed assets, such as buildings and equipment, as well as intellectual property, goodwill, competitive advantages and other intangibles that are threatened.
* Controls. These are the existing systems, policies, devices and safeguards that address the threats to your assets.
Once you have this information in hand, you can close gaps that have obvious or immediately available solutions and determine a longer-range solution for addressing the others.
Analyze business impact
The risk analysis process can produce a dizzying array of potential threats. By analyzing business impacts, you can evaluate the threats and establish a hierarchy based on each level of business impact.
These include operating, financial and legal/regulatory impacts. Threats should be assessed by the impact of a loss and your tolerance for that impact. There will be losses that cannot be tolerated and those can be managed for some period of time.
Plan recovery strategies
Determine what resources will be needed and where they can be found. Also, are sufficient resources available within the organization, or is outside assistance needed? If you need to go outside, where will you go?
Don't forget the recovery and protection of vital data -- this is key to your company's survival. Analyze where the vital records are kept and how often they are backed up. Also, do you know how long it will take to retrieve and restore them?
Document the plan
Next, incorporate basic items into your plan, including what threats will activate it, a chain of command and specific duties and actions that will be taken to address the threat. Checklists to follow and resource data should be available, as well.
Phone numbers, names and addresses are critical to securing resources early -- you must get immediate access to supplies and materials that may become unavailable.
And, because you're planning for a crisis, assume the loss of the person with the plan or the system on which the plan is stored. Therefore, once your document is completed, print it off and distribute it to all key personnel.
Even the most comprehensive plan, if not rehearsed, is, at best, another binder for your office. Without exercising the plan, you will never know the weaknesses that need to be addressed, nor will your staff understand or recognize its value.
Maintain the plan regularly. As staff, suppliers and customers change, so, too, should your plan. Schedule periodic reviews of each section to ensure it is kept current.
And remember, success favors the prepared. Be prepared and be successful.
Chris Beckman is a certified fire protection specialist and a risk control consultant with 18 years experience in the insurance industry. He has experience as a life safety and security manager for commercial developers and has served on his community's fire department for 20 years, 11 of those as a chief officer. Reach him at firstname.lastname@example.org, (859) 578-3506 or www.sksins.com.