Prepping for disaster needed by all businesses In the past, large corporations planned for disasters by backing up their information, stored information off-site, and built redundancy into their process. That was the early beginnings of disaster planning & business continuity. Small businesses relied on their own ingenuity. Today, we now know that information recovery is not the only business continuity function that needs to be addressed.

Businesses must plan for the well being of their people, keep their customers and vendors satisfied, and maintain a positive and profitable reputation. Business Continuity is linked to risk management, physical security, emergency management, public sector agencies, telecommunications, supply chain and essentially every other critical operating function of their business. It's direct and indirect relationship with more traditional and established business functions is becoming more apparent. Business Continuity is fast becoming a mainstream issue.

Making the case for disaster preparedness is the simple part. According to the Information Security News Magazine (2000), an effective BCP and disaster recovery plan can reduce losses by 90% in the event of an incident. In the case of fires, 44% of businesses fail to reopen and 33% of these failed to survive beyond 3 years. Fifty percent (50%) of the businesses who suffer from a major disruption close their doors within two years.

Also, in order to effectively plan, businesses must consider a vast array of potential devastating threats and wide exposure that can result in a direct or indirect impact to their business. For example, it's difficult to tell just how credible and imminent a threat like the avian flu poses, therefore, to create a strategy designed to respond to a pandemic threat is wise.

The 9-11 Commission recognized the importance of Business continuity and disaster recovery planning as well. Representatives from the Department of Homeland Security (DHS), National Fire Protection Agency (NFPA) and other private sector preparedness organizations are now meeting to discuss programs that will guide small to mid-size businesses towards effective preparedness performance.

Legislation was signed into law August 3rd, 2007 that requires the U.S. Department of Homeland Security to provide for the development of a private sector led voluntary certification program for private sector preparedness. This program is to be developed in consultation with key stakeholders reflecting existing best practices and standards. The goal is to provide a method to independently certify the emergency preparedness of private sector organization including disaster/emergency management and business continuity programs.

Much of the certification discussion has evolved around mapping the core element for improved preparedness. Preparedness involves a defined methodology, program, process and/or system to address critical core elements. Many business need to understand this strategy in order to move forward. First there needs to be management commitment. A scope: program roles, responsibilities and resources need to be defined.

Risk Assessment and impact analysis is the next step. Prevention and mitigation follow, which encompasses evacuation planning, strategic planning, prioritization, objectives, targets, dependencies, and tactical plans for deterrence, readiness, response, continuity and recovery. Document, information and data control and backup is also key. This mapping will then bring the business to recovery. Awareness and testing are to follow with a maintenance program for future upgrades is important.

Five years ago, we did not know the importance of this mapping, nor did we understand the depth of business continuity. This new mindset makes sense. If our large corporations fail to meet obligations due to lack of materials, services or intelligence from these smaller entities, critical business is lost. How long can these businesses last without those critical factors? It is a true chain reaction. How many businesses, large and small can fail, before layoffs and business closings occur?

The cycle is evident, and large companies recognize their dependency on smaller companies. Discussions are also evolving around a standard that is implemented by large companies, where they require their supply chain vendors to have a continuity plan; it will be a price of doing business very soon.

The bottom line is creating a resilient organization. You do this by ensuring that your continuity programs are supported by a culture of continuous improvement, maintained by well trained people who routinely exercise their skill and develop ability to make good decisions under stress.

Developing partnerships to share information and pool resources is also important. Planners should seek and establish partnerships with their counterparts in government and industry. We have come to know that government cannot work alone and needs the resources the private sector can provide at the time of a major disruption. The private sector needs resources that only first response can provide. This understanding has been the catalyst for many private public sector collaborations and team work.

So if you're asking yourself when you should get started, it should be apparent. It is today that planning must begin. For those business owners who say, I have insurance or I can handle a disaster, keep in mind that many businesses hit by Hurricane Katrina held that same philosophy.

Good continuity management can make the difference -- and in the long run make a business more profitable. So don't let complacency dictate the future of your business when it comes to disaster planning. Be prepared to expect the unexpected!

Back to News