What if your business is impacted by a natural disaster or your offices are suddenly closed due to unforeseen circumstances, say, a global pandemic? What's next? Is your business built to weather these storms? While nobody likes to think about the worst case scenario, planning ahead and putting together a Business Continuity Plan (BCP) will ensure that your organization is prepared for anything.
While my company has had a BCP in place for years, COVID-19 provoked us to ensure that we had an actionable, pandemic-specific plan readily accessible. After creating our initial BCP and adjusting it to apply to our current reality, we felt our experience could be beneficial to other organizations, so we're sharing our process.
Start from Scratch
In computer science, if hardware or a network has been partially destroyed or rendered inoperative, there's a limited function necessary to keep it going – that process of how the machine or system shuts down is called "graceful degradation." So, in a pandemic where your people could be out due to illness or permanently gone, you can apply the same question to your business: How do you degrade gracefully?
Start by evaluating the most critical functions of your organization that are needed in order to remain in business. Think of it like this – what is the thing that is 100% necessary to your business operations, what is the last thing you can discard before your doors would need to shutter? Once you've settled on these critical functions, work backwards. What do you need in order to keep these functions, well, functioning?
For our business, we determined that our most critical function was maintaining service for our existing customers. While adding new customers is important, it was not deemed the most critical in times of crisis, so we prepared for a scenario in which our current customers were our only priority.
From there, we imagined a scenario in which our global workforce of over 660 people was cut to just 10% of our original staff (unsettling, I know). We determined a plan for how to continue to service our customers with a sudden, undeniable strain on our workforce. Ask yourself, what is the minimum number of employees your organization needs to guarantee you can maintain your critical functions? Identify that number and continue to work backwards.
Bulletproof Your Critical Functions
Whether you plan for a scenario where 10% of your employee base needs to be cut, or only 10% will remain, you'll need to assess whether the remaining employees can protect your critical functions.
Take for example, when adjusting our BCP to address concerns related to the COVID-19 pandemic, we considered a scenario in which all of our Seattle-based employees were suddenly ill, leaving the remaining workforce unable to complete a critical function. To avoid this, we implemented what I like to call the "hard drive tolerance" approach to cross training. To be considered fault-tolerant, hard drives are designed to have their data backed up in five different places, resulting in five different copies. With this in mind, we made plans to ensure that five people, all located in different areas, each understood how to perform specific critical functions. If your organization is unable to rely on separate geographic locations, I recommend considering cross-training staff within different departments.
Update Your Plan Regularly
As your company evolves, your BCP should evolve too. Once you've completed an initial BCP, your team should revisit the plan twice a year to make any necessary revisions and keep it up to date. An outdated BCP will only cause further complications and stress when your company needs to reference it. During times of crisis, I recommend updating your BCP on a more frequent basis, about once a month.
Identifying your business critical functions and the steps and number of employees it will take to keep them operational will strengthen your organization during times of crisis and beyond. From personal experience, I can confirm that a business continuity and actionable pandemic plan will make your organization stronger. Your teams will gain a better, more comprehensive understanding of their function and their greater impact on the company, your management will learn clear and actionable communication skills during an emergency, and your employees will rest assured that your organization is prepared to weather any storm.
While the hope is for a BCP to remain untouched (aside from the occasional updates), creating an actionable continuity plan will ease stress amidst disaster and help to ensure that your business can keep its doors open.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Cybersecurity Home School: Garfield Teaches Security."