You’re running a very successful business with hundreds of employees who depend on you for their livelihood. If a crisis were to happen – a tornado, fire or act of terrorism – would you be able to recover and put people back to work in a timely fashion?
Here are seven measures that can help to protect your business and prepare for the worst-case scenario.
7 Point Preparedness Checklist
- Know your risks.
If your business is in certain parts of California, you may be at risk for earthquakes. In Kansas, tornados. New Orleans, floods. Know what your risks are and if there are certain times of year you are more susceptible to them.
- Develop two plans and policies –Disaster Recovery and Business Continuity
A Disaster Recovery Plan (DRP) is a documented set of procedures to recover and protect a business IT infrastructure in the event of a disaster. This covers all computers, software apps, the network and login information.
The Business Continuity Plan (BCP) is the creation of a strategy through the recognition of threats and risks facing a company to ensure personnel and assets are protected in the event of a business disruption.
- Define your tolerance of downtime.
Most business applications can only be down for 24-72 hours. Some require less time while others can go longer. Prioritize the applications so your IT staff knows what to focus on first. Most businesses define their apps as Tier 1 (immediate), Tier 2 (8-10 hours) or Tier 3 (2-5 days) with identified tolerance for downtime.
- Do a complete inventory of your assets.
Write down a list of all the computers, furniture and other assets you have at your office. Take a video of the entire assets of the company, including leased cars and vans. Store the video and list off-site.
- Continuously update your reporting matrix, in the event of an emergency.
Know who is responsible for what and who will call employees, vendors, contractors, subcontractors and the media. As people come and go, be sure to update the matrix and communicate it out to the troops on a real-time basis.
- Schedule training, including security awareness training.
Once you have the plans written and implemented, it is important to schedule training about the policies and how to avert and react quickly to problems. For example, you may want employees to have a centralized number to call or text if they see something suspicious or if someone is acting out of character. Remember, disasters that occur range from man-made problems to Acts of God.
- Conduct an annual security audit and annual penetration test.
Check the security of your system. Have employees been forced to change their passwords into super strong ones? Have you changed the router passcodes? What about monitoring where people keep passwords relative to their workstation? Be sure all procedures are followed; reprimand those who are not following the protocol.
Once a year, you need to determine how easy it is to get into your parking lot and corporation. How quickly can visitors enter the parking lot and facility? Once they are on site, who tracks their movements? How can you verify their identity?
Make sure to document any changes to the policy based on this audit and test. Fix any and all weaknesses identified in the system.
Need Help with Planning? Call Timothy Dimoff!
Even though you cannot forecast emergencies and terrorism threats, a proper plan can help protect your people and infrastructure from harm.
Invite Timothy Dimoff in to give his Business Contingency Planning presentation to your organization and learn in greater detail about the items listed above. Please contact Tim at firstname.lastname@example.org for more information.