Suppose you’re running a very successful business with employees who depend on you for their livelihood. If a crisis were to happen – a tornado, fire, or intentional harmful act – would you be able to recover and put people back to work in a timely fashion?
Here are seven measures that can help to protect your business and prepare it for the worst-case scenario.
7 Point Business Continuity Preparedness Checklist
- Know your natural disaster risks.
You may be at risk for earthquakes if your business is in certain parts of California. In Florida, hurricanes. New Orleans, floods. Ohio’s typical disasters include flooding, thunder, lightning, tornadoes, winter storms, extreme heat, and fire.
- Develop two plans and policies –Disaster Recovery and Business Continuity
A Disaster Recovery Plan (DRP) is a documented set of procedures to recover and protect a business’s IT infrastructure in the event of a disaster covering all computers, software apps, the network, and login information. Ready.gov is an excellent resource for planning and preparing to manage workplace disasters.
The Business Continuity Plan (BCP) is creating a strategy by recognizing threats and risks facing a company to ensure personnel and assets are protected in the event of a business disruption.
- Schedule training, including security awareness training.
Once you have the plans written and implemented, schedule training about the policies and how to avert and react quickly to problems; for example, you may want employees to have a centralized number to call or text if they see something suspicious or if someone is acting out of character. Remember, disasters can range from man-made problems (active shooter, bomb threat) to Acts of God.
- Define your tolerance of downtime.
Most businesses can only be down for 24-72 hours before losing significant revenue. Prioritize your system applications, so your IT staff knows what to focus on first. Define your apps as Tier 1 (immediate), Tier 2 (8-10 hours), or Tier 3 (2-5 days) with identified tolerance for downtime.
- Do a complete inventory of your assets.
Write down a list and take photos of all your computers, furniture, and other assets at your office. Take a video of the company’s total assets, including leased cars and vans. Store the video and list on the cloud, at an off-site location, and with your insurance company for faster claims processing.
- Continuously update your emergency reporting matrix.
Know who is responsible for what and who will call employees, vendors, contractors, subcontractors, and the media. As people come and go, update the matrix and communicate the changes immediately. This is especially important if you have a mix of onsite and remote workers.
- Conduct an annual cybersecurity and physical audit.
Check the security of your network. Do you have a password policy? Do you change the router passcodes regularly? What about monitoring where people keep passwords relative to their workstations? Do you back up your system regularly to the cloud? Emphasize that all cybersecurity protocols need to be followed, or there are repercussions for not doing so.
Once a year, you must determine how easy it is to get into your parking lot and organization. Once individuals are onsite, who tracks their movements? How can you verify their identity?
Make sure to document any changes to the policy based on this audit and test any fixes you put in place.
“If you wait until a serious incident occurs, it is too late, and the costs and liability can be devastating. In addition, if you think it won’t happen to your company, think again and be prepared!” shares Tim Dimoff.
Need Help Putting Your Plans Together?
Even though you cannot forecast emergencies and threats, a proper plan can help protect your people and infrastructure from harm.
Invite Timothy Dimoff to give his Business Contingency Planning presentation to your organization.