One thing the recent global pandemic brought sharply into focus is that IT professionals have to expect the unexpected if they want their company to survive. COVID-19 caught many CIOs and IT managers flat-footed with regard to maintaining operations in a suddenly 100 percent virtual environment. In fact, a study by global consultancy firm Mercer found that 51 percent of companies did not have a business continuity plan in place pre-pandemic.
In many cases, there were too few laptops to go around, inadequate remote access security in place, and no strategy for dealing with the possibility of key team members being ill or incapacitated at the same time.
In today’s uncertain and highly competitive business climate, your economic survival strategy must include not only a disaster recovery plan but also a comprehensive business continuity plan. If your business does not have a well-tested plan in place to restore operations quickly when a disaster, outage, or complete 180 in your business model occurs, you could be left open to lost revenue, lost productivity, and reputational damage that could follow the company indefinitely.
What Should Your Business Continuity Plan Cover?
The main purpose of a business continuity plan is to ensure normal business operations are possible during or soon after a disaster or unplanned disruption. To achieve this, there are five main steps to creating and maintaining your business continuity plan so it is fully functional when you need it:
- Identify risks: Create a list of all potential risks and how they will affect normal business operations.
- Evaluate risks: Determine the effect each risk would have on the company’s normal operations.
- Mitigate risks: Implement and enforce risk mitigation policies and procedures to minimize the impact of risks on the business.
- Test the plan: Conduct scheduled and unscheduled dry runs of the plan to ensure key players are always prepared and that all essential systems are covered by the plan.
- Review and update the plan: Establish a schedule for plan reviews to ensure process, policy, and technology changes are incorporated quickly into the business continuity plan.
The Importance of a Business Continuity Plan Checklist
Today’s IT environments are highly complex. With so many moving parts, IT teams often sacrifice visibility, which can lead to undetected vulnerabilities and overlooked dependencies. To ensure all risks are considered and all systems are accounted for in the business continuity plan, it is helpful to create a step-by-step guide or checklist for preparing and maintaining your plan.
Here are the 10 steps every business continuity plan checklist must include.
1. Select a planning team.
This group will be in charge of initiating and managing the business continuity and recovery effort, so choose wisely. Be sure to include representation from up, down, and across the organization as well as from every department and business line to ensure every system and dependency are included in the plan and there is a wide variety of expertise available.
2. Take inventory of all technology.
You can’t protect something if you don’t know it exists, so it is crucial to make a thorough inventory of every asset. Include hardware, software, in-house devices, mobile devices, and any personal endpoints with access to the company network.
3. Draft an initial plan.
This will be your working business plan while the final plan is being revised and reviewed. During this step, your goals are to identify objectives and set goals, identify business-critical functions, and create a recovery strategy for all possible disaster scenarios.
4. Conduct a business impact analysis.
The business impact analysis will look at all the possible sources of a business disruption, such as cyberattack, natural disaster, and power outage; determine the likelihood of a particular event occurring; and measure how the disruption will affect operations, productivity, and revenue generation.
5. Train and educate employees.
A successful business continuity plan will include a role to play for every employee, so it is important to be transparent about the process. Provide training sessions so everyone knows who is in charge of what during a crisis, how communication will be handled internally and externally, and the appropriate points of contact.
6. Secure mission-critical info.
Protecting the company’s most sensitive data is a top priority for a business continuity plan. Implement data protection best practices such as segmenting the network, digitizing hard copies of documents so they can be easily stored off-site, and creating air-gapped backup copies that can’t be corrupted by ransomware.
7. Implement a backup strategy.
Secure backups aren’t just for confidential files. For a business continuity plan to succeed, all business-critical data, systems, and applications need to be backed up frequently with copies stored off-site, preferably in the cloud, and on a few different forms of media to ensure full recovery is possible.
8. Ensure there are failover/redundancy options.
Fire, floods, hurricanes, and other natural disasters can easily wipe out a data center. Be sure your data is stored in a facility that provides automated failover capabilities so operations can continue regardless of what is going on locally.
9. Create a communications plan.
Communication is critical during a crisis to maintain calm and confidence that recovery is underway. Your communications plan should include specific messaging targeting each different audience segment, including clients, staff, stakeholders, and the public. Be sure to tailor messaging appropriately for the medium (e.g., social media, website, telephone, and email).
10. Test and update often.
There’s a popular saying in the IT industry: “If you don’t test your business continuity plan, you don’t have a business continuity plan.” It doesn’t matter how much effort you put into a business continuity plan if you don’t ensure it works. Create a testing schedule to check that the plan does, in fact, allow business operations to continue, and spring surprise assessments on employees to gauge their preparedness. Conduct plan reviews and updates annually or after a major event such as a system update, software or hardware upgrade, security breach, or cyberattack.
A business continuity checklist is like a safety net for your recovery efforts. By taking a methodical, step-by-step approach to creating and testing your comprehensive business continuity plan, you will have peace of mind that a crisis or disruption doesn’t have to negatively impact revenue or customer confidence.
Learn more about protecting your organization from downtime in our guide Smart Strategies for Business Continuity.