In the hyper-connected, cloud-enabled, software-defined world that is modern business, most organizations have found themselves woefully under-prepared for disasters of any kind. One of the keys to a business’s survival during times of hardship is the Business Continuity Plan (BCP). A vast majority of organizations have one and believe it to be effective, but is it?
If any organization can (and must) weather the proverbial storm of disruption, it’s Google. They mastered the all-in Business Continuity Exercise. Known internally as a DiRTy Exercise, they know the value of introducing chaos into an otherwise orderly set of systems. The scope of their testing is previously unprecedented. Their result are legendary. You can read more about how important DiRT is for Google here.
So, you’re not Google. BCP is still important. Here are six key non-IT functions and processes that we’ve distilled from Google’s best-practices that you need to be in place to ensure your company is ready to effectively survive the unexpected.
Easy to use plans
Many continuity plans have been developed mainly for the IT department, as such, they can be a little complicated to understand and follow if employees don’t have a technical background. You should aim to have a plan that’s easy to follow and can be understood by all employees.
Remember that your plan encompasses all facets of your organization. It’s crucial that every employee knows their role and the relevant actions to take when the plan is executed. To do this, you need to ensure that all employees have access to a copy of the plan and any changes or updates are clearly communicated.
Beyond communication, it’s important to conduct regular tests, with every quarter being sufficient. The tests should be as real as possible and span all departments within the organization. This will ensure that employees are aware of how they, and the systems, will react under duress. It’ll be beneficial to your business if the first time the employees execute the plan isn’t during an emergency.
Short term and long term plans
Your BCP should consist of both long term and short term elements that can be easily adapted to meet changing business environments and the emergence of new threats. You should aim for an even mix of short and long term solutions that cover as wide a variety of situations as possible.
Ensure buy-in from all levels
If you’re in the process of instituting a BCP you should ensure that the whole organization is onboard with the plan. If an employee is unsure about the validity of a part of the plan, take the time to find out why and ask for suggestions. An uninformed or uncooperative employee could be the difference between survival and failure in a disaster situation.
Update and Review
After every test, staff turnover and technological update, you should review the plans and make changes if necessary. Essentially, if anything in the company changes, review and update the plan. Remember: just because you have an effective plan this month, doesn’t mean it’ll be so in the future.
Continuity plans are only as strong as the weakest link. In an emergency, the last thing you want is an employee following the wrong process or be unsure of what they should be doing. If this happens, you could see an exponential growth in recovery time and costs.
We do this type of DiRTy work all-the-time! We have blogs about it, have been published on the topic, and love seeing the results in hundreds of satisfied clients. If you have specific questions or would like to have an expert take a fresh look at your Business Continuity Plan then please Give us a call or drop us a note!