Alert & Declare: (877) 364-9393
Member Emergency Hotline
Emergency Hotline
Agility Recovery +

A recent Agility webinar explored the topic of resilience in organizations and how they can prepare for future crises.

The discussion was based on insights and trends from a recent survey conducted by the Conference Board's Business Continuity and Crisis Management Council and sponsored by Agility, featuring Enterprise Resilience Systems executive director Tim Mathews and Freedom Mortgage vice president of enterprise business continuity Nancy Valente.

The Pandemic’s Effect on Operational Resilience

The COVID-19 pandemic has had a significant impact on how organizations view operational resilience and the risks they face. A majority of survey respondents indicated that the disruptive events of the past few years have impacted their decisions to invest in operational resilience capabilities. "More than 90% said that threats are increasing," shared Tim Mathews, highlighting the growing importance of being prepared for various types of risks and events. Nancy Valente discussed the importance of organizations being adaptable and open to change, stating that resilient organizations can "fail and fail fast and pick themselves back up." Both speakers emphasized the need for constant learning and collaboration within organizations to help build resilience and adapt to new challenges. "Be a constant learner," advised Mathews, while Valente encouraged identifying "resilience partners" within your company and collaborating with them.

Remote Risks Growing with Hybrid Work

The survey results showed that remote work risks are a significant concern for organizations, with more than 60% of respondents indicating they were either extremely or somewhat concerned about various aspects of remote work. These concerns include reduced employee engagement, increased screen fatigue, and potential loss of internet connectivity or power. Tim Mathews pointed out the potential issues with remote work, such as the security of home networks and the impact on company culture. He said, "We have to realize that our executives may not see things the way we see." Nancy Valente added that productivity is a major concern for management, and organizations will need to find ways to maintain or improve productivity while supporting remote work.

Investments in Operational Resilience Expected to Increase

Respondents to the survey indicated that investments in operational resilience are expected to increase across a range of areas, with exercising and testing being the second most significant area of investment. This suggests that organizations recognize the importance of testing their resilience capabilities and learning from these exercises to improve their preparedness for future events. Tim Mathews emphasized the importance of exercising and testing, stating, "I'm a firm believer in exercising and testing. I think I've always said that if I had to choose between doing a BIA or doing an exercise, I'd rather exercise because I could learn more about what's broken and how to fix it in an exercise." Nancy Valente agreed, suggesting that organizations should take advantage of awareness weeks to promote preparedness and encourage employees to be more resilient.

Additional Insights

  • – Most respondents believed that the world is becoming riskier, with cyberattacks being the top perceived risk.
  • – Pandemic disruptions were seen as a major impact but not perceived as a significant future risk.
  • – There is a disconnect between practitioners’ confidence in their operational resilience capabilities and the perception of their executives.
  • – The scope and scale of operational resilience programs have increased and are expected to continue growing.
  • – Personal preparedness and community involvement are essential for creating a resilient organization.

Watch the full webinar here .

Agility recently hosted a webinar on Best Practices to Effectively Respond to & Recover from Disasters with training and customer solutions manager Kayla McMahan and recovery solutions engineer, Mark Norton. Below are some of the key takeaways.

Takeaway 1: Business continuity planning is a cyclical process that involves risk assessment and gap analysis to identify potential threats and create a plan for recovery.

Mark Norton explained the importance of business continuity planning , saying, "By funding a continuity plan, it's almost like you're funding a gap analysis that you can do to really quantify that level of risk and then go forward in making sure that you have the appropriate plan in place." He also noted that "business continuity as a subject matter or as a practice is cyclical in nature." Norton outlined the four key elements of recovery: office space , power for the office space , technology , and communications. He also discussed the importance of preparation and why securing recovery assets prior to an interruption is critical to a quick recovery.

Takeaway 2: Business continuity planning is an important step to protect businesses from unexpected disruptions.

McMahan explained that business continuity planning is an important step to protect businesses from unexpected disruptions. "One of the first things you can do to aid your business continuity planning is to perform a business impact analysis," she said. This analysis is used to identify the entity's critical business functions and determine the recovery time objectives . McMahan also outlined alternative business continuity strategies such as developing manual workaround procedures, reciprocal agreements, and dual usage space. Additionally, she suggested conducting a cost-benefit analysis to compare internal and external solutions and address supply chain issues. McMahan also explained that after a business continuity plan is created, it's important to test and exercise it. "We want to develop a program that meets the entity's business continuity program scope and objectives that we have. We want to develop a specific exercise or test schedule. You want to identify lessons learned and actions for improvement." She also suggested monitoring the progress of action items, documenting lessons learned, and communicating the results of the exercise or test throughout the organization.

Takeaway 3: Business continuity planning is an essential part of any organization’s risk management strategy.

McMahan highlighted the importance of minimizing operational downtime and protecting data, as well as providing a basis for a recovery plan and allocating resources for testing. "In a recovery situation, it's crucial to have a disaster plan that defines the highest prioritized tasks and this BIA accomplishes this for you." Norton noted that it is important to make sure the critical functions and risks are identified in the business impact analysis and that the four basic elements of the environment are in place for employees to perform. He also emphasized the importance of being proactive rather than reactive .

Though rural bank and credit union branches typically serve comparatively smaller communities than their metropolitan counterparts, remote and rural communities tend to rely on their local brick-and-mortar branches much more than city dwellers – making prompt recovery from an interruption that much more critical for those locations.

Physical branch recovery innovations like mobile recovery branches , quick-ship equipment , and rapid data recovery allow a branch to quickly restore most critical operations with relative ease. Still, broadband limitations in rural areas continue to present challenges for branches dependent on satellite connectivity.

Old Challenges

The Federal Communications Commission (FCC) establishes broadband minimum benchmark speeds for communications providers to ensure every community has adequate access to internet connectivity. Currently, the FCC standard is 25 megabits per second (Mbps) for downloading and 3 Mbps for uploading. Unfortunately, those speeds are far too slow to meet most small businesses’ needs. To address this issue, in July 2022, the FCC proposed increasing the benchmark to 100 Mbps for download and 20 Mbps for upload. This significant increase is still less than a professional office with at least 20 employees online would require for typical use, meaning many businesses and financial institutions in rural communities may still struggle to access the broadband connectivity they need to maintain critical operations.

How Connectivity Loss and Subpar Mbps Speeds Threaten Branch Resilience

  • – Inability to access and execute incident response plans, impeding both physical and remote branch recovery
  • – Compromises remote control and access capabilities
  • – Increases vulnerability to cyberattacks
  • – Inability to provide secured service to customers and members; loss of digital banking mechanisms, including ATMs

New Solutions

Technology has answered the call as the need for faster connectivity has increased. Smaller, more efficient satellites offer speeds up to 350 Mbps (and up to 40 Mbps latency) and are becoming increasingly accessible to businesses everywhere, including those in rural communities. Most impressive, though, is that some of these faster satellite solutions offer substantially easier setup and use. While traditional satellites require a certified technician and a lengthy on-site installation process, modern broadband recovery solutions can be shipped directly to a branch and set up in minutes without any previous experience or expertise required. These new portable solutions support faster recovery from connectivity interruptions and are more reliable and less vulnerable to severe weather and line-of-sight challenges.

Looking Ahead

Though the FCC’s proposed minimum benchmark speed has not been widely implemented yet, remote and rural communities can look forward to increased broadband speed availability soon. Roughly $42 billion in funding through the Federal Infrastructure Investment and Jobs Act will help states build new broadband networks in previously underserved, low-population areas. As businesses and financial institutions look forward to enhanced standard connectivity speeds and reliability, faster, easier-to-use branch recovery options are available now. Together, these advancements mean increased resilience for rural bank and credit union branches and sustainable access to critical community services for individuals in rural and remote parts of the country.

Business continuity planning is the process of planning for the potential issues that a company or business could face while maintaining operations. Creating and updating a business continuity plan is a cornerstone of successful businesses, and you should invest ample time and resources in ensuring that your plan is the best that it can be. Having a well-thought-through continuity plan in place ensures your business can recover seamlessly and be able to continue operations if there is an emergency.

Business Continuity Planning for 2023

As 2023 begins, it is important to start planning— and updating your business continuity plan is a huge part of that. Planning ahead ensures that you have a vision for your business moving forward and that you have the tools and resources in place to manage your growth and maximize success. Not sure how exactly to get started? Read ahead for practical steps and advice.

Perform a Business Impact Analysis

One of the first things you can do to aid your business continuity planning is to perform a business impact analysis. A business impact analysis (or BIA) explores the impact a widespread disruption would have on your business. Performing a business impact analysis is one of the best ways to start planning for the future. Doing so can help you find where there might be vulnerabilities in your operations and overall business model. It’s a great way to find and identify your business’s blind spots and prepare potential solutions. This can also assist with other essential business-related tasks, like budget planning and understanding hiring needs for the upcoming year. Planning ahead and performing a business impact analysis will save you lots of time and stress in any case.

Business Resilience

Part of planning ahead for 2023 should include solidifying your business’s overall resilience. Let’s face it— 2023 is a risky time to be operating a business. Think ahead about ways you can strengthen and solidify your business model. The world is more unpredictable than ever, and businesses need to be built to withstand it. Creating a business continuity and recovery plan will ensure your business is around for the long haul, allowing you to grow and invest in the future.

Disaster Recovery

It might sound obvious, but make sure you have a plan in place for disaster recovery as a part of your business continuity plan. Knowing and identifying issues is one thing, but dealing with them can be a different task. So, make sure you not only have a plan to identify risk, but also have a plan to manage and recover from it.

Risk Management

Now that you have invested in your business’s health and resiliency, you should start figuring out ways to mitigate risk. Investing in risk management plans should be a key part of planning for 2023. One of the biggest lessons that business leaders can take away from 2020 and the COVID-19 pandemic is the need for proper risk management techniques. Don’t leave yourself unprepared like many businesses did— research and understand risk management in your field and implement best practices into your business continuity plan. Once you understand the value of risk management, you should identify and prevent these issues and tackle them head on. With that in mind, here are some common trends and potential risks projected for the year 2023.

Crime

Crime is one of the biggest trends you should be aware of when updating your business continuity plan this upcoming year. With issues like COVID-19, natural disasters, and high inflation, crime is on the rise. Consider common issues such as shoplifting, hackers, and other technology-related scams, and have plans and protocols in place to deal with these problems. Make sure that you also train both yourself and your employees to spot and prevent crime. Doing so will help prevent both financial losses, as well as ensure your business remains safe and trustworthy in the eyes of the public.

Working with Extreme Weather

With more occurrences of extreme weather on the rise it is smart planning to consider how extreme events could affect your business when updating your business continuity plan. Offering flexible work setting for your employees, such as work-from-home or a hybrid model, can help everyone maintain productivity during periods of extreme weather, such as the snowy winter months and extreme temperatures of late summer. It’s always best practice to have a protocol in place before the extreme weather hits, so research potential risks for your area and make a plan well ahead of time.

The Future of COVID-19

While many lockdowns and other early pandemic worries are now a thing of the past, there are still several highly contagious COVID-19 strains that are likely to stick around. Thus, it’s not unreasonable to assume that there will likely be times when your business may encounter issues due to COVID-19, including the possibility of multiple employees being out or even a temporary closure. Thus, it is vital that you have contingency plans built into your overall business continuity plan so everyone knows what to do in the event of COVID-19 affecting your workplace and business operations.

Continuing Work-from-Home (WFH) Trends

The word is in: Work from home is here to stay, as continual studies show that many people (and even employers) enjoy working from home while continuing to maintain similar, or even better, productivity levels as when they were working in the office. Rather than fighting work-from-home , future-minded employers are embracing the trend and strategizing ways to implement it into their overall business model and business continuity plans.

Dealing with Inflation

Inflation was a hot topic in 2022, and businesses and their employees can expect this trend to continue into 2023. Operating costs are likely to remain high due to inflation. Likewise, in response to inflation and the increasing costs of living, many workers are looking for jobs with higher wages. In addition, many states and local towns have passed minimum wage increases in response to the rising rates of inflation. Build inflation into your budget and have a plan in place to manage it going into the year 2023.

New Year, New Regulations

When the new year rolls around, there are almost always new laws and regulations that come into effect, be it on the state, local, federal, or even business level. It’s essential to research these new laws and regulations well ahead of time so that you can understand how they are going to affect your business going forward. Don’t wait until the new year has already arrived— doing so could mean fines or other legal penalizations if it turns out that you have broken labor or safety laws. If you have questions or any confusion or concerns about any new laws or regulations, you should talk to your business’s human resources department and legal team, to ensure you are prepared for new laws going forward. Doing so protects both your business and your employees, so don’t neglect this essential step. It’s part of your responsibility as someone who owns and operates a business.

Cybersecurity

Focusing on cybersecurity is a vital part of business planning in the modern era, and 2023 is no exception to this rule. Recent research  shows that cybersecurity events and business disruptions have been some of the most common types of business disasters in recent years. As technology grows and evolves, unfortunately, so do criminals. It will be well worth the effort to have a plan in place ahead of time, so your business’s safety is ensured online. Don’t wait until there is a data breach or extended outage to think about your cybersecurity. Your customers trust that you are being confidential and responsible with their information and jeopardizing that trust could result in a negative blow to your business reputation. Plan before it is too late.

Conclusion

A business continuity plan is a key component of your operations. It should be well thought through, carefully researched, and tested regularly. Creating a business continuity plan prevents a multitude of issues down the line for you and your business. Agility can help you create a customized plan for your business, so you can move forward through 2023 with confidence and maximize growth. Contact us today and learn how we can help you and your business succeed.

Unless those who deliver healthcare invest in continuity planning, they risk never being able to recover from events like natural disasters, human-caused events, and malicious technological breaches. Continuity planning places the organization in the best position to avert these and other threats.

Nationwide, the healthcare system includes:

  • Hospitals
  • Skilled nursing facilities
  • Home health services
  • Physician offices
  • Diagnostic centers
  • Specialty care treatment centers
  • Mental and behavioral health
  • A variety of other components

In 2021, in collaboration with Infogroup, a leading provider of data and data-driven marketing solutions, the U.S. Department of Labor found that healthcare providers represented three of the top five largest employers in major metropolitan cities. To avert disaster, public and nonprofit entities and others all require the same level of continuity planning as their for-profit partners.

Two distinct goals surface when examining the healthcare delivery system and the role of continuity. First, individual businesses or agencies should have plans in place to recover business or mission functions after a disaster occurs. According to the Federal Emergency Management Agency (FEMA), “40 percent of small businesses never reopen after a disaster and another 25 percent that do reopen fail within a year.” FEMA has found that “following a disaster, 90% of smaller companies fail within a year unless they can resume operations within five days.” Continuity is not only important to a business’s bottom line, but it has a broader socioeconomic impact regarding employment and services.

Second, the healthcare system must be maintained following a disaster. Rapid recovery of operations after an event is critical to the community, which may require medical services.

At first glance, continuity planning and emergency preparedness can be daunting, especially for professionals who are unexpectedly saddled with those responsibilities. Dedicated emergency managers typically exist only within hospital systems in most national and state healthcare delivery systems. In most small- to medium-sized workplaces, staff with other primary day-to-day missions will complete the organization’s continuity and emergency planning.

Although these terms and processes overlap, they are quite different. The primary goal of emergency preparedness is to safeguard people and property from harm. Preparedness is a fluid and dynamic process that requires continual updates with adjustments. Continuity’s main goal focuses on the continuation of critical business or mission operations. Recognizing the difference permits the identification of different key tasks relating to the planning processes. Many healthcare facilities manage the two processes as one – a logical combination since both are working towards the same objective. And many healthcare facilities have one person managing both. However, this may not be the right decision for many organizations.

The organization’s emergency preparedness planning component cannot fully address continuity. Many state and government agencies maintain continuity of operations plan, known as COOP. BC and COOP are specific plans, procedures, and resources that allow a healthcare organization to recover its essential services and functions during an event that disrupts normal operations. Organizations that meet the CMS emergency preparedness guidelines may not have a robust BC plan. To champion continuity with an organization, follow the five best foundational practices:

1. Gain Organization Leadership Buy-In

Many BC and COOP mitigation measures, such as creating a staff contact roster, can be performed at little to no cost. Remember that the goal of BC is self-preservation. Can your organizational leadership afford to do nothing?

2. Establish a BC or COOP Planning Team

Establish a strong internal planning team with staff that have preparedness mindsets. Regardless of size, the team should represent all critical elements: clinical operations, non-clinical operations, and human resources or IT specialties.

3. Identify One Leader With Authority to Serve as Project Manager

One executive or leader with authority should function as the overall project manager. That person ensures that collaboration occurs, deadlines are met, and the project maintains forward progress, in addition to resolving conflicts.

4. Perform a BC Risk Assessment or COOP Threat & Hazard Identification & Risk Assessment (THIRA)

The first step to performing a BC risk assessment or COOP THIRA is understanding what risks exist. This process is more straightforward than you think. Most emergency management and public health agencies are required by their grants to perform risk assessments for their jurisdictions. Many are available online; however, contact the state or local public health preparedness office or emergency management agency if one cannot be located for your area. The risk assessment should identify threats or hazards with opportunities for hazard prevention, deterrence, or risk mitigation.

5. For BC: Perform a Business Impact Analysis (BIA)

The business impact analysis (BIA) predicts the consequences of disruption of a business function or process and gathers information needed to develop a recovery strategy. Considering potential operational and financial impacts, the BIA should include other outcomes such as regulatory fines, contractual penalties, and customer dissatisfaction. Factor in the timing and duration of disruption, as these variables can alter the impact on the business. The BIA will be used to establish priories to restore business operations. Ready to get started? Reach out to Agility today to discuss your organization’s priorities and planning.

The pandemic epitomized what an unforeseen circumstance means and highlighted the importance of incident management and business continuity. It was elusive. Its arrival wreaked more havoc that not even the experts could have forecasted. It took and continues to take a toll on individuals of all ages. It has disrupted families. Many businesses have taken a massive financial hit as a result of it. Businesses with a robust business continuity plan would have avoided some of the pandemic’s adverse effects. No doubt, the pandemic tested your business emergency management protocols and continues to. Unfortunately, 51% of businesses worldwide did not have a business continuity plan. Did your plan pass the test? You may not be able to undo any damage that has already occurred but you can ensure that you learn from this incident. This article covers some basic business continuity measures you can put in place right now.

What Is Business Continuity?

Business continuity is an organization’s ability to continue its operations throughout and after a significant disaster has occurred. Major disasters that can affect businesses include:

  • Natural disasters
  • A fire or anything that causes extensive physical damage to infrastructure
  • Any cybersecurity threat
  • Server failure or utility outage
  • Incidents that disrupt the day-to-day operations of a business

The aim is to have essential business functions up and running with minimal downtime. Doing so ensures that your business can continue to serve customers and facilitate providers with the least amount of disruption. It is important for all businesses but can be better sustained by larger enterprises. This is dependent on the extent and duration of the incident or emergency. Despite this, all companies should have measures in place to ensure the continuity of their operations. You should include the details of these measures in a business continuity plan.

What Is a Business Continuity Plan?

A business continuity plan is a detailed outline of the steps to ensure business operations continuation during an emergency or natural disaster. It should also encompass plans to deal with cybersecurity threats. These can include data breaches, loss of access, ransomware attacks, or malicious insider incidents. Business continuity plans reduce any adverse effects from the emergency or disaster. A BCP aims to reduce financial losses, maintain supplier relationships and other business partnerships, and service customers. Continuous updating and maintenance are important elements of a continuity plan. The Federal Emergency Management Agency (FEMA) states that one in five companies does not spend time maintaining their continuity plan. In contrast, 20% of larger businesses spend over ten days every month on their plans. Continuity plans should also consider widespread disasters that can affect employees’ accessibility to the physical business location, as has been the case during the pandemic. The plan should differentiate between critical and non-critical business functions. Critical business functions are activities or processes that must be restored to protect your business’s assets, meet regulations, and the organization’s needs. The unavailability of critical business functions can affect business operations, which, in turn, impacts the business’s ability to serve its customers and other stakeholders. The plan outlines the recovery requirements for each critical function. It includes the timeframe for the resumption of the operation and the business and technical requirements for recovery.

Characteristics of a Business Continuity Plan

Four noteworthy characteristics should guide the design of your business continuity plan. The business continuity plan should be:

1. Comprehensive

Try to plan for every possible incident or disruption. Review and rework your business continuity plan several times. Backup plans are essential. They should not stop at Plan B or C. Even though there may be many, consider every factor that could play a role. Cater for things that may go wrong.

2. Adaptable

Despite catering to every possible scenario, leave room for quick adaptation of the plan because circumstances will change. In extreme cases, changes can be minute by minute. It is one of the main reasons that the plan must be reviewed continuously and maintained. However, once the plan provides a good foundation or starting point, the rest should be easily adaptable. Many organizations can help you support and maintain your plan.

3. Realistic

Ensure easy implementation of your plan when a disaster does strike. Make it realistic and include many contingency plans where possible.

4. Efficient

Your business continuity plan should enable efficient execution with your current resources. Having it laid out can reduce stress levels during an incident. This can make the tasks that need to be executed a little easier to achieve despite the anxiety and additional pressure. Taking these four elements into consideration while planning for your business’s continuity will help ensure your plan is as effective as possible.

The Importance of Emergency Management

If you hadn’t put much thought into emergency management before, the last few years should have made you realize just how important it is. It is an essential element to help you effectively manage your business. Unfortunately, disruptions are costly, but they can sometimes lead to a business’s closure, especially for smaller companies. Ninety percent of smaller businesses fail within a year after a disaster unless they resume operations within five days. Businesses that don’t have an emergency response plan often lose customers, suffering financial losses that can harm their brand reputation. Here are a few other reasons why emergency management or continuity planning is essential to all businesses. A continuity plan can help to:

1. Continue Business Operations

It supports the continuation of your business operations during a crisis and helps reduce financial losses. It lets stakeholders, including employees and customers, know your company is stable. Communication throughout the organization is vital to keep all employees informed and on the same page. This can be a challenge for organizations with many employees who work remotely or with offices spread worldwide. These organizations must invest in a solution that facilitates real-time, effortless communication.

2. Improve Customer and Stakeholder Confidence

Investing in effective incident management processes and policies helps improve customer and stakeholder confidence and resilience.

3. Maintain Your Brand and Reputation

Managing the crisis effectively and preparing your company for any possibility will augur well for your brand. It preserves confidence in your brand and bolsters your reputation when your company manages the situation with grace, strength, and consistency. Back in 2018, the city of Atlanta sustained a cyberattack that locked down the city systems for a week. Workers had to complete all documentation by hand. The City of Atlanta was not prepared and taken by surprise, with out-of-date software and a number of other IT vulnerabilities.

4. Get a Competitive Advantage

Use your response to not only build confidence in your brand with current customers but let it show potential customers you should be their brand of choice too. Your reaction during a crisis will speak volumes about your company and your brand. Make it tell a positive story. This is an opportunity to gain an advantage over your competitors by reacting quickly and decisively during a crisis.

5. Reduce Financial Risk

Quick and decisive actions during a crisis will also reduce the downtime for your business. More extended downtimes can mean greater financial losses. Minimize your losses by restoring functionality as quickly as possible.

6. Protect Your Supply Chain

Remember, natural disasters will affect your suppliers as well. Ensure your plan caters to supply chain resilience by spreading your risk across several suppliers. This will give you options. Your organization will be minimally affected due to a lack of supplies or raw materials.

10 Steps to Creating Your Business Continuity Plan

Now that you know the characteristics of a business continuity plan and its benefits, here are 10 steps you can follow to create your plan.

1. Create an Incident Response Team

The incident response (or crisis) team should include some cross-functional managerial roles or any other person you believe will be valuable to the team. Designate a leader who will be able to make decisions and ensure steady progress. Each team member should receive specialist training and expertise across technical and non-technical areas, including forensic investigation. Recruit external resources specializing in incident management.

2. Identify the Plan’s Objectives and Goals

Your business continuity’s main objective is to ensure there is minimal disruption to critical business functions. This includes vital business functions across the organization – operations, human resources, public relations, etc. However, every business will have different objectives and goals that are important to the business’s running. It will vary based on the type and size of the company, among other things. Once you identify the plan’s goals and objectives, map out a strategy for the plan. Ensure the objectives are clearly understood and that the goals align with the objectives. Take the opportunity to identify the key people and processes that will keep it operational. The draft should also include a list of all possible disruptions that can affect business operations. Identify the critical functions in day-to-day business processes and create recovery strategies for each scenario.

3. Conduct a Risk Assessment and Business Impact Analysis (BIA)

A BIA will identify significant threats to your organization. After identification:

  • Research and analyze.
  • Include the team in discussions about incidents that may reduce, modify, or eliminate critical services or functions.
  • Document all of the issues and what their business impact might be.

4. Identify Critical and Non-Critical Business Functions

Before determining how your organization will maintain critical business functions, it is crucial to identify which processes are essential during an emergency. Consider some of these essential functions:

  • Maintaining customer service.
  • Supply continuity and inventory management.
  • Order fulfillment and shipping deadlines.
  • Ecommerce platforms, if used.
  • Other applications used in business operations.

5. Identify and Isolate Sensitive Information

Identify critical data, such as financial records or other mission-critical information, including login credentials. Store them where they can be quickly recovered. Storage should also be according to priority based on how important the data is to the business.

6. Conduct Data Backup

Create copies of all irreplaceable data. Include customer data, employee records, files, business emails, etc. This should also be easily accessible so that the business can recover quickly from any disaster that occurs.

7. Protect Hard Copy Data

Even though businesses store large amounts of electronic data, they still use many physical documents daily. These can include contracts, tax documents, and employee files. Where possible, convert hard copies into digital files to minimize the loss of physical documents.

8. Find a Designated Recovery Site

This secondary site will be a backup for your company’s primary location. Equip the site with tools and systems that will allow recovery of any affected systems. Doing so will ensure the continuation of business operations within the shortest period.

9. Develop a Communication Strategy

Crisis communication is crucial during a disaster. Your company should implement a strategy that ensures effective communication to both internal and external stakeholders. Pre-drafted sample messages will expedite communications to suppliers, partners, and employees during the crisis. A detailed communication strategy can help incident response teams efficiently coordinate their efforts.

10. Test, Measure, Review, and Update the Plan

A business continuity plan is cyclical. It should be continuously tested, measured, reviewed, and updated, proving its effectiveness. Testing should include simulations that can determine the team’s level of preparedness during an incident. Use the results to modify the plan and then test it again. These steps should allow you to formulate a comprehensive business continuity plan. It includes constant analysis, design, implementation, testing, and maintenance.

Potential Risks for Businesses Without a Plan

Business continuity planning can seem exhaustive, especially for smaller businesses with limited resources. Whether you choose to use internal or external resources, your company must implement a plan as the potential risks of not having one can adversely affect your company. Some of the risks of not having a business continuity plan include:

  • Financial losses
  • Increased costs
  • Repeated exposure to the risk
  • Regulatory and legal penalties (Marriott was fined £18.4m for a data breach that didn’t meet General Data Protection Regulation standards and affected millions)

Being Prepared

There are many options to ensure your organization’s emergency management is effective. A detailed business continuity plan that is continuously updated and reviewed can save your business. Doing research and reviewing examples of well-implemented continuity plans will help prepare you if your company faces a similar incident. Agility Recovery provides business continuity solutions. Contact us to find the solution that is best for your organization.

The Importance of Incident Management

Critical incidents can occur anytime, anywhere, and are not limited to traditional business hours. Well-orchestrated incident management minimizes the impact any business disruption can impose on business operations and employees. However, just having this type of plan in place won’t suffice. The success of the business continuity plan also depends on communication among everyone on the incident response team and the rest of the employees about everyone’s responsibilities. Members of incident management teams should be adequately trained in their roles of managing the unexpected. Continually updating and testing your business continuity and disaster recovery plan can help your company adjust to new and rising threats. Having specific forms of communication set up to alert all necessary personnel during an emergency is also critical in responding quickly and efficiently. It is almost impossible to anticipate the occurrence of specific threats, but if your incident management plan includes all of the above components, you will be ready to maneuver through any unanticipated business disruption. This is why it is imperative that your business has an incident management plan (IMP) in place and ready to go in case an incident does occur. Today, organizations must embrace a mobile-first strategy for incident management. This will help your organization mitigate risk, eliminate business impacts, and ensure the workforce is safe to react to an incident faster.

What Is an Incident Management Plan?

An IMP describes the activities of an organization necessary to identify, analyze, and correct hazards to prevent future reoccurrences. It is your company’s meticulous guide to administrating business disruptions.

Who’s in Charge of Creating an IMP?

Typically, someone who oversees business continuity or a similar program takes care of creating an actionable and effective IMP. The program manager needs to keep all information updated (employee contact info, plans, incident status, etc.), make sure that employees are trained on how to respond to an incident, and keep the program on track throughout the year.

4 Elements of a Robust IMP

1. Detection

Preventative measures help avert most business disruptions. Analyzing the business environment to detect any issues ahead of time is one of the methods. While this is not always possible (e.g., natural disasters), it is good to have training on what to look for and what to do in the event of an incident.

2. Diagnosis

Find what’s causing the issue and fix it as quickly as possible. The sooner you can diagnose the issue, the sooner it can be resolved.

3. Repair

Fix the problem! The longer the issue exists, the more problems it can cause. This can involve anything from a service restart, a hardware replacement, or even a complex software code change.

4. Recovery

The problem has been resolved, and now it is time to implement a plan to prevent this incident from occurring again in the future.

Benefits of IMP

  • – Reduced business impact of incidents by timely resolution.
  • – Improved monitoring and reporting on incidents.
  • – Better user/customer satisfaction – improved up-time.
  • – Better organizational efficiency.
  • – Peace of mind – “we’ve got this covered.”

Roadblocks to IMP

  • – No executive buy-in, hence no resources or budget.
  • – Lack of clarity of business needs.
  • – Working practices not reviewed or set in your ways.
  • – Lack of knowledge on resolving incidents.
  • – Resistance to using process.

Evolution of Incident Management

Past

More than 10 years ago, plans were written and forgotten about, left to collect dust on a shelf rendering them useless during an emergency. There used to be no easy way to access critical information or communicate with employees; for example, binders, phone trees, traditional email or PA systems aren’t nearly as efficient as what we have today. This made it difficult to realize a plan once an incident occurred because it was a manual process.

Present

Today, technology has permeated every industry, making every operation and process more streamlined. However, many are using a “patchwork quilt approach”– one solution for document management, one for conference calls, one for emergency notification, one for training, etc. This means there are multiple platforms that have separate logins that are very expensive and at times inefficient.

Future

The next iteration has already begun. Business continuity professionals have started consolidating solutions to help ease and automate the incident management process to make it more efficient and cost effective. Cutting-edge BC solutions allow for binder-free, mobile-first incident management that includes bi-directional emergency messaging, proactive conference calling, multiple message response types, document access, and training and threat-specific resources. According to our brief online survey, 18% of respondents do not have an incident management program at work.   43% reported that their IMP was last updated within the past year. 34% claimed that if an incident were to occur during business hours, they wouldn’t have access to everything they need to manage through the unexpected. And 33% said that their organization had not adopted any technology to simplify incident management.

C-level executives, or C-suites, are depicted in media as intimidating, if not haphazardly incompetent. Sometimes assistants or interns buzz around them, trying to be quietly noticed for any upcoming team opportunities. Depictions like this give the media further fuel to reinforce these ideas. For example, the Apprentice shows play into these C-suite stereotypes, depicting rich men and women in sharp suits standing in front of a helicopter. C-suites are more than their clean style and boardroom meetings. They are indispensable for any growing or established company. One of the C-suites' responsibilities is to protect the business; the company can survive and grow when a crisis happens. Among other obligations, C-suites directly influence business continuity and disaster recovery.

Why Business Continuity is Important

Business continuity is also called contingency planning. Continuity is essential when disaster strikes a company. Where unprepared businesses may face financial ruin in the wake of a crisis—business continuity is designed for survival. A business continuity plan isn't just for survival. These plans evaluate the threat, source a solution, and then find a road to recovery . After a disaster happens, these plans can help guide employees. As a byproduct, these plans help to minimize downtime, resume operations faster, and ensure a more straightforward path for production.

What Is in a Business Continuity Plan?

Business continuity and disaster recovery plans are sometimes created and implemented by C-suites. Continuity requires simultaneous teamwork across departments and management. C-suites must collaborate as leaders of their domains to create proactive, lasting disaster plans. A good business continuity plan often includes the following:

  • – Executive summary: A synopsis of the procedure and why it was developed.
  • – Objectives: A list of desired goals comes after the plan starts.
  • – Risk management analysis: A list of pros and cons for accepting or rejecting the proposed plan and suggestions for proactive measures.
  • – Incident response plan: An initial continuity plan with adjustments to the current crisis or situation; these also outline who should take control.
  • – Recovery plan: Created after a disaster, it is on the C-suites to establish a plan, implement it, and ensure its procedures are followed. Many recovery plans include dependency on recovery solutions – like backup generators, alternative workspace, and emergency technology and equipment – lasting months after a crisis.

Roles of Main C-Level Executives in Business Continuity

Chief Executive Officer

These C-suites are the face of many companies. Their role in the company is to support the message of the overall business and push for progress. They typically keep tabs on competitors and spend time thinking about how to get ahead of them. During a crisis, the chief executive officer also has obligations outside of the company. They corral many of the critical figures of a company to keep them calm when a disaster hits. Their effort limits collateral damage that can occur, like dips in stocks. Generally, the CEO placates boards, senior management, stakeholders, and the media. Additionally, they are also in control of green lighting any emergency responses or teams. These C-suites are also in charge of implementing vital strategies during and after disasters. Thus, they need to put effort into building good continuity plans—it makes their job easier.

Chief Information or Technology Officer

The chief information officer is a business's lord of technology, overseeing electronics and cybersecurity. These C-suites' time is primarily occupied by managing cyber threats, testing new approaches to technology, and limiting downtime. During a crisis, the CIO has two vital roles. First, before a disaster, they would have needed to implement backups of all possible data. In the case of a crisis, this backup data can prove to be salvation. At the same time, CIOs create proactive plans to combat future cyber threats. Correctly predicting, analyzing, and implementing strategies to fight cyber threats is challenging because technology evolves quickly; a CIO should be a master at engaging with new technology and developing proactive measures.

Chief Operations Officer

The role of a chief operations officer is to improve efficiency and profit while limiting or stopping points of failure. Generally, they must know all the company's processes, security issues, and compliance requirements for the government. Thus, they work closely with chief compliance officers (below). During a crisis, COOs may involve themselves directly with affected departments. They ensure that all departments and staff run as efficiently after a disaster. Continuity plans require the extensive inclusion of COOs since they speak directly to employees.

Chief Financial Officer

These C-suites are more than glorified financial advisers. They manage stakeholders, accounts management, and reporting processes. Additionally, chief financial officers work closely with the CEOs; planning initiatives must stay within budget and timelines—both aspects appeal to any CFO. During a crisis, a CFO's attention falls on the accounts attached to the company. They oversee the business's financials and assets. Further, they are essential in projecting the future funds of the company—impacting continued growth strategies. Continuity plans help steer the company forward by not hemorrhaging money and helping protect bottom lines.

Chief Compliance Officer

Chief compliance officers oversee regulatory procedures and production guidelines. They pay attention to state and federal laws to ensure operations are happening legally and adequately. COOs work closely with CCOs to guarantee desired production outcomes. During a crisis, CCOs supervise legal procedures and production guidelines. However, they also have an additional role; they are the point of contact between the company and the government. Another way to view them is as a shield between a company and government laws.

Chief Marketing Officer

Large companies require a chief marketing officer. These C-suites are the backbone of a brand image. Their role relies heavily on statistics about the end customer, sometimes provided by the CIO (above). The CMO must balance big data, social media, trends, avenues for growth, and messaging. A CMO oversees brand management, advertising, and marketing campaigns during a crisis. These marketing aspects are vital for the company's image. Thus, they work closely with CEOs to face the media.

C-Suite Executives Must Lead by Example & Be Proactive About Their Security

All C-suite executives must be proactive and work in unison when a disaster occurs. C-suites must properly guide the different departments they oversee to mitigate damage to a business in crisis. Additionally, C-suite executives are spearheads for progress, growth, and proactively following a disaster. Their roles in business continuity and recovery are critical.

Ben Hartwig is a Web Operations Executive at InfoTracer who takes a wide view from the whole system. He authors guides on entire security posture, both physical and cyber.

Although emergency management and business continuity might sound similar, they don’t perform the same function. Emergency management teams anticipate physical threats to employees and buildings. On the other hand, business continuity teams work to ensure a company can keep running and survive a crisis.

Emergency management and business continuity are two players on the same team. Together, these groups anticipate potential issues and make response plans so companies can safely navigate catastrophes. Here’s why your operation needs both emergency management and business continuity strategies.

Imagine the Chaos

Businesses are designed to run like well-oiled machines. However, if something stops the wheels from turning, your company could quickly become chaotic and even stop functioning. If operations stop long enough, you could lose clientele, your reputation, and your financial ability to run. Emergency management and business continuity teams protect your company by imagining what could go wrong. Physical locations could be impacted by natural disasters or widespread illness. Political unrest can also affect your company’s success. Certain factors could stop workers from communicating with you if they are remote. Your emergency management team members are the first responders if something goes wrong. They develop protocols to keep employees safe from events like fire, flooding, earthquakes, and active shooters. They also have a plan to protect essential business assets from being destroyed or stolen. After your emergency management team responds to a crisis, it’s time for your business continuity team to step in. These people create backup plans so you can continue working during an emergency. They work to restore company systems, connect your employees, and equip your facility to keep moving forward.

Anticipate Potential Issues

Some events are very difficult to anticipate , such as COVID-19 and the subsequent lockdowns. However, most businesses are put under by lesser events they could have prepared for. Examples include tech problems, theft, supply chain issues , and prolonged sickness in the workforce. Think of your business as a house you’re renting out. You’ve invested time and money into creating something remarkable that other people will pay you for. However, what happens if a tree falls on the roof? What if the dryer catches fire? Homeowners think ahead and act so expensive problems won’t damage their return on investment. You need a similar mindset for your business. Consider all the different parts of what you do and ask yourself what could go wrong. Here are just a few examples:

  • – Are your online platforms secure?
  • – Do you have backups of important information?
  • – How many people have access to your passwords?
  • – Is your physical location secure?

The more prepared your company is, the less you’ll lose when something goes wrong. Your emergency management team works hard to prepare employees and business structures for a quick response in a crisis. After the fact, your business continuity group has a plan to keep things running until you can establish a new normal.

Create Business Protocols

Your emergency management and business continuity groups worry about issues now so your business can deal with fewer true emergencies later. Both teams are essential for handling crises—for example, emergency management trains employees on fire drills and how to respond to an active shooter . Business continuity teams create action plans so minimal time is lost after a crisis. It’s essential to consider a wide range of issues when preparing for crises. Business continuity and emergency management groups should give the most time and attention to issues that could immediately affect your operations. They can then start to plan for problems that might affect your company in the future. People who live near wildfire-prone areas build several layers of defensible space around their homes. The inner layer is the most heavily protected , with outer layers giving homeowners space to extinguish flames while they’re still far away. Most also create a fire break around their property to further slow fire spread. Your business protocols should be similarly ranked from serious to not-so-serious situations. Although wildfires are always dangerous, a fire in your home or business needs the most attention. If the flames are still 300 feet away from your home, you have more time to act and will use a different strategy to handle the situation.

Drill Down Specifics

The most crucial thing in any emergency is employee safety. However, if you want your business to keep running, you must also protect assets for stakeholders. Your workers should know how to stay safe, secure sensitive information, and keep essential functions running for as long as possible. You need a backup plan for keeping communication open and securing essential information. All online platforms should be protected and backed up in case the technology stops functioning. Keeping company passwords in only one place is not a good idea. You should be able to access business information from multiple locations. Part of emergency management and business continuity’s roles is assembling teams so employees know their responsibilities during a crisis. Things could still fall apart if your business has a protocol, but people don’t know their roles. Assess potential problems by running business continuity tests before an event happens. Unfortunately, you can’t protect your business from everything. However, you can prepare to safeguard your company from situations that could derail or damage operations. Emergency management and business continuity teams are essential for this process.

Protect Your Business

Many people complete risk assessments without thinking about it. For example, some refuse to go swimming without a lifeguard. Others don’t mind diving in alone but set boundaries about where they’ll swim and how long. Each person makes the best decision based on their strengths and weaknesses. Emergency management and business continuity teams can help your business assess danger and plan to thrive regardless of changing circumstances. These groups work to anticipate potential problems and then create protocols for responding quickly. They serve different functions and are essential for safeguarding your company .

Zac Amos is the Features Editor and a writer at ReHack, where he loves digging into business tech, cybersecurity, and anything else technology-related. You can find more of his work on Twitter or LinkedIn.

Implementing a strong crisis management team is how companies remain successful if a disaster occurs. However, many small to medium enterprises do not have one. If they do, they might lack the knowledge or have ineffective resources.

In fact, 95% of company leaders say their crisis management capabilities need improvement. Unprepared companies might face delayed or poor decision-making, consequently impacting recovery and reputation. For example, a data breach can cost $8.19 million on average when a business isn’t ready. Here’s how to effectively build a solid crisis management team.

What Is a Crisis Management Team?

A crisis management team (CMT) is a collaborative group responsible for preparing responses to potential emergencies. It’s accountable for executing and coordinating reactions during an incident or catastrophic event. Crisis management is also about handling unforeseen events that could cause irreparable damage. It involves a team that can react flexibly and make prompt decisions. According to research, 50% of the workforce is not entirely engaged with their work. A CMT must be willing to collaborate and be committed to developing companywide solutions to be the most effective.

Why Organizations Fail to Protect Core Assets

A successful crisis management plan incorporates organizational planning for risk management, emergencies, disaster recovery, and business continuity. However, many organizations fail to secure their assets properly for many reasons, including:

  • Thinking, “It won’t happen here”
  • Being unaware of the risks
  • Relying on poorly planned crisis responses
  • Ignoring the warning signs
  • Not making crisis management and preparedness a priority

What You Need To Build the Right Crisis Management Team

Much effort and planning are needed to develop an effective CMT. Consider the following points.

1. Understand Crises

Before creating an effective CMT, your priority is to understand crises and how they can impact your business. It’s not just the role of your management team to understand what a crisis is — you, everyone in your company, and even your vendors must acknowledge it. They should also know how crises affect your organization, clients, stakeholders, and operations. Therefore, taking the time to understand situations is essential for preparedness. Then, embrace the role as an educator and share your insights with decision-makers.

2. Gather Team Members from the Appropriate Departments

Generally, you’ll need a team with one person from each department, such as information technology, human resources, communications, and more. Your team may look something like this:

  • Team leader: Makes decisions on behalf of the company, like a senior executive.
  • Security director: Facilitates plan development, employee training, and crisis center establishment. Also serves as a primary information officer.
  • Financial director: Manages funding arrangements and disbursement of funds. Maintains records of the cost of the crisis and assesses the financial implications of each disaster.
  • Legal counsel: Advises on possible legal implications of corrective actions.
  • Media spokesperson: Communicates important details without disclosing proprietary information.
  • HR leader: Resolves human resources issues and assists information officers in reaching affected individuals and their families. 
  • Security specialist: Someone from outside the organization who educates the team about handling individual crises and advises during emergencies. Also conducts team debriefing after a problem.

3. Know the Qualities and Characteristics Best Fit for a Crisis Management Team

Crisis management requires people who have a unique skill set and temperament. Crises are extremely stressful. The best person for the role must be most effective under pressure. Other characteristics they must possess include the following:

  • Able to make informed decisions at the right time
  • Are confident but not egotistical
  • Are problem-solvers and tactical
  • Able to be calm and level-headed
  • Are collaborative and work well with others from different departments

A high-ranking person must have these qualities. Otherwise, they’re not a good fit for the CMT, even if they want to be on it.

4. Identify the Right People

Often, the best people for the crisis management team are the direct reports of senior managers. Another way to identify individuals fit for the role is to look for workers who come to the forefront during business continuity exercises. Most business owners know who is level-headed and capable of working well with others. Consider asking around each department to gather individual feedback.

5. Have a Crisis Management Team Leader

Leadership is more valuable than ever during a crisis. Therefore, you’ll need a team leader — someone other than you or the CEO — and they must know the business thoroughly. It should also be someone who is committed to your organization. This may be easier said than done, of course. One report shows that 24% of respondents said leadership effectiveness and decision-making were among their most significant challenges in crisis management. When choosing a leader, look for someone who can work with people at all levels across the organization. This person should have full authority over facilitating team meetings and take a consistent approach to promoting companywide collaboration.

6. Sign Off on the Team

Ensure you and senior leadership sign off on the crisis management team to finalize everything. Sometimes a high-ranking person is appointed due to political motives, even if they’re not the best fit. Consider adding a lower-ranking person from that department and ensure they possess the right skills to compensate for the missing knowledge and characteristics.

Building a Successful Crisis Management Team

Preparing a team for everything that can happen to your organization is crucial. As soon as you understand the impacts of crises, you’ll learn that building a CMT can’t happen soon enough. Once you gather a successful team from all departments, your business will be ready to take on whatever disaster happens.

Zac Amos is the Features Editor and a writer at ReHack, where he loves digging into business tech, cybersecurity, and anything else technology-related. You can find more of his work on Twitter or LinkedIn.