Business continuity management (BCM) professionals face complex issues with today’s operational disruptions and external threats. The BCM professional must focus on risk mitigation from natural disasters to cyberattacks. This article reviews the critical focus areas that BCM professionals manage for success. This means moving beyond the typical IT issues. You’ll get tips on non-technical operational recovery areas too.

Business Continuity Management

Every enterprise has determined the structure of how they want business continuity managed. The funding tends to follow this structure. Regardless of who owns business continuity, the process starts with a business impact analysis (BIA). The purpose of the BIA is to map the critical functions of an enterprise. It analyzes potential disruptions, their effects on systems, and the associated costs. The first step is identifying what is worth protecting.

Value Worth Protecting

Every enterprise has inherent value that is worth protecting. These values are often overlooked. They seldom get proper coverage in the business continuity plan. To play it safe, make a list of the fundamental corporate values, including:

• Staff
• Clients
• Vendors
• Operations
• Profits
• Brand
• Key products
• The secret sauce
• And more

Anything you determine is a valued asset needs some form of protection. In some companies, specific roles are critical to a company’s future success. You may list a mission-critical application or system necessary to your company’s continuity.

Identify Potential Threats

A list of threats seems to get larger each year with new pandemics and internet hackers. The key is to make a list that focuses on how each threat impacts different values. This step needs care in balancing speculation with research. Some of the more common potential threats include:

• Cyberattack
• Natural disaster
• Fire
• Chemical spill
• Technology loss
• Supply chain failure
• Employee absenteeism
• Disgruntled employee
• Building loss

If you don’t know how a valued asset or function gets impacted, you won’t determine how to protect it.

Prioritize Protection Coverage

The assets or functions must be prioritized for action. The higher the priority, the greater the budget. To establish a basis:

1. Consider the asset or function’s value
2. Consider the company’s need for recovery should a risk event happen
3. Document this step for easy access when mapping out your business continuity plan

You can also rank valued assets and functions by short-term and long-term perspectives. Your priorities must set specific actions in place for both sets of circumstances. A catastrophic company event can occur in a few minutes or over months.

Business Continuity Plan

It is a tragedy when business continuity plans turn into a shelved report. Instead, consider the plan as a living document. This type of plan is often gets updated with the latest information. The value of assets can change. Executives might move the company in a new direction. Functions may vary due to business streamlining or consolidation. Response protocols might need change with the rotation of vendors. A new implementation of a system for handling conflict resolution might be added. With the participation of many departments, the document must remain fluid and current.

Staff Assignments

To reduce risk and increase recovery, key employees must hold specific responsibilities. The participants in each department must know what to do, when to do it, and how. Planned reviews or practice dates are critical for your business continuity response team. The plan must list the duties of each participating employee based on any given risk event. Speed to take action is critical for losses or damages on operations, finances, and reputation. Employees must enact change upon an incident before it becomes a real problem. Support from senior staff is critical to keep employees accountable for their roles. The employees will need business continuity and recovery training. Trainees should receive a grade for situational performance criteria on their employee review.

Risk Mitigation

The best way to mitigate risk is to regularly monitor all critical areas of the continuity plan. This might include cross-training employees on essential departmental functions. Also, conduct periodic risk assessments of the company’s operations and environment. Another form of risk management includes preventative measures. For instance, you might want to have a secondary location available for certain activities. Having several vendors or operational redundancies can also reduce risk factors. The goal is to find ways of reducing or removing risk. You can also learn at what level executives are willing to accept a loss. This knowledge will empower you to make quick decisions during a catastrophic event.

Recovery Strategy

There is not a large enough budget to plan for every eventuality. But you can prepare for the top three or four that your industry might face. Some common ones include the loss of:

• Employee availability due to health issues, storms, or strikes
• Building access due to damages, chemicals, or outages
• Supply chain due to strikes, errors, or vendor issues
• Technology due to cyberattacks, outages, or vendors

You’ll have to determine what phases of your business recovery strategy you put in place.

Test Continuity Plan

Plans are worthless unless they’re tested and proven viable. The business continuity plan testing process also helps you spot gaps and performance issues in your program. You should test all aspects of the plan . This includes the activities of your business continuity response team. Testing will reveal how vital each recovery factor is to the company. It will also clarify what level of incident requires specific actions, compared to employees using common sense. Not all problems are about business continuity. The key is making sure you have clear and well-understood event management protocols. Take time to determine how the internal and external communications will get initiated. You can base the timing and amount of communication on the level of impact assessed. The impact can also determine who receives communications. This might include shareholders, stakeholders, managers, customers, and others. Crisis communication management should include an escalation and dissemination structure. Internal communications work best when handled in groups or teams. External communication should go through a predetermined network familiar with the company.

Improving Business Continuity

Business continuity is a process that takes consistent effort to protect company assets and functions. A business impact analysis is critical to ensure all activities mitigate risk. But a recovery plan can fall short unless the participating employees test it. Your employees will show remarkable resilience in mitigating a crisis by following continuity management guidelines. To learn about the trends of BCM, check out our latest blog posts for similar information. If you have questions, feel free to contact us.

Why ROI (Return on Investment)?

Business continuity professionals are often asked what the return on investment – or ROI – of business continuity really is. Is it worth the investment, both time and money? If you have no business continuity plan in place when a disruptive incident occurs, but your biggest competitor responds to the incident effectively using their own business continuity plan, how will that impact your bottom line and customer base?

On average, each minute of IT downtime costs $8,850 (Ponemon Institute, 2014) – not to mention downstream reputational damage.

Business continuity is more than just a line item in your organization’s budget. It’s a lifeline for when – not if – an incident occurs, whether it’s a natural disaster or cyberattack . A business continuity plan means that you will be able to maintain organizational resilience and continue operations, preventing a costly interruption that can damage your company’s bottom line as well as its reputation. Business continuity software and planning automates and streamlines the process, making reporting easy and saving your organization the time it usually takes to prepare a plan from scratch and collect and report on data.

Why Do We Need Business Continuity Software?

Drive Efficiency with Automation and Reporting

Without automation, one person may be required to chase down information, statuses, and updates. During an incident, different departments will try to access different resources, lengthening your downtime and costing you revenue if there isn’t a plan in place that automatically prioritizes resources. Implementing BC software means you won’t have to spend hours collecting data for an exam or presentation; it’ll be at your fingertips. You can easily consolidate data and show ROI in both time and data collected to different stakeholders. Show which departments have completed tasks, outstanding tasks, and recovery time objective (RTO) timelines, and quickly and easily make tweaks in your plan that will be standard for all users.

Easily Maintain Accurate Data and Form an Effective Plan

You shouldn’t focus on gathering data. Instead, focus on analyzing and figuring out which products and services are highest priority to your business. Instead of focusing on making a plan, focus on creating an effective program.

Insights from Other Companies

Organizations around the globe are increasingly recognizing the need for business continuity planning:

• 84% have discussed the value of organizational resilience (PWC Global Crisis Survey 2021)
• 83% of organizations are performing longer-term trend analysis, and over half carry it out on a centralized basis (BSI Horizon Scan Report 2021)
• 21% of organizations have a business continuity management (BCM) budget of more than $1M (2021 BCM Trends Report)
• 25% of respondents anticipate hiring personnel dedicated to business continuity planning (BCP) in 2021, up from 14% in 2018 (2021 BCM Trends Report)

Prevent Downtime and Save Money

The average cost of an interruption could range anywhere from hundreds of thousands to millions of dollars. Many businesses can’t afford to recovery from such an incident; in fact, 40-60% of small businesses don’t reopen following a disaster (FEMA, 2016). Disruptions cost large companies $184M a year on average (Interos Annual Global Supply Chain Report 2021). Business continuity software and planning heavily mitigate the cost of an itnerruption. With BC planning in place, your organization will be able to maintain resilience and continue operations, rather than lose thousands of dollars during each minute of downtime (NAVEX Global 2021 Definitive Risk & Compliance Benchmark Report). The cost of natural disasters is high, according to the Allianz Risk Barometer 2019:

• Fire or explosion: $5.8M
• Storm: $4.4M
• Earthquake: $1.6M
• Water damage: $0.6M

Data breaches, technology downtime, and supply chain disruptions add to the mounting costs of not maintaining continuity.

Tabletop Exercises

Even for an expert, creating a 50-slide tabletop exercise from scratch may take more than 20 hours – time better spent on other pressing tasks. Agility’s tabletop exercises take just two hours to run, saving you at least 18 hours – and you can choose from dozens of scenarios.

As any BC professional will tell you, a company’s business continuity plan should not be static; it should be reviewed, tested, and optimized to ensure it is fit for purpose when a threat arises. In 2021, the continuation and unpredictability of COVID-19 and the emergence of more extreme weather events and supply chain issues highlight the importance of having a solid business continuity strategy and plan to mitigate business risk. Closing out 2021 and going into 2022, it’s crucial to reflect on how well your business prevented, responded to, and recovered from the prior year’s events and update plans accordingly.

The Importance of Updating Your Business Continuity Plan

Failing to update your business continuity plan is a bit like keeping an old fire escape route posted after renovating the building. It’s not relevant, and following it will likely result in poor outcomes. The pandemic was a catalyst for many companies to invest time and resources into business continuity planning. According to The Future of Business Continuity & Resilience Report 2021 , published by the Business Continuity Institute (BCI), seventy-nine percent of respondents stated that the appreciation of resilience rose in their organization due to the pandemic. Both high-level business leaders and team members were able to see the impact that a solid plan (or lack thereof) has on their organization.

Known threats evolve; new threats emerge

Threats are changing every day. A new cybersecurity risk will arise, or another Covid variant like Delta or Omicron will emerge. While it’s impossible to predict and plan for every change or eventuality, there are new trends that appeared in the past year that you’ll now need to consider. One example is the trend toward work-from-home/remote work. While many WFH policies were successful as a crisis management strategy, the BCI report states that ninety-four percent of respondents say that some, most, or all staff want to work from home for a proportion of time post-pandemic. This new trend will become standard for many organizations’ business operations. Still, it creates other risks to address around IT security and backup power and communications.

Updating your BC plan to protect your business

In the BCI’s Crisis Management Report 2021 , survey findings report that thirty-three percent of organizations had a crisis plan before the pandemic that was ineffective in dealing with Covid. Of these respondents, three-quarters could create a new program or modify current plans to make them relevant to COVID-19. Updating your plan will ensure that it is relevant to changing circumstances, allowing you to speed time to recovery, which can help your organization gain or maintain a competitive advantage or, at the very least, lessen the negative financial and operational impacts. You’ll want to review how effective your previous plan was on macro and micro levels, thinking about both world events and risks specific to your industry or business. Some key questions to ask while updating your plan are:

• – What is practical to keep in our business continuity plan?
• – Is there anything that is no longer relevant?
• – Is our plan too rigid or vague?
• – Is the company using new technology or vendors? Have we completed our due diligence on their BC strategies?
• – Did the company have significant changes to business processes or personnel?
• – Have company goals or priorities changed?

While the momentum BC has gained in recent years is encouraging, the effort can’t stop just because the world is going into its third pandemic year. Enterprise business continuity plans must be forward-thinking to prepare for the next threat on the horizon.

How Frequently Should Your Business Continuity Plan Be Updated?

How frequently you update your BCP will depend on your industry and individual company purpose, operations, and risk profile. As a baseline, companies should review their plans for critical operations as needed or every six months and all other plans at least every year. On top of completing regularly scheduled reviews, you’ll want to update your business continuity plan if any of the following occur:

• – There are significant changes to the operations of your business. Examples include personnel/ownership changes, new vendors, new technology, changing operational processes/policies, etc. These are likely to come to light when completing a business impact analysis.
• – A testing exercise highlights a gap in your business continuity management.
• – Learnings from real-world experience.

Any time you update your plan, ensure you communicate changes and provide necessary training to appropriate stakeholders and key personnel. Improving awareness will increase the odds of proper execution.

Lessons Learned In 2021 To Incorporate Into Your 2022 Business Continuity Plans

Throughout 2021, several threats and trends emerged. These threats and shifts include the COVID-19 virus, work-from-home policies, supply chain management, and the immediate and lasting effects of extreme weather. You should consider keeping or adding these to your 2022 business continuity plan if they’re relevant to your business.

COVID Continues

We’ve learned a lot about the COVID-19 virus and how to respond. However, the virus and the world’s handling of the pandemic will continue to evolve. It is likely that more variants, like Omicron, will emerge, which could once again affect the workplace, workforce, and supply chains despite a vaccine. Luckily, most organizations have learned from the last two years of the COVID crisis and will optimize those lessons in their 2022 BC strategy and apply certain concepts to other threats as well.

Working From Home Is Likely To Stay

Some form of remote work is the new norm for many organizations. In the 2021 BCI survey, over thirty-six percent of members state they plan to incorporate it as an option into their BC response. There are important considerations for your organization’s 2022 BC plan now that WFH is not temporary :

• Is your technology and disaster recovery plan resilient enough to prevent and respond to cybersecurity threats and data loss outside your office workplace?
• Does your BC plan include health and safety standards for homeworkers?
• Are staff well-being and mental health a part of your BC plan?

Supply Chain Resilience Is Key

Supply chains were heavily affected in 2021 due to weather, pandemic, and world economies. Remember the disruption that occurred when a container ship blocked the Suez Canal for six days, which cost an estimated $6-10 billion in global trade? Or what about the bottlenecks at the Ports of Los Angeles and Long Beach caused by an increase in demand for imports, alongside labor shortages, workplace restrictions, and infrastructure challenges? As supply chains have the potential to generate staggering disruptions, you should ensure your manufacturers and distributors also have a business continuity plan. You might want to consider backup vendors and alternate material sources. We published an article on Supply Chain & Third-Party Vendor Resilience that shares best practices to add to your 2022 plan.

Crisis Management & Resilience for Extreme Weather

To say that weather events were unpredictable might be the understatement of the year. In 2021, businesses and their employees had to endure record extreme weather events that had both immediate and lasting consequences. Nearly every month in 2021 had an unanticipated weather event:

• Record cold temperatures and snowfall leading to the Texan Power Outage
• Heatwaves and drought leading to sprawling wildfires across the globe
• Summer flooding in Western Europe and central China
• Devastating hurricanes across the Southeastern United States
• Catastrophic tornadoes in the Midwest in December

In 2022, companies should ensure their supply chains and workplaces are ready to endure severe weather. As mentioned above, don’t forget to consider homeworkers when planning for weather resilience, especially if abandoning more traditional BC work area recovery sites in favor of WFH strategies.

How To Update Your BCP

If you don’t have a business continuity plan at all, this blog post on Business Continuity Planning Do’s and Don’ts is a good introduction. Going into 2022, here are a few important reminders for updating your BCP:

• Perform a business impact analysis to gauge how threats to your business have changed since last year. Prioritize the most significant risks to your business for the upcoming plan timeframe
• Adopt a centralized or hybrid approach for a greater chance of success. Avoid bottlenecks and silos by getting rid of purely regional or departmental-based plans.
• Remember that people are typically an organization’s greatest asset. Use a people-first approach (burnout and lack of engagement are business risks).
• If you haven’t before, involve the board and senior management in the process to get buy-in, increase awareness of business continuity’s importance, and better develop a centralized approach.
• Focus on being agile and adaptive – your BCP should not be too rigid or vague.
• Include communications and PR strategies in your plan to respond quickly and manage your reputation.
• Ensure you have the right BC leaders in place to execute your business continuity plan and adapt if necessary.

Getting Your 2022 BC Plan Started

Prepare your business for whatever 2022 throws its way. Agility Planner is an excellent place to start if you need help preparing your business continuity plan for 2022. Our software solutions provide step-by-step guidance to build your plan and simple, actionable steps to execute. Contact our team to learn how our business continuity planning solutions will streamline, simplify, and support your organization’s business continuity management.

Business continuity management software offers myriad benefits – rapid response to disasters, incident management, prioritization, reputation protection, and more. As new threats emerge, guidelines are revised, the needs of the organization change, and business continuity management evolves, those organizations using software will find it easier, more efficient, and more cost effective to revise their plans and programs to meet those demands as well as address and implement the various elements of BCM and crisis response. Software supports BCM frameworks and standards and focuses on making BCM easier for program managers and participants by providing things like BCM guidance, content, checklists, and templates, as well as tools for program management like tracking, monitoring, and reporting. Software also provides ways to make the program easier to maintain, like escalation and approval workflows, scheduling of alerts, reminders, and other system notifications. By adding automation to your data management, data collection and maintenance will be less time consuming and the data more reliable. Having reliable data when responding to a crisis is one of the key components of organizational resilience. As you build out your BCM software, keep these key points in mind.

What Can Business Continuity Management (BCM) Software Do for You?

• Builds organizational resilience and eliminates duplicate efforts by being a single source for building and managing all resilience plans and activities for various teams and the areas that support those teams
• Provides easier, more efficient, and reliable maintenance by utilizing a relational database and automated data uploads and integrations
• Automates manual tasks such as triggering emails, approval processes, scheduling, assignments, follow-up, monitoring, and approval processes
• Strengthens the BCM program through distributing the work, collaboration, and automated workflows
• Provides easier program management and understanding of its effectiveness through program benchmarking, monitoring, and reporting
• Schedules, executes, assigns, and monitors follow-up of exercises
• Dynamically and more easily generates reports
• Aids with audits through automated revision trails and documentation
• Maps dependencies and interdependencies of processes, resources, functions, etc.
• Activates incidents – have as many plans, scenarios, teams, and tasks as needed in one location for easier management and understanding of where you are in an incident
• Creates automatic notifications and details who to contact and how for improved crisis communications
• Removes the cost and resources of managing in-house solutions
• Ensures easy and secure access and availability

Do:

• Integrate multiple data feeds
• Use your software in exercising
• Train on BCM with your software
• Build resilience and a stronger BCM program by distributing the work
• Use your software to standardize your plans and program participation
• Maintain and manage your program with software
• Use your software to determine impacts and prioritize processes and resources
• Use software to compare and analyze risks to determine the level of controls/treatment required and to ensure controls are enacted
• Use to measure likelihood and impact
• Use for plan activation
• Use BCM software business continuity knowledge and expertise as an extension of your team
• Use software to help mature your program and address compliance requirements

Key Takeaways of BCM Software

• Beneficial no matter the approach, methodology, or maturity level; helps to mature BCM programs
• Improves and builds a culture of resilience
• More reliable data and easier upkeep to assist with the evolving BCM landscape
• Plans are more accessible in a secure manner
• Provides the tools and workflows for BCM and resilience program management, updating, and monitoring
• Better crisis communications and ability to manage an incident
• Business continuity intelligence
• Makes plans more actionable
• Single source for resilience

Agility is excited to announce our sponsorship of The BCI’s Education Month 2021 : Embedding Business Continuity for a More Resilient Future. Providing more than 30 years of business continuity experience and thought leadership, Agility is proud to support initiatives like BCI Education Month, as awareness and knowledge sharing are keys to improving business continuity within organizations. Agility’s offerings span the entire business continuity life cycle, from planning and training to testing . Mark your calendars for the month of September, which will feature blogs, webinars, podcasts, and more covering the embedding stage of the business continuity management life cycle. Agility will be hosting the following webinars:

• Wednesday, September 8, 9:00 a.m. ET: How to Put Your Plans into Action to Achieve Greater Resiliency
• Thursday, September 23, 10:00 a.m. ET: Achieve Resiliency Through Scenario-Based Exercising

Ahead of Education Month, here are some resources to check out: Business Continuity Training and Testing

• How to Create a Successful Tabletop Exercise
• How to Plan and Execute Effective Business Continuity Trainings and Tabletop Exercises
• The Ultimate Guide to BC Testing
• 6 Scenarios for Business Continuity Plan Testing

Business Continuity Planning

• Business Continuity Challenges After COVID-19
• How to Safely Return Your Workforce to the Office [Includes Checklist]
• How to Create a Business Continuity Plan

See you online in September!

Regardless of whether you are afraid of ghosts, tornadoes, wildfires, hurricanes, floods, or man-made crises like acts of terror (the author suggests appropriate levels of concern regarding each of these and more), you must prepare for who you will need to communicate with, what you will communicate, and how you will do so when a crisis befalls your organization. The following are some helpful suggestions for developing an effective crisis communications plan. Start today with some of the basics and then build on those until you are satisfied that you will be able to reach your various audiences.

Start with a General Risk Assessment:

• – Identify the top threats to your organization and any vulnerabilities.
• – Analyze what business and operational functions are critical.
• – Identify the resources needed to continue those critical functions: People, Processes, and Technology required, and Communications needs for each. Establish a Crisis Management Team, and those within that group responsible for Communications.

Develop and regularly update an Emergency Contact List to include:

• – Home Phone
• – Alternate Mobile
• – Personal E‐mail
• – Family Contact Information
• – Evacuation Plan

Communications Infrastructure

• – Develop a tactical response plan for Voice/Phone redirection
• – Establish processes & plans to re‐establish your network connectivity:
  • E‐mail
  • Data Processing
  • Virtual Private Network (VPN)
  • Remote Services
  • Applications

Internal Communications

• – Set up an Alert Notification System capable of multiple means of communication to employees, stakeholders and community. TEST regularly.
• – Ensure that employee, vendor, and supplier mobile voice communications are not reliant on a single network. Utilize multiple carriers and train all critical personnel on the use of text messaging.
• – Establish a separate, formal notification plan for employees’ immediate families and close relatives in the event of loss of life, missing personnel, etc. Additionally, ensure that caregivers, daycare operators, and others upon whom employees may depend for family member support can receive appropriate information.
• – Ensure that a formal system exists to integrate new hires into the Crisis Communications Plan and conduct regular trainings to update all personnel on the policies and procedures.
• – Establish a secure, universally available, and easily accessible database of information about the company in case of emergency to include company background information, critical documents, key contacts, passwords (if they can be stored in an encrypted format), etc.
• – Consider setting up a password‐protected online message board specific to your organization.

External Communications – Online Presence

• – Consider establishing a public hotline and/or a “dark” Website that can be activated on short notice to provide critical information during an emergency to everyone in the community.
• – Consider using an Online Social Networking Platform for web-based crisis communications (Facebook, Twitter, LinkedIn, etc.) and follow best practices for use of such platforms.
• – Establish remote hosting for your entity’s website.
• – Ensure proper bandwidth capability for spikes in traffic during crises.
• – Ensure remote access to your website, and establish a team to manage updates to the site during disasters.
• – Coordinate all Crisis Communications Planning with key vendors and suppliers to ensure a seamless transition.

Media Communications Strategy:

• – Designate primary and secondary spokespersons.
• – Ensure all Employees know WHO the Spokesperson is.
• – Arrange for media to have 24‐hour access to a spokesperson.
• – Ensure designated spokespersons have training in dealing with the media.
• – Establish a policy for all employee interaction with Media, ON and OFF‐SITE.
• – Maintain trustworthy, credible relationships with the media at all times. If you do, the media will be less suspicious and more cooperative during a crisis.
• – Identify key audiences and develop a strategy and messaging for each.
• – Create key messages and talking points to ensure consistent a message.
• – Ensure you have a media kit at the ready containing information about your organization, as well as a list of approved contacts.
• – Discuss possible problem areas and potential negative impacts.
• – Identify main media outlets through which information about your organization will be disseminated (Radio and TV stations, print media, etc.).
• – Find a signage vendor with multiple regional locations to use for signage needs before, during, and after a disaster.

During the Crisis

• – Have all employee, vendor, community, and media contact information on hand or in your emergency kit.
• – Be the first to break the news about how your organization is responding. Even if the situation is still evolving, begin with full disclosure. ALWAYS respond to media requests.
• – Continue to communicate regularly with all key audiences until the crisis has passed. Consistency is important.
• – Make an effort to continuously monitor online and offline conversations in order to evaluate the strengths and weaknesses of your strategy and messaging.
• – Confirm facts, communicating openly and accurately about the situation. Your communications team must be fully aware of all the facts and know the proper, approved messages. NOTHING is “off the record.”
• – Use your Alert Notification System to keep all audiences posted on status and next steps.
• – During an evacuation, have a central point of contact for all employees, and ensure you know where your people are located.
• – During an evacuation, consider your phone lines ‐ redirection to cell phones, answering service, Google Voice, or Agility lines could be critical.

After the Crisis

• – Following the crisis, notify all critical people of next steps.
• – Learn from the experience and anticipate the next crisis. Plan for likely and even unlikely scenarios based on this most recent crisis, and know the steps you’re going to take before you have to take them.
• – Debrief staff on their experiences, praising people for what went well
• – Improve your plan as needed, and aim to regularly update it, including response to lingering fallout from the most recent crisis.

Achieving business continuity maturity presents its challenges: the volume of processes involved, the peculiarity of each business, organizational buy-in. However, the business benefits of establishing a mature business continuity program go beyond managing risk and complying with regulations, contributing to a company's unique value proposition, employee retention, and future success. Business resilience is becoming a higher priority for boards and senior management. An escalating complexity of cyberattacks, increased activity in natural and human-caused disasters , intricacy in processes and IT, reliance on third parties, data management—all these factors increase the chances for interruptions, making their impact more drastic.

Top Business Challenges in Responding to COVID-19

Disasters can happen to anyone, anywhere, which reiterates the importance for businesses to create, maintain, and test business continuity and incident management plans at least annually. Also, businesses need to have up-to-date pandemic business continuity plans that incorporate lessons learned over the past couple years. Many scientific community experts point to globalization as a driver for increasing odds of virus outbreaks in the future.

• – The ability to respond quickly and effectively when working remote.
• – Cybersecurity issues due to employees working from home.
• – Responding to simultaneous disruptions – the pandemic further complicated recovery efforts in the event of other business disruptions like natural disasters.
• – Effective communication in a crisis.
• – Supporting the health and safety of employees. This finding may indicate that many businesses need to bolster their plans, testing, and BC tools to better support their people’s well-being going forward.
• – Maintaining employee productivity and morale, which proves some companies are struggling with adapting to a work-from-home strategy.

Key Aspects of a Mature Business Continuity Model

In a continuously developing environment, the traditional reactive approach must be replaced by proactive, nimble methodologies . At Agility, we refer to a resilient approach that focuses on resilience planning, testing, and complete recovery . Resilient organizations establish alternative ways of servicing their clients as part of their business continuity and risk management strategy, including using recovery locations to provide critical business services when digital channels are down. A maturity model demonstrates if an organization can achieve continuous improvement. It explains whether a business is being stagnant and the processes that need to be revisited. Organizational growth is fueled by creating review or auditing processes that need to be applied regularly to business processes to evaluate their effectiveness, identify improvements, and implement them. Building our industry credibility is what led to creating our business continuity maturity model. We involved multiple stakeholders, customers, and prospects, analyzed our acquisition strategy, and conducted market research. A result is an impactful tool that presents a thought leadership stance, a clear and unified message with a customer-centric market approach.

Key Aspects of Mature Business Continuity Programs

Aspects  Resilient Approach Conventional Approach Administration/ Management • Direct involvement of c-suite in processes; • BC integrated into various business processes and metrics; • Continuous testing and reporting to drive improvement. • Role of senior management is reactive; • BC is not included in risk assessment or other metrics; • Compliance-type updates. Organizational Focus/Company Integration Cross-departmental assessment of the impact of disruption; • Streamlined communication; • Recognition of org interdependencies and critical assets (systems, data, processes, people). • Business units/departments are considered individually; • Communication silos. Risk Assessment and Testing • Regularly updated or new BI scenarios based on recent events and forward-looking risk assessment. • Generic BI scenarios on rotation across various departments with standard RTOs. Vendor Management/ Supply Chain • Involvement in and understanding of the third party BC processes. • No knowledge or communication with vendors regarding their resilience.

The Business Continuity Process Cycle

Establishing and maintaining the culture of preparedness in the organization is an ongoing process of improvement. The development and advancement of business continuity planning are based on new inputs, data, and findings from actual incident management and organizational response. Companies that have a central place for the incident history can manage future incidents more efficiently and incorporate this knowledge into their adaptable plans, which help them constantly improve their business continuity process. The business world has changed dramatically over the past 20 years, with the potential for disruption coming faster, more frequent, and more devastating at every turn. Climate change, cybersecurity, and workplace violence have all escalated in the past few years, and none of these were on the horizon 20 years ago. To help businesses quickly prioritize their business continuity process, we've pulled together more than three decades of knowledge and experiences over thousands of companies into a Modern Business Continuity Model. Agility has observed market and industry changes and can share this market knowledge and best practices with everyone in our community. It's the entire reason for our success and sustainability over the past 30 years. Not only can we help businesses deal with immediate incidents like the current pandemic, but we can help your organization take the best practices aggregated across numerous businesses and incorporate them into your plan. This is a unique benefit of our collective experience brought back to your organization. This feeds our mission, our entire business strategy, and is the very reason for our existence. Our team of experts, technicians, and industry professionals with thousands of recoveries under their belts continue to provide our clients and community with unmatched expertise and the knowledge that can't be acquired in any other way. We blend practical, innovational, and historical methods to address tomorrow's resilience challenges.

Having the right plans and procedures in place for dealing with crises is only half the battle. The fundamental components of a business continuity plan must include workspace recovery, cyber resilience, change management, and several other elements. Additionally, sharing a business continuity plan with the essential personnel and educating them on how to handle disasters is another vital component. Why? Because even if you have an emergency response plan in place, if your teams are unfamiliar with it, they will be at a loss for what to do when a crisis occurs. A textbook definition of a disaster is any situation that threatens the integrity or reputation of a firm or business, usually brought on by adverse or negative media attention. However, let’s not forget what natural disasters can bring upon a business. The past couple of years proved to be the most disastrous in terms of hurricanes, wildfires, civil unrest, and cyberattacks.

When simultaneous business continuity risks have become the new norm, it’s vital for any organization to have such a plan that can help avoid downtime. That’s why we’ve seen an increased demand for a comprehensive business continuity plan for any disaster, Among the most common reasons for developing a plan that covers various scenarios are:

• Compliance issues (Client audits and RFP’s)​
• Regulatory Requirements​ (Government or ISO certification)​
• New hardware or operating systems  and applications  that are now in the “Cloud”​
• ​Facility and/or personnel changes/moves/ relocation​
• Changes in voice/data networks​
• Changes in critical third-party vendor/suppliers​
• Pandemic Planning​

Even though planning for adverse risks and various threats may need more than one plan, considering the nuances of each potential interruption, there are several essential components of a business continuity plan.​

​Fundamental Components of a Business Continuity Plan​

Planning, testing, and recovery of these vital components are key to building a resilient organization.

1. Workspace Recovery
2. Cyber Resilience
3. Data Backup, Replication, and Recovery
4. Personnel
5. Third-Party Service Providers
6. Telecommunications
7. Power
8. Change Management
9. Communication and Notifications

Workspace Recovery

• Identify backup sites for employees and alternatives for core operations, facilities, and infrastructure.
• A backup site should mirror operational functionality of primary site.
• In the case of disruptions, there should be designated alternative sites for employees (this includes key personnel) in the resumption of business operations.

Cyber Resilience

Maintaining operations despite ever-changing risks.

• ID and mitigate cyber threats to data and operational infrastructure.
• Develop incident response procedures for cyberattacks with flexible enough measures to adapt to a diverse range of events.

Data Backup, Replication and Recovery

• Maintain data confidentiality, integrity, and availability for all data.
• Accessible, off-site repository of software, configuration settings, and related documentation.
• SOPs to recover critical networks and systems.
• Data replication (also referred to as data synchronization or mirroring) is the process of copying data, to  maintain identical data sets in redundant locations.
• Do backup and recovery strategies match current technology and threats?
• Documentation of where primary books and records, backup files (hard copy and electronic)  are kept or located. Include a detailed description of the data backup and recovery process during major business disruptions.

Personnel

• Resilience is dependent upon personnel availability to maintain critical business processes. Know that key personnel could be unavailable or distracted during such events as natural disasters, severe weather events, or pandemics.
• Management should plan for events during which personnel may not be able to access facilities and critical personnel may not be available immediately after the disruption.
• Considerations:
  • Staffing and skills needed to operate critical functions related to business continuity.
  • Employee Training: Any organization should provide business continuity training for personnel to ensure that everyone is aware of their primary and back-up responsibilities should a disaster occur.
  • Involve key employees in the business continuity development process as well as regular tests and training exercises, including your service providers and partners beyond your own employees.

Third Party Service Providers and Managed Security Service Providers

• Many entities depend on third-party service providers to perform or support critical operations. A disruption in the delivery of those services can have a direct impact on entities’ resilience. A critical failure at a widely used third-party service provider could have large-scale consequences. Management should assess critical third-party service providers’ susceptibility to multiple event scenarios and verify such third parties’ resilience capabilities.
• Management should consider the same risks outlined in their entity’s own internal BCP(s) in relation to third-party service providers, as well as:
  • The capacity of third-party service provider to meet client recovery objectives in the agreements, relative to other clients’ needs.
  • Ability to participate in recovery testing with third-party service providers and access to testing results.
  • Ability to move outsourced processes either in-house or to another third-party service provider.
  • Alternative resource options (e.g., personnel and systems) for when primary services cannot be delivered.
  • Data confidentiality, integrity, and availability (e.g., transportability and interoperability).
  • Financial capacity to continue meeting contractual obligations.
  • Services concentrated in a limited number of third-party service providers.

Telecommunications

• BCP should ensure appropriate redundancy levels in the entity’s telecommunications infrastructure.
• Identify and mitigate single points of failure across infrastructure.
• Develop plan to address an outage in the telecom lines.
• Establish redundant telecommunications links.

Power

• The financial industry is dependent on power to run its technology infrastructure and to supply basic necessities to personnel and customers.
• As part of its short-term and long-term plans, management should consider the following:
  • Alternate energy sources (e.g., generators, multiple power grids).
  • Fuel requirements, both for fuel on-hand and contracts with suppliers for deliveries during events, and any potential impediments to obtaining fuel.
  • The load capacity of generators (e.g., length of time, useful life, level of power supplied).
  • Continued maintenance of generators.
  • Testing of generators.

Change Management

• As changes are made to production systems and business processes during the normal course of business, recovery systems and documentation at alternate locations should similarly be updated to reflect production and primary system changes.
• The change management process should allow for the expedient implementation of emergency changes during an event, such as changing an access control list to provide rapid access for troubleshooting and analysis.

Communications

• Consider, plan for, and prepare multiple mechanisms to communicate with others. For example, when traditional voice communications and telecommunications are impaired or inoperable, management may consider alternative communications systems such as text messaging through employer-provided and personal mobile phones, personal email, and instant messaging.
• Communication with customers and employees :
  • These encompass the provisions to be made to ensure an interrupted connection among everyone involved.
• Communications with regulators :
  • This covers how a bank can communicate with FINRA during a significant disruption, and identifies designated business continuity plan contacts with FINRA who will assist in the communication.

Notification Standards

• Formal notification standards should be developed and integrated into the business continuity planning process. Various communication methods, such as pagers, satellite phones, cell phones, e-mail, or two-way radios, can be used to promptly notify employees and applicable third parties of a disaster situation. Comprehensive notification standards should address the maintenance and distribution of contact lists that include primary phone numbers, emergency phone numbers, e-mail addresses, and physical addresses of institution personnel, vendors, emergency services, transportation companies, and regulatory agencies.

It’s important to remember that the question is not if, it is when the unexpected is going to come your way. For the sake of business’s longevity, invest in devising your own disaster preparedness plan.

A business continuity plan is about ensuring your business continues to operate and potentially even grow in times of high distress. This article will cover how you can start your own business continuity planning to ensure the best possible outcome for yourself and your employees. In 2019, 25 percent of companies worldwide reported the average hourly downtime cost of their servers to range from $300,000 to 400,000. So, whenever you’re ready to move from a state of vulnerability to a state of preparation, keep reading.

The Crises That Can Affect Your Business

Depending on your business’s specific circumstances, many unforeseen events can constitute the occurrence of a crisis. It’s your job to plan for them; however, you can’t do that without knowing what they are.

• Theft of equipment, vandalism of machinery.
• A natural disaster may cause flooding or bring damage from wind, snow, earthquake, or wildfire.
• Power outage, inability to use telecoms/IT gear.
• Access restriction: gas leak prevents access.
• IT failure: PC viruses, hack attacks, system failures.
• Disease/Infection: outbreak among staff, livestock, or on-premises.
• Terrorist attack: terrorist strike effects on location and travel opportunity.
• Loss of key staff: critical leaders leave the company.
• Customer crises: customer guarantees or insurance offsetting liability to take services.
• Supplier crises: how to source from alternative supplies.
• Reputation crises: how to cope with a product recall.

Even though it might seem that most scenarios are unlikely, you must give them enough consideration to security-proof your business from harm. For instance, to reference IT failure implications, let’s take a look at average hourly server downtime costs. In the year 2019, a quarter of participating respondents worldwide reported that the hourly server downtime cost, on average, came out to over $300,000.

Benefits of a Business Continuity Plan

You will have a newfound appreciation for BCP if you have a clear constitution of what it can bring to your business. So here is how you can benefit from a business continuity plan.

Public Perception

By showing a proactive approach to being prepared, the general public and customers will have a favorable impression of your enterprise. This leads to a level of trust, which is likely to help them become loyal customers.

Morale & Loyalty

Employees are likely to seek stability in an enterprise they belong to. A BCP is a great way to assure them that they found what they are looking for. I will give them pride in work and motivation to improve productivity.

Shareholder Relationship

Shareholders will trust an enterprise enough to encourage investments. Partners will not want to stop collaborating with the business if they know all necessary efforts are made to prepare for the unexpected. That’s very valuable.

Overall Efficiency

In the event of a crisis resulting in operation disruption, a solid BCP will allow the enterprise to respond appropriately, keeping losses minimal and costs negligent.

How Often Should A Continuity Plan Be Tested?

It’s quite simple. The more effort you put into the plan, the better it will be. A business continuity manager should regularly look over the plan to ensure it’s up to date with current business processes. The larger the enterprise, the more complex the systems will be. This means you need to review your continuity plan even more frequently to ensure there are no gaps overlooked. The following is advised to maximize the validity and reliability of a plan while minimizing the amount of time put into plan review.

Review Twice A Year

Your team must review the business continuity plan elements on a bi-annual basis to ensure that all responses apply to the current business status. Also, you can use this time to ensure responses align with business goals. If your plan depletes your business, it’s doing the opposite of what it’s supposed to.

Emergency Drills Once A Year

Just like schools have fire drills, your enterprise should have emergency drills to prepare staff for the continuity plan’s actions. This will help your team react when a real crisis occurs because of the sheer practice performed. If your workforce does not know what to do, provide them with training material to review on their own time.

Tabletop Reviews Every Other Year

All shareholders involved in the business continuity strategy should meet every year to discuss the plan and conduct a tabletop exercise test. This does not take too much time and does not require physical testing, but it can reveal some serious red flags that need to be addressed.

Comprehensive Reviews Every Other Year

Unlike the previous review, a comprehensive review is a more in-depth process. It should look at the cost-benefit parameters and recovery procedures to ensure everything is regulated up to date with current operations. If you don’t comprehensively review your business, you don’t have a plan whatsoever. Having a business continuity strategy that is outdated is worse than having no plan at all. Your business must be prepared. There’s nothing in between.

Mock Recovery Testing Every Two Years

Mock recovery testing is the most in-depth test in the continuity plan, and it’s used to test the plan for any mishaps or weaknesses. Since this is time-consuming, it can be done at least once every two years. No matter the business you operate, you need to be considering the possible threat of crisis. If you want to manage them, you must have a continuity plan to tackle unexpected situations.

Assess the Impact of Risks

The first thing to do when creating a plan is to analyze the consequences and probability of a crisis affecting your business. Business Impact Analysis should help you determine which functions of the business are essential to day-to-day operations. You’re likely to determine that some business roles, while necessary in regular cases, are not critical in a disaster. It can be useful to grade the likelihood of a crisis occurring, perhaps on a numerical scale. This will help you decide the attitude of your business towards the risks. You might be able to determine to do nothing about an unlikely crisis but react strongly to a very likely crisis. To determine the potential impact of the crisis on the business, it can be useful to think of the worst possible outcomes and how they can damage your business. For example, how can you access your data on the suppliers and customers if a flood has damaged your computers? Where would you operate if the premises were burnt in a fire? You must examine the crisis from the customer perspective. Consider how they will be affected. Would they start to look for alternatives? Consider if you will keep your service-level agreements if a crisis does occur and what consequences might persist if you cannot.

Minimize the Impact

Once you’ve determined the risks that your business faces, you need to take the necessary steps to protect it from them. Let’s examine potential changes you can make to protect certain functions of your business.

Premises

Good gas and electrical safety can help prevent fires. Installing burglar and fire alarms also makes much sense. Think about what you would do in a crisis if your premises are not accessible. For instance, you can suggest an arrangement with another local business to share the premises if the crisis-affected either party. You can have another location on-activated retainer to ensure you have a place to work after a disaster.

Machinery & Equipment

If you need to regularly use vital equipment, you might need to cover them with maintenance plans that guarantee emergency call outs. Installing anti-viruses, maintaining agreements, and backing up data will protect your IT structures. You might also want to pay an IT company to perform offsite backups. Printing out physical copies of customer databases can be a good way to keep in touch with customers if IT fails. If your IT fails, your business most likely fails. So how can you expand your IT beyond your premises? How can you secure remote work to ensure employees are not exposing data from their homes?

People

Ensure that you are not dependent on a few critical staff members. Get them to train other people as well. Consider if you can get temporary assistance from a recruitment agency if illness left your staff lacking in capability. Consider all types of insurance as an effective strategy for risk management.

Plan How You Will Act

You would start building the continuity plan by setting out how you will cope with the crisis. It should outline:

1. The individual roles of the persons involved in the emergency
2. The business functions you need to operate to ensure your business does not fail.

The first hour after the crisis occurs is the most important. As a result, you need to plan for immediate actions to be taken after the crisis occurs. Consider training your workforce and providing them with necessary business continuity resources to help them perform their responsibility during an emergency scenario. Ensure that all employees know what they have to do if something happens. Arrange a checklist form to track all the key steps and how they were performed during the crisis. Add contact details for individuals or groups you need to notify in case of an emergency, such as insurers, customers, suppliers, emergency services, utility companies, municipal providers, other businesses. Include details for locksmiths, plumbers, glaziers, IT specialists, electricians. Include the map of your premises’ layout to help individuals find fire escapes, safety equipment, sprinklers, and general navigation around the location. Elaborate on how you will deal with media interest. Appoint a spokesperson to handle questions. Ensure positivity ins statements. Ensure that suppliers, customers, and staff are informed before any of the media is. Ensure that hard copies of the continuity plan are located at home, with key staff members at their home and the bank.

Remember Why You’re Planning

Business continuity planning is vital and will significantly dampen the losses that might occur from disruption. However, these efforts are not the only way to mitigate risk. You need to consider the enhancement of your overall organization resilience. This means you need to:

1. Improve digital maturity and resilience
2. Develop a robust security program for information
3. Improve organization agility
4. Create a culture that is flexible, adaptable, and skilled
5. Create a process that is designed to respond effectively to disruption
6. Improve productivity, adaptability, and employee performance through training programs
7. Prevent workplace hazards through protocols and work procedures

In other words, resilience is a holistic approach to strategy that mitigates and prevents disruptions. That’s why you’re planning, and that’s what you should focus on.

In an increasingly interconnected and perpetually changing world, it’s crucial for your organization to continue to regularly revisit business continuity planning. There are certain actions to take and to avoid. Evolved global business and operations strategies add new business interruption risks to a growing list of threats. Building resilient and recoverable operations is more difficult to implement when time is limited, and challenges are approaching. Aside from all of the elements to be considered when designing a business continuity strategy, the key to a successful business continuity plan lies in building a well-thought-out plan and testing it throughout the organization. This article will outline the guiding principles and key elements of a business continuity plan, explain continuity incident triggers, and dive into do’s and don’ts for building a BC plan. If you have questions or you’re ready to get started, talk to a business continuity expert.

Recent Insights

Threats to the continuity of business operations have been on the rise for the past couple of years. Research from Allianz SE confirms that cyber incidents, business interruption, change in regulations, along with natural catastrophes are the top business risks this year. Just as there are many types of threats that can disrupt your operations, there are many different scenarios of how these unwelcome events may unfold. Oftentimes referred to as continuity triggers—an event that can potentially impede your business routine—these incidents range from a planned event or a reputational issue to a vendor supply chain interference or an injury among the leadership team. Among the most common continuity incident triggers are:

• Anticipated or planned events (weather, planned events that could prove disruptive, pandemic or public health issues)​

• “Office” incidents (building damage or disruption, other operations impact, employee injury or fatality, workplace violence)​

• Public allegations against the company or media / reputational concerns​

• Critical vendor or supplier incidents​

• Significant shifts in financial markets​

• Major information technology operations or infrastructure issues (dependent on the scope and projected duration)​

• Major information security incidents or breaches based on technology, operations, or business practice​

• Injury or death of a member of organization leadership

Guiding Principles for Business Continuity Planning

Although each industry may have different requirements and unique aspects, a business continuity plan provides guidance to every business’s unforeseen situation. When tasked with building a business continuity strategy for your organization, approach your planning process by taking the following steps and considering these actions:

1. Focus on the IMPACT, not the cause. Determine the steps to take, with designated team members to lead the task force, when responding to the following scenarios:​

   – Loss of workplace​ technology, security, or vendor disruption​
   – Legal, financial, or regulatory implications​
   – Reputational impact​
   – Workforce safety​

2. Utilize an “all-hazards” approach​. What this means is that you need to consider and identify all potential hazards that could affect your operations, and assess vulnerabilities and potential impacts. All-hazards plans address the resources available and actions to be taken before and after an emergency happens. It is meant to ensure people’s well-being and minimize destruction to business property and eliminate the downtime of the operations. With the all-hazards approach, businesses can take emergency preparedness to a level that is more effective and scalable.

3. Ensure a “Command & Control” structure is in place and understood​. Once defined by the NATO, command, and control is the exercise of authority and direction by a properly designated individual over assigned resources in the accomplishment of a common goal.

4. Ensure everyone understands their role and is ready to act​. Conducting a tabletop exercise is the most efficient way of organizing the team members and ensuring everyone knows their responsibilities during an emergency.

5. Prioritize business processes – first things first​. Completing a business impact analysis should be used to evaluate critical recovery time objectives (RTO) for each department and establish a comprehensive understanding of core business needs.

6. Build “actionable” plans and keep them up to date​.

7. Focus on continuity of operations, which is an effort within each department to ensure that all critical processes continued to be performed during an unforeseen event or disruption.

8. Build awareness across the organization and exercise regularly​. 

Business Continuity Framework

Your company’s business continuity framework is foundational to its success. The respective components of your framework may look different for every business, but the underlying objectives are always the same:

• Protect against the risks of disruption (prevention)
• Restore operations after disruption (response)

An overall Business Continuity Framework defines a structure for a response, continuity of operations, and return to business as usual. Plans are developed using an “all-hazards” approach and are focused on the impact on location, people, technology, vendor, or reputation.

Creating a Business Continuity Plan

Your BCP is the blueprint for your business continuity framework. It should be a comprehensive document stored in a central place where anyone on the BC team can access it anytime and anywhere. A robust plan needs to outline all of the critical components and be updated often enough to help your organization keep up with compliance regulations and changes in the industry.

1. Define

Begin your planning process by defining exactly what plan does your organization need or require, and then prioritize all critical business processes through a BIA. Ideally, each department in your organization has to have a BCP because they all have important business processes specific to them. These plans, in turn, feed an organization-wide BCP.

Of course, the number and scope of business continuity plans are determined by the organization and business structure, but this logic applies across any type of business. Your strategy may encompass various departments that, in turn, also need to have their specific plans in place because every department has its own essential business processes to be accounted for.

2. Prioritize & Plan

For this step, consider the following logic of actions:

• Prioritize the processes in each department based on business impact (financial, customer, client, or member, employee, brand/reputation, service delivery, compliance or regulatory)​

• Identify the continuity requirements from a business perspective for each process (0-24 hours, 2-5 business days, 6+ business days)​

• Detail any critical dates (non-routine, could change continuity requirements)  ​

• Define the strategy(s) to continue business (work from home, alternate space, another office, suspend, or delay)  ​

• Catalog continuity requirements (personnel deployment, key vendor information and alternatives, technology requirements and workarounds, vital records, special equipment, etc.)​

Remember, the results of the business impact analysis (BIA) provides the foundation for effective continuity planning with a focus on business priorities.​

A business continuity plan should provide a “playbook” that outlines the steps needed to continue business in the event of ANY disruption in normal operations. When it comes to what to include in your plan and things to avoid when planning, we suggest these do’s and don’ts:

• Make your plan actionable​
• Scenario independent​ (all-hazards approach)​
• Make your plan a guide
• Focus on continuity of daily business
• Define continuity strategies

DON’Ts​

• Not aspirational
• Not scenario dependent
• Not a procedure
• Not a long-term recovery plan
• Don’t wait to decide

A solid BCP also needs to include:

• Business processes: Processes, their priority, and when they must be continued to “keep the business running”
• Critical dates: Periodic important dates that might modify continuity priorities​
• Employee deployment: Deployment timing and work location for each employee​
• Continuity tasks: What needs to be done – same day, within 24 hours, within the next 2-5 days, or in 6+ days
• Key vendors/suppliers: Who they are, what they provide, how to contact​
• Technology dependencies: What technologies are required and when
• Vital records: What records (usually paper) would need to be replicated to continue operations
• Special equipment: Any unique equipment required to execute priority processes

3. Validate​

Once you’ve built your team and created a plan, make sure to validate the strategy across the board.

• Everyone in the company needs to know their role & responsibility – don’t assume they know​

• It’s not enough to focus only on technology ​

• Validate your continuity strategies​

• Can you execute your plans? Do they work?​

• Focus on the question: “Can I keep my business running?”​

• Just what’s needed to keep the business running, minimal alternatives, etc.​

• It is not a pass/fail test; it’s a learning exercise…gaps are good​

In Conclusion

Nowadays, there are different factors that are driving business continuity forward. A growing number of industry interruptions have ignited the need to develop more robust resilience plans. Regulatory guidance now requires clarity of the critical third-party resiliency strategy, as well as making your organization a resilient partner. An increased focus on enterprise-wide governance, risk management, and compliance (GRC) push organizations to reduce compliance costs and provide better risk insight. Customers expect 24/7 access to products and services, thanks to the new technology that provides competitive and customized offerings. Regulators’ tolerance for critical system downtime is also decreasing. And lastly, prompt identification and internal/external response to emergencies can protect and increase brand value and reputation.