Alert & Declare: (877) 364-9393
Member Emergency Hotline
Emergency Hotline
Agility Recovery +
52% of businesses experienced a business interruption in the past 5 years
*Stax Inc. Report, 2018

Your company may have been among them. Unfortunately, one of the two most popular factors that influence the mindset of companies without a BCDR plan is the experience of a recent disruption. But at what cost? This scenario deprives a community of a relied-upon business, leaving a company unprepared when trying to come up with a plan of navigating the rough waters of post-disaster damage control.

1. Know Your Risks

Which disasters will most likely impact your business? Though major disasters dominate the headlines, most business interruptions are caused by everyday events, such as power outages, human error, and technology failure. It is important to assess your risk for catastrophic weather occurrences, but equally important to evaluate exposure to more commonplace risks.

2. Know Your Critical Functions

Evaluate and document your company’s vital operations. Determine which processes, employees, equipment, and materials are critical for your daily operations. Critical business functions include such things as billing, payroll, and service fulfillment. List these functions and determine a process for restoring them in the event of an interruption.

58% of organizations publicly exposed at least one cloud storage service
*Cloud Security Trends, RedLock, 2018

3. Find a Backup Location

Where would you go to continue basic business operations? Review your site requirements and determine a plan for recovery. Alternative site options include working from home, relocating to a secondary site, using the site of a similar business partner, or turning to a vendor that provides recovery office space.

4. Prepare Your Supply Chain

Talk to your key vendors and suppliers about their recovery plans. According to recent surveys, less than half of American businesses have a disaster recovery or business continuity plans in place to maintain supply chain logistics in the event of a disaster. Talk to your key vendors and suppliers about their BC plans. Develop relationships with alternate vendors in case your primary vendors experience an interruption.

5. Help Employees Prepare

Ensure employees and their families are prepared for disasters both at work and at home. While data recovery and business continuity may form the backbone of a disaster recovery strategy, if employees are unable or unwilling to report to work, having your systems back online may prove worthless. Without question, most businesses will admit their most valuable assets are their employees. Help your employees prepare for disasters at home, ensure they know their role in your continuity plan, and develop and practice crisis communications and incident management plans that incorporate both employees and their families.

6. Practice Backups

Back up your data and practice restoring your technology. In today’s highly technical, connected economy, information is more valuable than ever. Having data and critical applications backed up is an essential and relatively common practice. However, make sure to store your data in an offsite, safe, and secure location, preferably 50 miles or more from your site(s). Also, regularly verify that you can retrieve your data and test restoring it back to on-site hardware. Outline a plan to replace PCs, software, servers, printers, and fax machines should your office be destroyed.

7. Create a Communication Plan

Create an employee, vendor, and key client communication plans. Update your emergency notification database for all employees, including emergency contacts like spouses or closest relatives. Make sure your employees, vendors, suppliers, partners, and even clients know ahead of time how to exchange or obtain information should your standard methods of communication fail. Also, update a list of your critical clients and vendors and store it in an offsite location. Determine a process for contacting them should your systems go down.

8. Emergency Kits

Assemble an emergency kit, with everything your team will need. An emergency or disaster recovery kit should contain items such as freshwater, non-perishable food, flashlights, extra batteries, battery-powered AM/FM radio, first aid kit, and copies of important documents and records. Additionally, your business disaster kit should contain elements such as petty cash, critical contracts and documents, corporate letterhead, software license keys, passwords, and other sensitive documents.

9. Insurance Review

Is your insurance coverage adequate? Sit down with your agent to ensure that you are insured for potential risks. Consider business interruption insurance, which may compensate you for lost income should you experience a disaster. Make sure you keep photos of your building, equipment lists, and policy information stored in a safe and secure offsite location.

10. Test Your Plan

A plan that nobody has seen is no better than no plan at all. Make sure your plan is actionable and able to be executed during times of crisis – test your plan annually and update it as necessary. Make sure to re-educate employees when any changes to the plan are made and include training on the plan for all new hires.

Does my company need a business continuity plan? What’s the worst thing that can happen?

In the words of Murphy’s Law, “Anything that can go wrong, will go wrong.” In fact, 52% of businesses experienced a disruptive event(s) in the last five years*, and your company may have been among them. Unfortunately, one of the two most popular factors that influence the mindset of companies without a BCDR plan is the experience of a recent disruption. But at what cost? This scenario deprives a community of a relied-upon business, leaving a company unprepared when trying to come up with a plan of navigating the rough waters of post-disaster damage control.

Common misconceptions

When it comes to business continuity, there are many common misconceptions. These misconceptions are what most companies use as excuses for not having a business continuity plan.

Insurance covers losses

Yes, insurance does cover losses but excludes events such as death, federal violations, and loss of reputation. In some instances, business owners incorporate public liability insurance within their contingency plans for added security. It proves to be useful when a company handles clients and customers; having a business continuity plan can help a business owner mitigate those risks.

We know what to do in an emergency

Realistically, an outline of an emergency response plan is helpful, yet it won’t provide you with much guidance on what to do when your building has been affected by a tornado or flooding. When an emergency strikes, emotions are running high. At that moment, it’s difficult to help everyone stay calm. A pre-defined plan can assist in handling an emergency in a calm and collected manner.

I don’t have time to develop a BC plan

Creating a business continuity plan is a time-consuming task that requires a lot of expertise and knowledge. However, it’s worth the time, money, and effort put into it. Investing time in developing a business continuity plan now will save countless hours of coordination during and following a disaster and will help ensure your business is prepared to restore operations quickly when an interruption occurs.

Why Bother Having a Business Continuity Plan?

Apart from innocuous misconceptions, there are substantial risks that stand behind the lack of business continuity and disaster recovery plan.

1. Violations

Most businesses, with only a few exceptions, are required to have an Emergency Action Plan (EAP). At any time, your company can be surprised by a random audit. Failure to comply with the minimum requirements will result in a violation and a hefty fine.

2. Reputation

Even large organizations, such as Facebook, whose primary product is communication, can mishandle a crisis. Your clients may be able to accept the fact that the accident happened, but they also expect your business to quickly respond to any disruption, no matter the extent. The way that a company responds to a crisis can make or break its reputation for many years to come.

3. Injury or death

Regardless of the type of accident, the main goal of any company is to keep the employees and customers safe. Companies that lack comprehensive business continuity plans will find this task more challenging. To prevent injury or death, stepping away from the handwritten EAP’s and getting on board with new business continuity technology is a good investment.

4. Financial risk

Financial loss may be among other consequences of a lack of a business continuity plan. The cost of business interruption varies from $5.8 million due to fire or explosion, $4.4 million due to a storm, or $0.55 million due to water damages†. The longer the downtime is, the higher the losses. Having a business continuity plan that covers all bases can help reduce downtime and improve RTO. Depending on the severity of the situation, your company may also be liable, which could end up costing you even more.

The business continuity and disaster recovery (BCDR) software market is currently flooded with varying degrees of continuity manager software that can all perform roughly the same tasks. As a business, this can be in your favor due to supply and demand paving the way for better prices and enhanced competitive features. Having a Business Continuity Plan is vital for your organization . However, with so many options, it can be overwhelming to sort through all of the available continuity software until you find one that suits your company. In this blog post, we’ll explain what we’ve found to be three of the most valuable features you should ask for in your business continuity manager software. To begin with, let’s discuss a continuous Business Impact Analysis (BIA).

What Is a Continuous BIA?

A BIA is necessary to establish parameters within your organization as to better estimate if there were an incident, what would be the best solution to get your company back on its feet, and how fast you would need to recover. A continuous BIA (offered in most business continuity software) can be updated regularly so you can ensure compliance with your industry’s regulations and maintain a well-developed plan to coincide with your business’s growth and expansion. It will retain the data from your last update, never resetting or deleting. The interaction that software provides can far outweigh that of a one-time-use template.

How Does a Continuous BIA Keep You Compliant?

No matter the industry, regulations exist to ensure quality, safety, and best practices. These guidelines are also associated with large penalties and fees for not meeting minimum compliance requirements. Every business, with only a few exceptions, is required to have an Emergency Action Plan (EAP) . A continuous BIA, unlike simple template forms, allows you to keep your BCDR plan up to date on compliance and government regulations. By having software that can track the completion of your plan, you are better able to see your progress towards being compliant. Also, because of the control given to the user to update and revise continuity goals, you’ll be able to easily incorporate new regulations as they arise.

How Does a Continuous BIA Accommodate Growth and Expansion?

Profit and customer growth are universal business goals driven by passion and ambition. Because of this, businesses are constantly evolving to the trends of their consumers’ markets to expand reach into new territories. These expansions could mean new software applications, upgraded tools and equipment, or even an increase in employees. To keep up with the movement of your business and maintain a well-developed and up-to-date BC/DR plan, having the capability to continually update your business’s BIA is crucial. When was the last time you updated your BIA?

Whether it is an earthquake, tsunami, tornado, or another natural disaster, a business must ensure that it is prepared to survive both the disaster and its aftermath. Unfortunately, many companies, while taking measures to survive the physical toll of a natural disaster, fail to account for the potential financial and data loss that a disaster can produce. In today’s economy, a business that finds that it has lost its databases and is unable to secure funding to continue operations may be doomed regardless of its physical status. For this reason, putting measures in place to secure a company’s data and provide for its continued financial health in the face of a natural disaster must be a priority for every company, regardless of its size or location. From Washington earthquakes to Florida hurricanes and from California wildfires to North-East blizzards and even man-made events, there is no place on earth where a company can afford to ignore the need to prepare for a disaster.

1. Evaluate the Most Likely Natural Disasters in Your Area

Tornadoes are very common in the Midwest but do not typically impact large areas of the region. Conversely, major California earthquakes are quite rare, but when they do occur can impact vast areas all at once, leading to the long-term interruption of utilities and other government services. When preparing for a disaster, the business must determine what types of natural disasters it is likely to face in any given area. For large companies with multiple business locations, this can result in the need to craft several specific disaster response plans for various facilities, rather than depending on a single plan.

2. Create a Disaster Response Plan

Preparing a disaster response plan is a vital part of preparing to weather a major disaster. Without one, a company will find itself unable to meet the challenges of the post-disaster period. A disaster response must include the following components:

  • – A clearly defined chain of command so that even the loss of senior management will not hamper the company’s ability to make decisions in the days after the disaster.
  • – Already prepared plans to shift to an emergency location so that vital company functions can continue after the disaster.
  • – A complete and updated roster of the company’s employees that can be used to assist emergency services in determining the status of the company’s employees.
  • – Procedures for recovering any confidential records that the company may have on-site and storing or disposing of them without risking a data breach.
  • – A defined and frequently rehearsed site evacuation plan.

3. Data Protection and Post-Disaster Operations

A company must ensure that its data is always secure, no matter the type of disaster. The most effective tool, in this case, is to use off-site cloud data storage services in order to ensure that all company records are maintained in a secure location. It is important to ensure that the data storage site is geographically distant from the business. After all, it does no good to preserve a company’s data at a site that may be destroyed in the same natural disaster! Because a cloud service is accessible via the Internet, company employees can continue working, even if they are currently housed in a hotel or other remote location. A company should maintain a detailed plan on how to quickly relocate and start making use of cloud-based data after the disaster. In addition, cloud insurance policies should always be maintained in order to ensure that the business is protected should the cloud service be interrupted for any reason.

4. Disaster-Related Insurance

Disaster insurance can cover a wide range of issues. A company should be certain that any policies it purchases will cover all potential natural disasters, unlike most general insurance policies. Common types of insurance include the following:

  • – Insurance for physical damage, including the destruction of company inventory or buildings.
  • – Data loss insurance, which will cover the company from any losses relating to the loss of its electronic or physical data.
  • – Liability insurance can protect the company from disaster-related claims. This can be especially important should customer data be lost during the disaster.
  • – Business interruption insurance can compensate the company for any lost income due to disaster-related service interruptions.

5. Watch Insurance Caps

All insurance policies have an insurance cap or limit on the total amount the policy will payout. Especially in the case of disaster-related liability lawsuits, a company may find that its insurance policy will quickly hit the insurance cap, leaving the company financially vulnerable. A company must ensure that its insurance policies will cover all likely losses, rather than running the risk that a low insurance cap will see the company destroyed by post-disaster financial losses. Companies change over time, and the preparations that were adequate a year ago may not be sufficient today. A business should regularly reevaluate its preparations for a disaster and immediately modify any aspects of its planning that are no longer adequate to protect the business. Preparing for a disaster is not something to be left to the day when the tornado alarms sound or the earth starts to shake. By maintaining regularly-updated procedures to prepare the business for both the disaster and its aftermath, management can ensure that the company is prepared to survive and thrive in the post-disaster period.

Guest Blogger:  Mark Norton – Director of Business Continuity, Agility Recovery A challenge we frequently hear about regarding business continuity planning is the lack of management support. I believe it’s a common misunderstood dilemma that can be avoided with a bit of illogical reasoning. We live in a world where people fear flying over driving, are troubled with scenes of terrorism and believe the greatest threat when vacationing at the beach is being attacked by a shark. However, a rational look at data suggests that it’s over seventy times riskier to drive a vehicle than to ride in an airplane; that more Americans have died from food allergies over the past 50 years than have been killed by international terrorism; and that getting a sunburn at the beach is far more dangerous than entering the water where a shark may be swimming nearby. Yet, how many of us feel more comfortable behind the wheel of a car versus in the seat of an airplane? How many will ask for the ingredients of our food at our next meal before we start eating or spend more time stocking up on sunscreen vs. watching Shark Week before the next beach trip? The answer goes hand-in-hand with how business leaders may approach business continuity. If we were to rationally calculate risk, we’d use this formula: risk = probability x consequence. However, humans have adopted a slightly modified and irrational formula to calculate risk: risk = probability x consequence x dread/optimism. Depending on whether or not you’re an optimist or pessimist, your risk calculation will err by being irrationally cautious or aggressive. This irrational calculation of risk is why you should speak with your management team about risk, and the best way to manage it. While I wouldn’t suggest calling your leadership team irrational, it’s important to recognize the obvious…they’re human, and as human beings, we tend to incorrectly manage our risk.

Understand Your Risk Tolerance

Generally, making assumptions is a dangerous business, but if you assume your management team cares greatly about the survival of your organization, then you can also conclude they care strongly about business continuity and disaster recovery. Adopting this precarious element of reasoning allows you to shift your focus, time, and energy from proving the necessity of business continuity to providing facts about risk that allow them to make the best, rational  decision about your recovery strategies. As with the rest of us, your management team likely has a bias towards being risk-adverse, thus defining your organization’s risk tolerance. Some organizations are going to be more risk-averse and others more tolerant. Some organizations cannot legally accept the risks, while others may plan to thrive off good fortune.

The Reality of Risk

After properly accessing your organization’s risk tolerance, you need to provide a case study that endorses a sound business continuity and/or disaster recovery strategy based on rational, objective facts about risk to your organization. The truth about disasters is that without a plan or executable strategy, your organization’s existence is threatened. Although you can provide stats of historical natural disasters in your area, the biggest fact to share with management is that isolated, man-made disasters are completely unpredictable and can be A nything happening to A nyone, at A ny time, A nywhere in the world (4 As of Disasters). Without the ability to recover all of your critical functions quickly and effectively, you could suffer a devastating, long-term consequence. Occasionally it could be so severe that it takes you out of business.

Test Your Current Plan

For those who truly want to understand their ability to continue their business no matter what, a simple tabletop or mock exercise will reveal a lot about your organization's readiness. Regardless of whether or not you were successful in establishing sufficient business continuity and/or disaster recovery strategies to protect your organization, a test of your strategy will confidently convey your organization’s level of preparedness. Agility has an Active Shooter Tabletop Exercise available for download. This tabletop will guide you and your team through an active shooter scenario so you would know how to react if one were to occur in reality. The best way to make sure you're prepared for a real-life scenario is to put your plans to the test. Finding the right recovery strategy is paramount to your organization’s survival, and it may be up to you to start this conversation. Your greatest challenge likely will be to resist viewing management’s caution or initial resistance to business continuity/disaster recovery as apathy. Instead, accurately identify it as your management team’s risk appetite and start proposing solutions that fall within their tolerance. Through practicing (testing) your recovery strategy over time, you will be able to gain more and more rational, sound approaches to ensuring your organization’s survival. Ripley, A. (2008). The Unthinkable: Who Survives When Disaster Strikes – And Why. New York: Three Rivers Press.