Whether hurricanes, pandemics, wildfires, or other catastrophes like unanticipated shutdown orders, most companies are not immune to unplanned business interruptions. And while there are many legal, regulatory, and contractual requirements for companies to anticipate and plan for such, most organizations are woefully unprepared for an inevitable interruption to normal business activities. Often, the difference between a company of great value that survives for generations and those that are merely a passing concern is the ability to plan for, adapt to, and survive the unexpected. Great people, great products, and great ideas only get you so far.
Business Continuity Planning (“BCP”) is the process of creating a system of prevention and recovery from potential interruptions and other threats to an organization. Its purpose is to enable a business to recover certain vulnerable parts of the company after an interruption occurs. Businesses that engage in BCP are more resilient against emergencies and disasters than are those that do not, because such planning helps to ensure personnel and assets are adequately protected and able to resume functionality quickly following an interruption event. BCP also helps to ensure compliance with ever-changing regulatory requirements. Thus, BCP can be the difference between successfully recovering from a business interruption versus not. Fortunately, there are many resources and guidance available to businesses intent on sustainability and survival.
Undertaking the creation of a Business Continuity Plan is no small feat, but requires careful planning and assessment of mission-critical functions and available resources. However, developing such a plan can circumvent the misfortune of succumbing to a hard-hitting business interruption. The elements of a Business Continuity Plan include: 1) The Team, 2) The Mission, and 3) The Policy.
- The Team
- The BCP Planning Team should include diverse members across an organization’s various departments, including upper management, human resources, legal, finance, operations, as well as onsite personnel who are most likely to encounter operational hazards resulting in a business interruption. Once the team is formed, roles and responsibilities regarding plan communications, implementation, monitoring, maintenance, and crisis management should all be assigned. A budget and planning calendar should also be established.
- The Mission
- After a Team is formed, upper management and ownership will need to communicate the commitment to the Business Continuity Plan and Team from the highest level of the organization in the form of a Mission Statement. A BCP advisory team member, such as legal counsel, can assist with the formation of the issued statement.
- The Policy
- Following the formation of a Team and the preparation of the Mission Statement, a Business Continuity Policy, encompassing a comprehensive set of standards and guidelines for ensuring the effectiveness of the organization’s BCP, should be created. The final BCP Policy should identify a chain of command, establish the flow of information and personnel direction through emergency communication protocols, identification of and processes for managing resources, as well as other key methodology related to potential losses and recovery strategies.
This is the first of a multi-part series of blog posts which will introduce the concept of Business Continuity Planning and explain the elements that go into making a typical Business Continuity Plan. This series will focus on:
- The Fundamental Elements of a Business Continuity Plan;
- Risk Assessments;
- Emergency Action Plans;
- Disaster Recovery Strategies;
- Business Interruption Insurance; and
- Useful BCP Checklists.
It is strongly recommended that companies interested in developing a Business Continuity Plan consult with licensed legal counsel, an HR consultant, and/or insurance professional to thoroughly analyze their business organization’s susceptibility to interruptions, and to put together a thorough and specific Business Continuity Plan that complies with applicable regulatory or other legal requirements. In most cases, Business Continuity Planning should be conducted in conjunction with an overall threat assessment, as well as the procurement of various types of insurance coverages, such as business interruption insurance, which will be discussed in this series.