Planning and Practicing Gives Your Business an Emergency Edge
As a business owner, you are used to assessing risks that could impact your results, but you may not have considered disasters and emergencies as part of your total risk assessment. Depending on where your business is located, your company could be impacted by a hurricane, severe wind, a tornado, an earthquake, a fire, flooding… the list goes on and on.
Along with these natural disasters, often come power outages, and these can occur as a result of a severe thunderstorm or an outage of the power grid. Businesses also need to prepare for cybersecurity emergencies, active shooters, handling hazardous materials and chemical spills, and many more hazards. Being able to handle health emergencies, like a flu outbreak or the current pandemic, should also be considered.
Building a Plan
The best way to address emergencies and disasters for your business is to build a formal Business Continuity Plan. Here are some key considerations:
- Identify the key stakeholders in your business and have them participate on a Safety Committee responsible for building your Business Continuity Plan.
- Determine if external stakeholders, like the police, fire, medical and local government resources should be included formally or informally. You may also want to include vendors, supply chain partners and customers, so you can keep their concerns top of mind.
- The Business Continuity Plan should identify the risks associated with your business, its location, your industry and other health or societal emergencies. The plan should address “all hazards and risks” so that all pertinent information is in one place.
- The plan then needs to review all key operations and functions of the business to determine those that are mission critical or financially critical in the event of a business interruption.
- After identifying the risks to critical functions of the business, the plan should address how the business will mitigate the risks and what alternatives will be used to support critical functions during the emergency.
There are two areas that require sub-plans:
Communication
You need a detailed communication plan that outlines who communicates what, to whom, when, and through what channels. Handling media and other external sources, such as police and government officials, during an emergency must be addressed as well as identifying company spokespeople for external interface.
IT disaster recovery
The second sub-plan should cover IT Disaster Recovery to address software, hardware, telephone, network and data recovery. This plan identifies all backup processes, locations and tools so employees can work remotely or at alternative sites as required.
Finally, since insurance provides your primary financial risk mitigation, be sure to sit down with your agent and review your insurance coverages in detail to make sure your company is adequately covered for all of the risks you identified as part of the planning process.
Practice Makes Perfect
Once you have built your Business Continuity Plan, don’t throw it into a desk drawer. For a complex plan like this to work, you need to build muscle memory so everyone knows what they need to do as soon as an emergency is identified. Pick one of the most-likely-to-occur risks and then run through the plan. This annual exercise involves all the key plan stakeholders who actually run through what they would do based on the emergency that is being addressed. After the exercise, debrief what went well and what needs improvement, then revise your plan accordingly.
Since September is National Preparedness Month, there’s no better time than now to sit down and complete a Business Continuity plan. For access to a range of business planning tools to help you, visit ready.gov.
Source: https://www.ready.gov/
