SHOW
By definition, disasters are unexpected – misfortune written in the stars – and hopefully rare. But for a business to survive in the long term, it must be prepared to overcome major disasters and routine calamities. Major corporations may be cushioned by their financial reserves, while a smaller business forced to close its doors during a disaster may never reopen. When disaster strikes, you want to be the exception – the business that recovers swiftly because it was better prepared and more resilient. In this blog, we share some of the basic steps businesses of any size should take to protect themselves.
Communication during and following an emergency presents a variety of challenges. Devising an employee safety and communication plan that works is absolutely essential. The specifics vary widely from company to company, but your emergency safety and communication plan must address the following:
Your safety plan depends heavily on the nature and location of your business. Safety planning for a large manufacturing facility will differ from the planning for a small real estate office, for example. Because of this, it’s difficult to provide best practices that apply to everyone. The key is to match your safety plan to the needs of your organisation.
For an effective communications plan, you must gather and document a variety of critical information. Verify that it is easily accessible and stored in a number of secure locations. This should include up-to-date employee contact information (email, mobile and home telephone numbers, emergency contact information, and so on). It should also include a method for contacting employees.
Email is the easiest way to reach a large group of employees, but if your company’s email server is down, you are out of luck. Some businesses employ redundant exchange servers or cloud-based services to ensure email access. Of course, if you are without internet access entirely, you’ll need an alternative.
A call tree – sometimes referred to as a telephone tree, call list, telephone chain, or text chain – is another popular method for distributing important information to employees during and following an event. Here’s how it works. A predetermined employee initiates the call chain with a call and/or text to the next person in the chain. That employee contacts the next person on the list and the chain continues until everyone on the call tree has been reached. To be effective, call tree procedures must account for what happens when the next person on the list cannot be reached, ensuring the chain will not be broken by a few missing links.
Alternatively, or in addition to planning for a call tree, you can automate emergency calls with purpose-built communications software and services.
Regardless of the methods you use to distribute information to your employees, your emergency communications plan should provide enough detail that it can be carried out by others if the plan’s creator is not available or can’t be reached during an emergency. Your plan should also encompass a variety of potential emergency situations. The response to a fire in your facility during working hours is very different from communications following the widespread distribution of a defective product, for example. Emergency communications should be brief and as accurate as possible. Depending on the structure of your organisation, you may want to keep managers updated, allowing them to pass on information to direct reports on a “need-to-know” basis. Again, the specifics of your business dictate the correct approach.
Finally, it is essential to test and update the communications plan periodically. Carry out tests to find gaps in the plan such as out-of-date employee lists or contact information.
Managing customer relationships is critical to the ongoing success of your business. As such, it is important to devise a plan for distributing information to your customers during and following a disaster or major disruption. The scope of your customer communications plan will vary depending on the nature of your business.
Not every glitch in operations merits reaching out to your customers. However, if an event is likely to impact them, you should communicate the details of the issue and explain the steps you are taking to mitigate it. This might mean direct communication to your customers, but it could also mean messaging through traditional and social media. Failure to do so can have a negative impact on the reputation of your organisation.
You also need to handle a wide array of incoming communications following a disruption. Depending on the nature of your business this could mean support requests, high volumes of email and telephone traffic, social media activity from frustrated customers, media interest – the list goes on and on. Handling any of those poorly could hurt customer loyalty and damage your organisation’s image.
How do you keep your good reputation intact? It comes down to careful preparation. Firstly, you must be prepared from a personnel standpoint.
All customer-facing staff should be briefed and ready to deliver a clear, consistent message. You may want to consider using scripted templates which can be adapted to address various contingencies. Scripted messages can be developed and approved by management before disaster strikes, making it easy to quickly distribute them to customers following a disruption. Limit the need to improvise during a crisis.
You also need to ensure access to a communication infrastructure (telephone, email, internet access). This might mean redundant telephone lines/services, hosted PBX systems, cloud-based email or redundant exchange servers, and so on. Larger businesses may need to invest in a secondary contact centre to manage inbound and outbound communications. A number of vendors offer call centre services, temporary workspaces, and even mobile data centres.
Testing all or parts of your customer communications plan should be considered essential as well. Testing is the best way to identify and resolve customer support weaknesses and communication infrastructure issues.
To understand the IT component of business continuity and disaster recovery (BCDR) today, it helps to look at the not-so-distant past. It really wasn’t long ago that backup meant daily incremental and weekly full backups to tape or a dedicated disk backup target. Duplicate tape copies were created and shipped off site for disaster recovery – typically to a secondary site maintained by the business or to a tape-vaulting facility. Many businesses continue to use this model today, and depending on your recovery needs it may be perfectly adequate.
However, disaster recovery from off-site tapes can be painfully slow. Firstly, you need to retrieve the tapes from an off-site location. Once they are back on the premises, you must load the data onto your backup server before you can begin restoring data and applications to your primary servers. This means considerable system downtime, during which business applications will be unavailable or unreliable and business operations will be handicapped.
When creating an IT disaster recovery plan, it’s important to understand two concepts: recovery time objective (RTO) and recovery point objective (RPO). RTO is the amount of time that it takes to get a system restored following a failure or disaster. RPO is the point in time to which data can be restored following the event. So if you performed a backup at 6 pm each night and a server failed at 5 pm the following afternoon, your RPO would be 23 hours and any data created during that period would be lost. For many organisations, this is unacceptable – particularly applications related to generating revenue or serving customers.
For faster recovery, you can replicate data to a secondary site that mirrors your data centre and can quickly take over IT operations. However, this approach requires a massive investment in hardware because it requires two sets of identical servers, storage, switches, software, and so on. Not to mention a secondary data centre facility. Remote replication to a backup data centre allows users to fail over operations to a secondary site in the event of a disaster, which improves RTO – but is beyond the financial reach of most businesses.
As noted above, many organisations today have limited tolerance for downtime. If your employees do not have access to essential applications and data – or public-facing applications are unavailable when customers are trying to access them – productivity and revenue will plummet.
Downtime is just one factor that can impact your bottom line. Again, there is a broad spectrum of possible considerations depending on the size and type of your organisation. However, the following applies to many businesses.
Insurance – Insurance is an important factor in your recovery effort. For example, let’s say your business has numerous warehouses full of goods awaiting distribution at any given time. The cost of replacing goods in the event of a fire or flood could be massive and severely impact your ability to continue operations. So it is essential to select the proper insurance coverage for your business’s specific needs. Beyond that, it is also critical to document all insurance information including policy details, login information, the process for filing claims, and so on.
Training – It’s likely your business will identify employees as critical to the recovery process. This might mean executives, department managers, and IT staff. Whatever the structure of your business, you will need to define business continuity roles and responsibilities. Cross-train staff on essential tasks, in case a critical employee is unavailable following the event.
Facilities – Evaluate the facility or facilities in which your business operates.
Considerations might include but are not limited to:
Dependencies – It is important to consider dependencies within and especially outside of your organisation. Let’s say you are in the business of manufacturing medical devices. You might source parts from a variety of vendors – possibly worldwide. Let’s say one such vendor suffers a flood or fire and production comes to a halt. This could limit access to the raw materials you need, directly impacting your ability to continue operations. Your business continuity plan should offer solutions to mitigate these issues – for example, identifying multiple suppliers or stocking up on essential parts.
Business continuity and disaster recovery planning should be considered a critical aspect of running a business. However, many organisations disregard it completely. Others may have a plan in place but fail to grasp how time-consuming the recovery process and the associated cost of downtime can be. The good news is that today’s data protection technologies and services have greatly improved the IT piece of the business continuity puzzle. There are a wide array of options in the market today at different price, which enables you to select a product or service tailored to your specific business needs.
The importance of testing business continuity and disaster recovery plans cannot be overstated. Testing is the only way to reveal gaps in your plans and address them proactively – not while you are frantically trying to pull the pieces back together after heavy rains have deposited a foot of water in your lobby.
