How to create a business continuity plan

Having a plan can mean the difference between recovery and disaster

No one likes to think about the worst thing that could happen to their organisations. But the more complex our IT architectures become - particularly with varying cloud or hybrid platforms - the more essential it is to have a business continuity plan in place in case of downtime.

In the past two years, 95% of enterprises have had to deal with at least one data centre outage, according to Gravic Inc. These disruptions sideline entire data centres, not just single systems. A study from the Ponemon Institute into data breaches in 2018 has shown that the averate total cost of a data breach last year was $3.86 million, with the most costly component being lost business cost. Even a small disruption to business will cost money, so having a plan in place can mitigate revenue losses.

A business continuity plan is more than just making sure critical IT and services are available if disruption occurs, or being able to restore functions quickly. A good plan should aim to keep the complete ecosystem of critical business functions operational in the event of a serious incident.

Why have a business continuity plan?

There are a wide range of reasons why an organisation should have a business continuity plan put in place 

Firstly, it is a communication tool. Having a plan in place means that everyone will know what to do in an emergency. In a disaster, if someone doesn't know what role they need to play, the risks aren't going to be mitigated.

Secondly, it means that your organisation is proactive. When disaster strikes people will know what to do instead of trying to figure out things as they go along. This also helps manage any negative impact on the company's reputation; it may be difficult to avoid data breaches entirely, but demonstrating preparedness will make clients more understanding.

Thirdly, having a plan means that you have a good chance of recovering from disaster. When you protect mission-critical parts of a business, there is a good chance of survival and staff morale will be higher for it.

Not only does having a plan increase your chances of recovering from an incident, but it also reduces the likelihood of you having another one. Businesses that don't have a business continuity plan are 32.3% likely to have a data breach at some point over the next two years, but this falls to 23.4% for businesses with a plan, according to the Ponemon Institute.

Finally, a business continuity plan can reduce the time it takes to identify and contain the data breach incident, especially if staff have a structured plan to follow. It significantly minimises disruption if teams are aware what steps they need to take to keep the business up and running.

What's in a business continuity plan?

A plan should provide a roadmap for employees so they know what to do when things go bad. Such a plan should include the following. 

Threat analysis natural disasters, such as a flood can destroy IT infrastructure, while a cybersecurity hack can put your network offline but not affect personnel. Bombs could kill people and destroy equipment. It's important to cover what to do for all major possible threats.

Who's responsible when disaster strikes, an organisation should have a list of personnel to contact and what they role in a continuity plan will be. An organisation should also keep contact details of external services, such as police, fire, etc.

Plan a backup it is important to have a backup of important data offsite away from where an organisation is based. There should also be consideration given to backup power supplies. In addition to uninterruptible power supplies, one should also consider what to do if the power will be out for a considerable amount of time.

Alternative comms and operational sites if you have no telephones or internet, you need to plan how you will keep in contact with customers, employees and others. A plan should also cover how and where to set up operations in an alternative location.

Increasingly, organisations are putting in place formal disaster recovery (DR) processes as part of their business continuity plans.

A global study into DR processes in 2018 showed that 39% of companies had an automated DR process in place, up from just 16% in 2017. Using automated processes like this to get your business up and running in the event of a breach is a good way to make significant cost savings.

Managing a business continuity plan

Managing a business continuity plan means keeping it up to date, changing details to ensure they are correct. It is also important to review the impact of new processes, systems and technology on a regular basis and add these to the original plan.

Those responsible for the plan should also make sure that all employees that could be affected by a disruption to the business have read and understood the plan, what their role in the implementation is and how the plan will be executed. Even non-essential personnel should be informed about such things as building evacuation measures, as well as emergency locations.

In the event of a breach, the business continuity plan should be reviewed and adapted if necessary to further minimise disruption in the future.

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Recommended

Up in the air: Travel in the age of COVID-19
Business

Up in the air: Travel in the age of COVID-19

26 Nov 2020
Four ways CIOs can drive digital transformation
digital transformation

Four ways CIOs can drive digital transformation

25 Nov 2020
CTO job description: What does a CTO do?
Business strategy

CTO job description: What does a CTO do?

2 Oct 2020
How to delete a Facebook business page
social media

How to delete a Facebook business page

15 Sep 2020

Most Popular

46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020