Business continuity, disaster recovery, risk analysis, crisis management, critical function recovery… for the average entrepreneur, these are not common terms, yet small businesses need to plan for disasters as much, if not more than larger businesses, because a failure to do so could literally mean the end of the business.
Some (not so) fun facts
- 51% of companies admit to not having a crisis management plan in place. (RockDove Solutions)
- 90% of businesses with no disaster recovery capabilities close after a major failure. (Nexstor)
- 60% of small businesses that lose significant data close within six months.
- $3.6 million is the global average cost of data loss. (Ponemon Institute)
Can you afford not to plan for a disaster?
Crisis or Disaster
A major emergency, dangerous situation or disruption in business activities, which may have a significant impact on its operations and public image. Typically, a crisis may fall into one of two categories:
Imminent Danger/Major Disruptions – natural disasters, terrorism, extreme power failure, strikes and riots, fire and floods.
Compliance/Brand/PR – significant POPIA breach, employee racism or GBV incident going viral, substantial fraud.
Disaster Recovery Plan
Disaster Recovery (DRP) focuses on the business-critical IT, infrastructure and systems. The aim of DR is to identify where your business is exposed and to minimise downtime. DR is concerned with how a business responds after a disaster, and most importantly, how it returns to normal.
Business Continuity Plan
A Business Continuity Plan (BCP) is a strategy for a business to remain operational during a disaster. It includes prevention steps and recovery actions to minimise the losses… a next best approach. DR is a subset of business continuity. For example, in the event of a fire damaging the premises, a BCP may provide for employees to work remotely on a short-term basis, whereas the DRP will focus on how to get everyone back into a single workspace with all necessary equipment, software and data replaced.
Risk Impact Analysis
An evaluation of potential hazards and the business’ vulnerability that may result in harm to people, property, services, livelihoods and the environment.
How to Develop a Business Continuity Plan
- Document the products and/or services that your business produces or delivers.
- Write a very brief description of each product or service. (This is not an inventory list, but refers to the types or categories of product)
- Identify the key resources that you need to deliver the product or service, such as employees, premises, delivery channels, IT etc.
- Decide which are your most important products or services and prioritise them.
Example for a research business
Product / service
Research subjects' sensitive data
Personal data, including addresses and ID numbers
Staff: research and outsourced field agents
- Conduct a risk impact analysis with your team.
- Plan action steps to ensure that critical IT and business functions can be protected (e.g. security and insurance) as well as restored a.s.a.p. This should answer questions of when (when is it deemed a disaster?), where (where should staff go, vital IT equipment and valuable assets be stored), and how (who needs to do what?). This would include a DRP, if the business is highly IT dependent.
- List emergency contact information for all staff, emergency services, IT suppliers, key clients and legal or compliance officers. Have remote access codes for all websites, social media platforms, apps etc.
- Document information on data backup solutions and access.
- Develop a communication plan.
- Train all employees, provide physical copies of your plan and test, test, test!
Why is a Communication Plan necessary?
Because social media can be both your saviour and your nemesis in a crisis… especially if the crisis is brand-related. When, how often, and how well you communicate during a crisis may result in understanding, support and even forgiveness from clients and the public. The opposite also holds true.
Communication Plan Do’s and Don’ts
- Develop a plan as part of your business continuity planning.
- Make sure the roles and responsibilities of every department or person are clear.
- Admit fault for actual wrongs or mistakes.
- Apologise quickly and sincerely – even if the crisis is beyond your control, you should still be sorry for the inconvenience.
- Present a temporary solution and the promise of a long-term one (if appropriate).
- Over communicate.
- Assume that everyone will remember or follow the plan – people panic!
- Make excuses.
- Deviate from the business continuity plan unless agreed upon by the team.
- Rush communications. If it can be taken the wrong way, it will be.
- Send out any communications that haven’t been proofread and reviewed by at least 1 other person.
One day you will arrive at your business expecting an ordinary day of hustle and hard work. Out of the blue, the unimaginable happens. You cannot predict what the event will be or when it will occur, but you can plan for its inevitability.
By Janet Askew