On Episode 57, we discuss the essentials of an effective Business Continuity Plan.
CCO Buzz: Hello, and welcome back to the CCO Buzz! On this episode, we’ll discuss if your businesses continuity plan is adequate and effective. We hope you enjoy the episode!
Now that we are going into fall and winter season, which means hurricanes in the East, tornados in the Midwest, and always the possibility of earthquakes in the West - it’s time to focus on your Business Continuity Plan.
When a disaster hits, such as a hurricane or earthquake we all know that the number one concern is the safety of family and employees. So a BC (Business Continuity) Plan, which is also commonly referred to as a “Disaster Recovery Plan” should outline what steps the firm would take to continue its business after any immediate safety concerns have been dealt with. For a plan to be truly effective, it should address (at a minimum) the following areas:
• Steps the firm takes to backup their required books and records, both electronic and paper versions
• Identification of critical business systems and service providers
• Identification of key personnel needed to continue business due to a disruption
• Alternate locations and ways to communicate with employees and clients, when necessary
• Business disruption procedures
• Testing of the Plan
• Employee training
Importantly, your plan should outline the steps the firm will take during certain types of disruptions. Different types of disruptions will result in different actions taken by the firm. For example, a localized event, such as a building fire would allow key personnel to work from home, where a more wide spread event, such as a large earthquake would cause the firm to relocate its key personnel to an alternate location that is most likely miles away. Remember, a disaster can come in many shapes and sizes, and while you don’t have to address all scenarios in your Business Continuity Plan, you should have procedures for the main types that could most likely affect your firm.
Another critical component of a Business Continuity Plan is testing. A full test of the plan should be performed at least annually to not only determine effectiveness, but to correct any issues that come up during the test – therefore eliminating the possibility of it happening during an actual disruption.
You can divide the full test into sections to be tested throughout the year, just remember to document the testing, the findings and what corrective steps were taken.
Training is key to a Business Continuity Plan and should be performed at least annually. This not only allows employees to fully understand what they need to do in case of a disaster, it can help them feel more in control and aware during an actual event.
So when you assess your current Business Continuity Plan, think about the following:
• Have you identified all critical systems, software, records, and personnel that would be needed to efficiently relocate to, or work from another location?
• If you use redundancy servers, have you tested to confirm they will go live when needed?
• If you are relying on backup generators, have they been tested?
• Would any wide spread disaster also disrupt the business of any key service providers that you use? If so, what additional protocols need to be added should that happen?
• Have you performed due diligence on your key service providers to determine if their Business Continuity Plans seem adequate?
• What type of alternate communication system could be used if the internet and phone lines were down?
• Has the firm adequately addressed steps to be taken in the case of a cyberattack? How detailed is the firm’s cyber incident response plan?
• Are current training procedures robust enough to ensure employees have a clear understanding of what to do during business disruptions?
When it comes to disaster recovery, the more that firms and employees can be prepared, the better. This can result in significantly reduced exposure and costs, not to mention mitigating the potential for loss of clients if you aren’t well prepared to continue the business.
Core Compliance can assist in drafting, testing and training, so please give us a call at (619) 278-0020 should you need assistance.
Well that’s it for this week’s episode. If you’d like additional information, please check out our website at www.corecls.com. You can also follow us on Facebook, LinkedIn, or Twitter @CoreCls. Thank you, and we hope you tune-in to next week’s episode of the CCO Buzz.