Page 1

For additional information, please refer to the following resources: Recovery_Planning_The_Basics#1

Business Continuity Planning: An Insurance Policy for Your Organization

Disasters happen all the time. Whether it’s a fire, flood, or some other natural disaster, you need to be prepared. You know the statistics about organizations that face a disaster; according to the U.S. Department of Labor, 40% of businesses never reopen after a disaster. So, what can you do to avoid becoming a statistic? The answer is obvious, prepare! Disasters don’t have to be devastating. Here are 6 general steps to help you prepare for the next one.

1. Identify and evaluate business requirements. • Employees/volunteers • Location • Technology infrastructure • Services you provide • Time sensitive processes • Special equipment 2. Protect your data. Do you perform nightly backups? If you know a disaster is coming, you should back up your data more often. 3. Analyze possible threats and risks. Both internal and external. 4. Document the BCP and educate staff. 5. Test the plan. Test Everything: • Your Staff • Hardware • Software • Systems • Services • Processes • Procedures • Security, etc. 6. Re-evaluate and update your Business Continuity Plan each year.

Think of a Business Continuity Plan as an insurance policy!

Communication with your staff is key. They should be educated on the Business Continuity Plan well before disaster strikes as you will not have time and may not have the communication resources to do so afterwards. Inform your staff what needs to be done and what skills are required for a particular task. Do not, however, try to tie a staff member to a particular task in the event that some of your staff may not be available if the disaster is widespread.

Business Continuity Planning is all about preparing your organization for the unexpected disaster, so you can continue your normal operations as quickly as possible.

You don’t want to find out after a disaster that something in your plan was incomplete. Testing the plan helps you work out the details that might otherwise be forgotten.

First you must know exactly what you’ll need to make that happen. Identify all the business requirements and rate them in order of importance. Keep in mind the many different types of disasters and how each one may have an impact on your organization

Testing should be conducted on every area of operations for your organization—not just the technical aspects. Be sure to test everything. Adjustments should be made, and more than one test may be necessary.

Analyze the requirements and the resources necessary to fulfill the requirements and maintain operations from a secondary office space or from home. Can any processes be put on hold, and how do they affect your overall operations? Data backups should be performed nightly to ensure your data is always up-to-date. Backup files should be stored off-site in a secure location, preferably a secure data center with redundant power supply. Without the key information your organization relies on every day, there is little hope to recover from a disaster. Disasters can come in many forms, and your organization should be prepared to handle each of them in a different way. E.g. How you manage a natural disaster like a tornado should be different than how you handle a health crisis. Risks may include operations performed by just one person with the necessary skills and knowledge. What will you do if that person is unavailable? While developing a BCP, it’s a good time to perform a Security Audit to evaluate all your security risks. Having a well thought out BCP is a good start, but it won’t help you recover from a disaster if your staff isn’t well informed. An educated staff will be more likely to buy-into the plan, and they will be better prepared to enact it if disaster strikes.

Changes should be communicated to your staff. And don’t forget to educate new staff as they come on board. Your BCP should be re-examined on an annual basis since technology, staff, and procedures may change.

Technical Aspects of Business Continuity: Any Business Continuity Plan is going to center around your organization’s technological resources. These include not only hardware and software, but also your human resources to get the technology back up and running. A thorough Business Continuity Plan should include updated configuration diagrams as well as the names and contact information for your technology providers. • Software applications • Phone systems • Hardware • Telecommunications services, etc. The BCP should include details on what needs to happen, in the order it needs to happen, and how it will all get done. • Network set up: security, redundancy, etc. • Server set up and configurations • Load operating systems • Install application software

Related Issues to think about While there are many technical aspects to recovering from a disaster, there are also a number of other related details to think about. Such as: • Who has authorization to purchase new equipment for emergency needs? • What processes do they need to follow? • How will you notify your staff (both internal & external)? • How will you communicate with those you serve? − Donors − Students − Alumni

• Restore data • Synchronize database • Make configuration changes • Perform follow up checks • Open service to users • Set up phone system (if you’re out of your offices for an extended length of time) • Data backups • Power backup: UPS, backup generator, etc. • Document management Keep in mind, your staff may not be available to help. Store contact information for several organizations that may be able to help if you’re short-staffed.

− Board members, etc.

While it’s impossible to anticipate every possible disaster that could affect your operations, having an overall Business Continuity Plan will ensure your staff is able to deal with it in a planned, organized manner. It will help you recover more quickly and reduce the impact of the disaster on your organization.

Insurance Policy for Your Organization  

Business Continuity Planning