Disruptive events or crises such as fire, flood, cyber attacks, and others may occur at any time. Therefore, organisations and companies need to prepare themselves using a business continuity plan well in advance. A business continuity plan will set guidelines for the manner crisis events need to be dealt with in order to prevent and minimize the damage, as well as recommending ways of action for quick, efficient, and inexpensive recovery.
The Business Continuity Plan addresses five different dimensions:
- Prevention – tools and solutions to prevent the occurrence of the risk. This category includes, among other things: various aspects of protection (down to the smallest details, such as the number of security officers needed to guard the facility), cyber protection, proper storage of hazardous materials, preventive maintenance etc.
- Hedging – As it is impossible to prevent 100% of crisis occurrence, the goal is to hedge the risk so the business can continue to function, at least partially, regardless of the damage that has occurred. Examples of hedging methods are splitting company operations into two separate offices, using two parallel server farms, dividing the cellular provider into two different companies (so that half of the employees remain available even if one of the networks collapses).
- Mitigation- The Mitigation dimension deals with methods for reducing damage when the event occurs. For example, backup data, fire extinguishing systems, or keeping emergency inventory. ese methods do not prevent the crisis, but help reduce the amount of damage it causes.
- Crisis management- Sometimes, prevention and mitigation aren't sufficient, and a crisis breaks out. During the crisis many aspects need to be taken care of.It is not so simple to manage a crisis event. The uncertainty, the difficulty of obtaining complete and reliable information, and the natural stress of a crisis, especially when it pertains to something that is not at the core of a manager's daily work. All of these make crisis management complex and challenging. Therefore it is important to determine in advance how the decision-making process will be conducted during the crisis, and to train the company's management in various crisis scenarios. Usually, different teams are formed to handle different aspects of the crisis. In some cases, it may even be necessary to engage external experts, such as:
- Legal advisers in relevant areas of expertise
- Insurance consultants
- IT, information systems, and cyber specialists
- Negotiation experts (for example in cases of Ransomware)
- Communication and media consultants
- External customer service center, to strengthen the company's existing customer service center
- Damage recovery companies
Enlisting the external experts ahead of time, ensures that in real-time they arrive in a timely manner, prepared for fast action, and well-informed about the business and the surroundings.
- Recovery – once the crisis is over – after the fire has been put out, the flood has been taken care of, the backups have been restored, and the essential services have been recovered – the goal is to achieve full recovery and get back to business as usual. The recovery process is not done all at once but according to priorities set in the business continuity plan, after analyzing the company's processes and strategic products.
