Creating A Better Business Continuity Plan: A CIO's Guide

Larry Alton

While most businesses have some sort of plan for how they would respond to a major USA --- Massive vault --- Image by © Ocean/Corbisdisruption or attack, very few are realistically prepared. These plans are rough, basic, and don’t account for all possible situations and causes. This is dangerous, and quite frankly, ignorant. If the past has taught us anything about business, it’s that no organization is invincible or exempt from outside attacks. As CIO, it’s up to you to develop a careful and comprehensive business continuity plan (BCP) that ensures your organization isn’t destroyed under the weight of uncontrollable circumstances.

Avoid a BCP at your own risk

Though the terminology may be unfamiliar, business continuity is more than an industry buzzword – it’s critical to the present stability and future health of your organization. However, businesses make two major errors when it comes to continuity planning:

1. “We’re too small.”

When a business has no continuity plan, it’s almost always because they feel like they’re organization isn’t conducive to drafting a BCP. Nothing could be further from the truth. A BCP isn’t some standard form that tells companies to plug in numbers and qualifications. Rather, it’s something that’s unique to each business. It’s created based on the characteristics and individualized needs of the company. You can’t be too small, large, new, or old for continuity planning.

2. “We sort of have a plan.”

The second thing you’ll commonly hear is that a business “sort of” has a plan. In other words, there’s either not a plan, or the plan is incomplete. As Syed Salman of Internal Auditor mentions, the three most common problem areas identified during a business continuity management audit are (1) outdated information, (2) lack of staff awareness, and (3) obsolete technology.

If your company identifies with any of these errors, it’s important that you take a fresh look at your BCP (or lack of one).

Strategies for developing a BCP

In most cases, BCP’s are designed to protect a business from unforeseen natural disasters and cybersecurity threats. With that being said, you’ll need to consider some of the following when developing your BCP.

  • Company-specific threats. Take all other businesses out of the equation and really hone in on company-specific threats that face your organization. For example, are you in a hurricane-prone area that experiences serious natural disasters every once in a while? Or maybe your company stores lots of private data and is a target for hackers. Knowing your threats will help you better develop a BCP.
  • Identify acceptable downtime. What is the acceptable downtime for the threats you’ve identified? For example, can you afford to stay down any longer than 48 hours after a hurricane strikes? Knowing these timeframes allows you to develop a plan that’s timely and practical.
  • Plan, plan, plan. With a knowledge of specific threats and time constraints, you’ll begin to focus on remedies and solutions. This part will require lots of planning and testing but naturally falls into place based on available resources.
  • Train everyone. After a plan is in place, make sure absolutely everyone in the organization knows how to respond in case of emergency. Regular training and precise instructions will help your business respond efficiently and effectively in case of a disaster.

Your business is too important to ignore continuity planning. Use these tips to secure the future of your business and prepare for whatever uncontrollable circumstances are thrown your way.

For more future-focused business strategies, see The Future Of Work: Understand, Prepare, And Innovate.


About Larry Alton

Larry is a freelance marketing & technology consultant with a background in IT. Follow him on Twitter @LarryAlton3.