At its crux, business continuity is your organization’s ability to maintain its essential functions during a crisis. It defines how well your organization weathers a disaster and keeps its critical systems online. To that end, having a working understanding of how business continuity can be best achieved will help bring back “business as usual” as soon as possible.
How to Define Business Continuity
Why does business continuity matter? A crisis that disrupts your business and slows your momentum can result in catastrophic losses. A rule of thumb is that “downtime adds up,” meaning the longer your organization experiences a break in its operations, the more it will eventually cost. Depending on the scale of your organization, this could be millions of dollars.
“It doesn’t really matter what kind of business you’re in, once there is a gap or a halt, it can take forever to fill that hole. And frankly, nobody has that much time.”
– Jayanti Katariya, CEO and founder of Moon Technolabs, a web development company with offices in Chicago and India
Like the businesses they affect, disaster scales to its opportunity. If your organization is ill-prepared, the fallout will be bigger (and the costs incurred to fix it).
In some cases, a breakdown in your supply chain, a massive data loss, or the sudden exit of a star employee can have consequences as serious as a flood or earthquake. How well these challenges are anticipated and addressed can determine the success or failure of your enterprise.
Calculating the costs incurred when your business is unable to maintain continuity depends on your organization’s individual circumstances within its industry. Broadly speaking there are tangible costs, such as leases, security, and other bills. Then there are intangible considerations like reputational damage that can negatively impact your bottom line down the road.
“Continuity lets you make plans for before, during, and after a crisis. It reduces the seismic impact on your infrastructure, which, in turn, can help avoid more aftershocks down the line.”
– Laura Fuentes, Operator of Infinity Dish
Types of Disruption
There are countless disruptions that could impact your business. But for the most part, they can be clustered under three main groups according to Dr. Chris McFee, Head of Physical Security and CT, Department for Business, Innovation, and Skills at the Centre for Science and Policy at the University of Cambridge.
In a recent webinar, Dr. McFee outlines these three potential pitfalls:
1) Hazards
This can include anything from flash flooding to power and transportation interruptions (Dr. McFee cites bad weather as an example) or even volcanic eruptions and disease as we’re witnessing presently with the COVID-19 pandemic.
2) Threats
This covers all manner of intentional disruptions targeted at your organization, including crime and specifically cyber-crime as well as acts of terrorism.
3) Business Interruptions
These also come in a variety of flavors like financial trading problems (say, your bank goes belly up, or your suppliers discover an insurmountable problem with a part of their product that’s vital to yours).
There are also labor issues such as strikes to consider and even global economic disruptions which many businesses might face in the near future due to fallout from the pandemic.
Business Continuity vs Disaster Recovery
The concepts of business continuity planning and disaster recovery are often incorrectly thought to be interchangeable. This is not the case — business continuity involves planning and implementation of a strategy.
The goal is to ensure that the organization can remain operational with as little downtime as possible should a disaster strike. Whereas disaster recovery is more concerned with restoring critical applications and vital data after the fact.
“Personally, I prioritize business continuity over disaster recovery. The latter implies reactionary strategies, while the former ensures you are pre-prepared for any eventuality. The problem with disaster recovery is that it sacrifices looking at the bigger picture. Yes, sometimes we have to implement emergency protocols to stop you from going under, but you have to be able to continue trading once the disaster is over.”
Though both are vital to your organization, in the ‘business continuity disaster recovery equation,’ one necessarily precedes the other — in this case, business continuity comes first, disaster recovery is a subset.”
– Laura Fuentes
It’s critical to understand how to keep your enterprise moving forward should a disruption strike.
The objective with business continuity “is to promote ongoing work in the case that an unwanted event or disaster occurs,” says Ludovic Rembert, a security analyst and founder of Privacy Canada.
“This is extremely important to have for any business so when problems do arise there is some type of action plan that can be followed or used as guidelines on what to do to maintain success or get back on track making progress in the right direction.”
3 Tips and Tricks to Help You Master Business Continuity Management
In baseball, the road to becoming a major league player begins with honing one’s skills in the minor league first. Within that system, there are levels of achievement, including “Triple A” baseball, which is the highest level of play in the minors.
Likewise, before you can go major, you have to learn — and master — a different “Triple A” system: Analyze, Assess, Abate.
1) Analyze Potential Impact
Conducting an analysis of a disaster’s potential impact on your business is essential in determining what your company can and cannot function without and how much downtime is tolerable and — for that matter — how long your organization can actually function in certain situations.
Of course, no analysis of business continuity and disaster recovery is complete without a bit of professional jargon.
In this case, you have to assess what your Maximum Tolerable Period of Disruption (MTPD) will be. This refers to the point at which the consequences of a crisis peak in terms of what your organization can bear.
It’s the moment just before the proverbial straw that breaks the camel’s back, and it’s a crucial part of the equation when defining what recovery will look like for your particular circumstances.
2) Assess Risks
As Dr. McFee succinctly puts it, “A risk is the combination of the likelihood of an event and its impact.”
When conducting a risk assessment for your organization, here’s a common formula to help you get started.
Risk = Threat x Vulnerability
For example, the threat of a cyber attack is outside of your control. However, knowing that a cyber attack is a potential threat can help business owners assess weak in their security and develop an action plan to minimize the impact.
In this scenario, a vulnerability would be failure to have a data recovery plan in place in the event that your confidential business data was hacked. The risk to your business would be the loss of information or damage to your reputation.
Another term comes in handy here: “Recovery Time Objective.”
This will help you answer the question, “When do you need your processes back online before you hit your MTPD?”
When assessing risks to your company, you should always consider the effect of uncertainties on your objectives (i.e., “When will this crisis end?”) and how these might factor into your overall assessment.
As former US Secretary of State for Defense Donald Rumsfeld attempted to explain in 2002 during a Defense Department briefing,
“There are known knowns. There are things we know that we know. There are known unknowns.”
That is to say, there are things that we now know we don’t know. But there are also unknown unknowns. There are things we do not know we don’t know.” At first glance, it may read like the secretary was trying his hand at Zen poetry, but closer examination reveals a useful consideration for those assessing risks when planning for business continuity.
Pro Tip: Factor in the elements you know, and accept that there are elements that you don’t — at least not yet.
3) Abate Problems
After assessing your risks, it’s time to manage them. This could mean abating the issues entirely, or creating contingencies to address the risks before they become full-blown disasters.
Know what your mission-critical systems are and be sure to protect them with either redundancies or adequate means to pivot in the event of emergency. This could even mean outsourcing some of your company’s critical functions if it becomes necessary to do so.
“Business continuity is essential because it keeps you in the game. It keeps you where you are today. It keeps you motivated to do better for your business.”
– Jayanti Katariya, CEO and founder of Moon Technolabs
