Everything you need to know to survive and thrive in difficult circumstances
Bad things happen to even the best organisations. Resilient businesses and charities accept that something will go wrong eventually, and that whatever it is might seriously undermine their ability to operate. They accept it, plan for it, and put the processes in place to make sure it does the least possible damage and lasts the shortest possible time.
And that, in a nutshell, is business continuity planning.
So does your business, charity or nonprofit need a business continuity plan? The simple answer is that every organisation needs one. As we’ve all seen with the Covid pandemic, threats to your operations can appear out of nowhere. Being hit by a once-in-a-lifetime health crisis might be considered bad luck, but disasters come in all shapes and sizes. Floods and fires are becoming more common as the world heats up. Theft and vandalism are ever present threats.
The connected nature of our world makes business impacts more likely. An earthquake in California might cause outages in Croydon, if it knocks out the data centre housing your cloud productivity apps. A flood at your premises might be catastrophic, but so would a flood that affects your internet service provider 250 miles away.
Any organisation is only as secure as its weakest link, and there are lots of potential weak links. That’s never more true than when talking about cybersecurity. It’s perfectly possible that one day you will be frozen out of your entire network because of an intern’s ill-advised link click. A good business continuity plan has to include the possibility – or perhaps we should say the inevitability – of a data breach.
As all that suggests, business continuity isn’t just about planning for natural disasters. It’s about preparing for anything that results in a significant disruption of your business operation. That could certainly mean a fire in your headquarters. But it could also mean an internet outage, an outbreak of seasonal flu that clears the office or a hurricane in the South China Sea that delays the shipping of vital components.
Can you stop these things from happening? Not usually. But you can prepare for them and put contingencies in place that allow you to keep going until the emergency is over. It’s essential that you do. To take just one example, recent statistics show that every hour of unplanned IT downtime costs businesses over $100,000 (£72,000). Now think of all the natural disasters and manmade accidents that might cause your IT infrastructure to be unexpectedly unavailable for an hour or two.
For charities and nonprofits, the direct financial penalty is likely to be lower than for business, but losing your ability to provide services or raise funds online would still be a significant blow.
So, if business continuity planning is essential, what should it entail? Very basically, it should include details on communicating with customers and suppliers during any emergency, and contingency plans for keeping core operations going. It would identify the teams and individuals with specific responsibility for continuity in different areas of the business.
Perhaps most crucially, it should include disaster recovery planning, which details your business-critical technological solutions and how to keep them running – or quickly get them back online – when disaster strikes. We’ll cover disaster recovery in more depth in the following sections.