Fields Associates

Increasing reliance on technology and the changing economic scenario of the world have spawned the growth of many disaster and contingency planning issues. A business continuity plan as its name suggests, provides for the preparation of the business in the face of any kind of disaster i.e. natural or man-made, for business continuity and performance. Business continuity is not a new concept and has been in use in the UK industry since 2004. The Contingencies Act of 2004 called all business and civic organizations to prepare contingency plans in the event of natural or man-made disaster. The Act gained further momentum in 2006 when the British Standards Institute stated that contingency plans had to be compliant with national security.

Types of Disasters: There are two types of disasters which lead to devastating effects of data loss, performance failure, company closure and employee resentment.

Natural Disasters: These include floods, fires, tornadoes, blizzards, freezing temperatures, heavy snowfall, pandemic, fallen trees, chemical spill, biological attack, plane crash disaster, environmental disasters, severe hailstorms, natural disasters, national disaster, nuclear disaster, volcano and earthquake disasters

Man-made Disasters: These include terrorism attacks, electrical or power failures, IT failures, hacking, virus attacks, logistical and software application errors, theft and larceny.

Preparing Business Continuity Plan:

• Contingency plans must not be short-sighted in nature
•  They must not be situational or scenario-based
• The contingency plan must be holistic in nature taking into consideration the long-term goals of the entire commercial organization
• Contingency plans will only be successful if they make adequate use of the company SWOT analysis – company strength, weaknesses, objectives and threat for optimal performance must act as the guiding light to shaping a contingency plan
• Contingency planning should be viewed as a methodology to better company performance in the event of disaster
• It should be structured around the identification of the problem and available resources
• Contingency plan should not be viewed as short-term fix-it solution                 

Analysis of Potential Threats: A company has to face a disaster after analyzing potential internal and external threats. The organization’s response to a disaster is primarily dependent on the nature and the extent of the disaster. Threats of tornado or flood have the capacity to physically destroy the IT infrastructure of the company. On the other hand, threats of pandemic disease that affect human resources do not destroy buildings and machinery. A cyber terrorism attack could bring down the company’s IT network but not affect the functionality of the hardware or personnel. A bombing may destroy human life and network components. A power outage has the ability to render company equipment unusable. Thus, it is recommended that a contingency plan ought to be general in nature, shaped and designed to deal with every disaster. 

Areas of Responsibility:   One has to understand that contingency plans call for crisis management. This includes assignment of areas of responsibility and establishing a chain of command. Work and tasks should be delegated – work should be made flexible as employees should be asked to cooperate and help the company weather the disaster. Training and development of employees forms an essential part of this exercise. Employees need to be trained on issues of disaster-preparedness, incident management and recovery.

Emergency Contact Information: Contingency plans should always be based on current and up-to-date information and facts. Plans should include internal as well as external support services contact numbers – human resources personnel, fire department, legal department, police and medical assistance.

Recovery Teams: Contingency plan has to be designed on the concept of teamwork. Only teamwork where the management and employees work together as a team can sort and manage a disaster and get the company back on track. A contingency plan always provides for a disaster recovery team (DRT) comprising of trained employees, executives and specialists, to handle various aspects of common disasters. The team members will work with emergency services during the disaster and should have access to emergency equipment -- cell phones, flash lights, hard hats and protective clothing. The team will be responsible for the re-establishment of normal operations after the crisis is over.

Off-site Backup of Important Data: A good business continuity plan ought to address restoration of company’s important digital data in the event of its destruction. In such cases, it is necessary to have backups of original and modified data at a secondary site which is away from the primary organizational site. This safeguards the data when the primary site is struck by disaster. It is important that this data can be made available easily to key personnel who can then organize the data to continue business performance in the market.

The last stage in a business continuity plan is the recovery phase which includes:

• Recording details of tangible and intangible losses -- injuries to employees, structural damage to buildings, financial loss, revenue loss for insurance purposes
• Notifying insurance representatives of losses as quickly as possible
• Establishing emergency repairs including working with insurance representatives and contractors  
• Accessing lines of credit set up in advance of emergencies

Computer Forensics (or Digital Forensics) experts can restore data that has been lost through malicious damage.

Article: Business Continuity Plans

Created on: 2007-10-05 09:52:53