Regardless of size, industry or location, no business is entirely immune to the risk of an unanticipated event impacting its operations. Therefore, all businesses should take steps to prepare for these events. After all, failing to do so can carry devastating consequences. In fact, an estimated 40% of businesses end up closing their doors immediately after an unexpected disaster, while another 25% fail within the following year.1
That’s why it’s crucial for both agents and their business owner clients to participate in continuity planning before, during and after National Preparedness Month. Put simply, continuity planning refers to the advance preparations that businesses can make to minimize potential damages, continue key operations and recover as quickly as possible amid an unanticipated event. By having continuity plans in place, businesses can remain resilient in a wide range of crisis scenarios and mitigate adverse impacts that these events may have on their stakeholders and services. Here’s what agents and their business owner clients need to know about developing and maintaining successful continuity plans.
What is business continuity planning?
Some businesses mistakenly assume that continuity planning is synonymous with establishing disaster recovery measures or creating emergency action protocols. Although these activities can serve as essential elements in the realm of business continuity planning, they aren’t all-encompassing. Instead, such planning goes further to provide preparations for any event with the potential to interrupt business functions or services. These events can include:
- Natural disasters
- Pandemics or epidemics
- Cyber incidents
- Workplace violence
- Criminal acts (e.g., theft, arson or vandalism)
- Equipment breakdowns
- Supply chain disruptions
- Key person losses
In addition, continuity planning isn’t solely focused on helping businesses recover after disasters strike. Instead, this planning is both proactive and reactive, thus making sure businesses have the resources they need to mitigate the severity of disruptive events and resume operations in a timely manner when crises occur. Essentially, a successful continuity plan should provide documented processes and procedures for ensuring all aspects of a business (e.g., employees, customers, assets and operations) can persevere through unanticipated events.2
How to get started
The first step that businesses need to take when developing continuity plans is determining their unique disruption exposures and the potential impacts of such exposures. This type of evaluation is also known as a risk and vulnerability assessment.3 Such assessments can help create a clearer picture of the particular crises businesses could face and the ways that these events could cause complications.
When conducting these assessments, it’s important for businesses to carefully review their specific functions, focusing on elements such as:
- Industry of operation
- Products and services offered
- Equipment and technology needs
- Critical processes and assets
- Staff roles and responsibilities (including key people)
- Accounts receivable and accounts payable
- Internal and external supply chains
- Customer demographics
- Property location
Analyzing these elements will allow businesses to detect both where and how their operations are most vulnerable. For instance, a business that relies heavily on electrical equipment is more likely to face interruption concerns from a power outage. Businesses should keep in mind that disruption exposures can be constant (e.g., the risk of theft), or they could come and go (e.g., a trending cyberattack method). Further, as a business evolves and changes, so will its exposures. With this in mind, risk and vulnerability assessments should be routinely updated to reflect new and emerging threats.
In terms of who should perform these assessments, businesses should designate this responsibility to a group of key stakeholders, such as the senior leadership team or a dedicated business continuity planning committee. This group should be highly experienced and knowledgeable about particular business functions. Utilizing a consultant or other third party for this task is generally not recommended because these individuals won’t be as familiar with businesses’ niche operational elements.
After conducting risk and vulnerability assessments, businesses can use the information they collected to develop written continuity plans. Such plans should outline the following4:
- Potential disruption scenarios — First, businesses should list the specific events that are most likely to impact their operations. While many businesses focus primarily on natural disaster events, it’s also vital to account for these commonly overlooked disruption scenarios:
- Broken supply chains — The COVID-19 pandemic showcased just how damaging supply chain shortages can be for businesses across industry lines. In many cases, all it takes is a single supplier mishap to force businesses to significantly delay or pause their operations.
- Key person departures — A key person is an employee who possesses a highly specific skill set or level of knowledge related to a range of critical business functions. Whether the cause for a key person’s absence is temporary (e.g., family-related leave, a vacation, an injury or an illness) or permanent (e.g., death, disability, a new job or retirement), relying heavily on a handful of employees can lead to serious interruption concerns and financial hardship when they’re not present.
- Lost customers or contracts — Many small businesses (e.g., independent shops, contractors and entertainment venues) rely on a smaller group of customers or contracts for their profits. In these instances, the loss of even a single customer or contract can threaten operational stability.
- Contingency measures — Next, businesses should provide contingency procedures aimed at reducing losses and remaining functional during potential disaster scenarios. Specifically, these contingency measures should offer solutions for any disruption exposures. Valuable contingency protocols include (but are not limited to):
- Identifying a backup business location to use if the original property is temporarily unavailable
- Keeping extra goods and materials on-site to utilize in the event of supply shortages
- Having backup suppliers to rely on if original suppliers encounter a delay or production halt
- Training additional employees to be able to uphold key person responsibilities and developing an effective succession plan
- Providing emergency resources on-site (e.g., a first-aid kit and a generator)
- Storing backups of critical data and documents in a secure, off-site location
- Developing workarounds for conducting key operations without specific technology or equipment (e.g., payroll, production, sales and deliveries)
- Establishing an agreement with another business to assist with critical operations in the event of a prolonged shutdown
- Maintaining frequent communication and upholding contractual obligations with customers to avoid unexpected profit losses
- Critical documents and contacts — Lastly, businesses should be sure to include any important workplace documentation within their continuity plans, such as evacuation routes, inventory records, contracts and insurance policies. These plans should also provide emergency contact information for relevant parties, including senior-level employees, key customers, suppliers, the local authorities, business partners, financial institutions and insurance professionals.
Similar to the risk and vulnerability assessments, businesses should designate a group of trusted stakeholders to create their continuity plans — ideally, the same group. From there, businesses should share their finalized plans with their employees and provide adequate training on contingency measures. Doing so will help employees better understand their roles and responsibilities amid unanticipated events, thus helping key operations continue to run smoothly.
Maintaining the plan
Businesses should note that continuity planning is not a singular occurrence — it’s a constant effort. With this in mind, continuity plans should be regularly evaluated for effectiveness and updated as needed. A popular way to assess continuity plans is through performing a gap analysis. A gap analysis typically entails consulting key stakeholders and reviewing current continuity documentation to identify any critical business functions lacking contingency measures.5
There are several gap analysis methods. One of the most common methods is a tabletop exercise. Tabletop exercises consist of businesses’ key stakeholders walking through practice scenarios to determine whether their continuity plans contain any ongoing vulnerabilities.6 If any issues are detected during these activities, businesses should act quickly to remedy these concerns. Generally speaking, it’s recommended for businesses to evaluate their continuity plans at least once a year. However, businesses with more sophisticated operations should consider quarterly evaluations.
Continuity planning is a crucial activity for all businesses. While such planning can initially take a considerable amount of time and money (e.g., developing a written plan, establishing contingencies and investing in backup operations), it’s well worth the expense. This planning can be the difference between succumbing to the complications when unanticipated events occur and weathering the storm — allowing businesses to press forward and prosper throughout even the most challenging circumstances.