Back to Basics: Business Continuity & Disruption Prevention

Visit BSI's Experts Corner: Home for insights from BSI’s practice directors and industry experts on digital trust, environmental, health, safety, security, and sustainability.
 
October 20, 2022 - When thinking about a business disruption, most people immediately picture some massive devastation event or a smoking hole in the ground. But that is usually not the case. Business disruptions can occur across the board from a power outage to a water main break, from connectivity delays to workforce health concerns. And while business continuity planning does address those larger more catastrophic events (i.e., hurricanes, flooding, tornados, wildfires), you also need an action plan laying out what to do when those seemingly smaller, but more common instances occur.
 
A business continuity plan (BC Plan) is a road map of procedures and strategies to either continue or recover your business when a disruption occurs. It sounds simple enough, but implementing one can feel like a huge undertaking for any organization, especially because there is no one-size-fits-all solution. 
 
It takes a lot of time to put a comprehensive BC Plan together, because it never really is completely together. It shifts as the business grows, as the industry changes, and as new challenges arise. This is why creating them can be overwhelming. BC Plans should be considered less as a standard operating procedure and more as a living, evolving document reflecting the complexity and mission of the business.
 
Do you think anyone was prepared for the entire global supply chain to shut down because of a pandemic? Absolutely not, but now they are. And the newly identified procedures are now documented in their BC Plans. 

Where to Begin?

It always helps to do a little research. Get a basic understanding of what a BC Plan, a business impact analysis (BIA), and a risk assessment entails and the differences between them. These will offer some guidance on answering initial questions like: 
  • What are the biggest risks to the industry?
  • What are the biggest risks in this area, region, state, country?
  • What areas of the business should the plan include?
  • Where should the organization focus first: on developing a business impact analysis or a risk assessment?
  • Is the company publicly traded or private? Why does this matter?
  • What organizational resources should be engaged first?
  • What additional resources are available to provide the required data?
  • Beyond plan components, what day-to-day information is needed to run a successful program?
  • How to exercise and validate the plan?

Don’t Start from Scratch 

If a current BC Plan hasn’t already been developed, look inside your company for any existing documentation. Publicly traded companies, for instance, must document their risks and vulnerabilities for the SEC within their annual 10k statement. If the executives at the highest level of the company are already doing this, start there. These documents were previously reviewed and approved and can immediately be applied (or used as a starting point) in your program. Essentially, it’s leveraging the data that’s already available. 

Past Disruptions

Take the time to review any previous after-action reports. These summary documents are created after an incident or outage and identify what went well, but also what needs improvement. This allows for full visibility of open issues so there a no surprises. 
Following these few initial steps will help you begin to develop a template for your program.

Building a Legacy

As your organization’s BC Plan becomes more comprehensive, it should be documented in detail and be widely accessible. Training others within the organization on the steps necessary to overcome any disruptions will establish a culture of both preparedness and future success. As business continuity professionals, we need to pass on our lessons learned to the next workforce generation.  
 
Follow along as our Security & Resilience practice experts address the future of organizational security in the ongoing Business Continuity and Disruption Prevention Thought Leadership series. Discover this and other EHS topics that should be at the top of your list at BSI’s Experts Corner.
Susan Zielan

Susan Zielan

Susan Zielan is a Senior Consultant with BSI’s Security & Resilience practice and teaches business continuity and emergency management at University of California, Irvine (UCI) as part of the business continuity and facility management certification programs. She has managed enterprise-wide BC, EM, and crisis management plans, training, and exercises for fortune 500 companies located in the U.S., Europe, Asia, and Australia.

Tony Pelli

Tony Pelli

Tony Pelli, Practice Director of Security & Resilience, has extensive experience conducting enterprise-level supply chain and physical security risk assessments for global companies and their supply chain partners. Tony helps clients design, implement, and refine their risk mitigation programs.

View security and resilience >
Jim Yarbrough

Jim Yarbrough

Jim Yarbrough, Global Director of Supply Chain Solutions, leads BSI’s team of supply chain security analysts and assesses the potential threat of terrorism and cargo disruption to countries and businesses worldwide.

View supply chain risk >

Ask the Experts

We want to hear from you! Our experts have over 50 years of combined experience in the environmental, health & safety, digital trust, supply chain, and security & resilience industries. Take advantage of their knowledge; submit a question today.

Ask now