Why your business needs a business continuity plan

We live in disruptive world where traditional approaches to business are torn up and replaced with new digital processes.

Forward-thinking businesses that embrace these changes must carefully manage the risk of using outdated technologies to avoid creating a situation that is far more dangerous than being left behind by disruptive trends.

For any business, big or small, it is essential to prepare for the worst-case scenario. If, for example, you suffer a major data breach or are infected with a computer virus, does your business have what it takes to survive? When combined with a strategic approach to risk management, a business continuity plan can guide you through these market changes.

What is a business continuity plan?

A business continuity plan (BCP) is a document which helps your business successfully navigate its way through different threats and risks it may face.

Risks to a business can be major environmental threats that stop you from operating — such as flood, fire or other natural disasters — or increasingly, from digital threats, such as a complete systems failure, a ransomware attack or large-scale data breach.

Some risks may be more indirect but can erode your business over time if you don’t tackle them head-on, such as failing to embrace new technology. This means customers should move to suppliers who make use of more up-to-date technology.

A business continuity plan (BCP) involves:

• Identifying potential risks to your business.
• Assessing how those risks impact your business and which parts of your operation will be affected.
• Implementing procedures to minimise the risks and keep critical functions operating in the event of a problem.
• Testing procedures to make sure they work.
• Reviewing the BCP regularly to ensure it stays up to date.

What is risk management?

Risk management is the process of identifying the risks in your business, assessing the threat they pose and developing strategies to manage them. By identifying the operational risks within your business, you can start to build a plan to deal with them in the event they occur.

Risks vary from business to business, but the process for identifying risk is common to most businesses. Setting aside time and budget for risk mitigation will not only allow you to identify areas where you are vulnerable but can help you fulfil legal and health and safety obligations.

Creating a risk management plan for business continuity

To discover threats to your business, you will need to carry out a thorough risk analysis. Before you start this process, it’s vital that you assess what the core or critical activities of your business are, what resources and staff you have, and your key services.

What risks are likely to disrupt your operations? Once you have a clear picture of your business and some idea of what can affect it, you can then undertake an assessment and implement risk mitigation, which should be a central part of your business continuity plan.

• Consider when, where and how the risks in your business could happen. How likely are they to happen?
• Who will be affected? Will it simply have an impact internally on staff and resources or could it affect you externally in relation to your customers?
• Ask yourself ‘what if’ questions, such as what if your best staff member quit, what would happen if you lost internet access or electricity, what would you do if key documents went missing, how would you handle it if your customer database was hacked?
• Look at how businesses in your market may have been disrupted in the past, consider how these scenarios would affect your business and how you would react.
• Brainstorm with other senior management who may have different views on the types of risk you face as well as different solutions for dealing with those risks.
• Identify all the steps in your process and look at the risks involved at each point. Use workflow processes and checklists to help you do this.
• Consider the worst-case scenario such as several risks happening at once.

Risk management example

Tourism is one of the biggest industries in Singapore with 17.4 million visitors in 2017, which equates to an increase of 6% from the previous year. Below are two risk management examples that are relevant for a business that depends on tourism.

• Imagine you run a hotel chain with four hotels in it and take bookings from guests all over the world. What would happen if your booking system went down? A business may mitigate this risk by establishing a system for recording bookings offline and ensuring there is always staff on hand to receive calls.
• Singapore has been relatively well insulated from violent storms, but extreme weather patterns pose an increased threat due to climate change. A hotel may mitigate the risks of natural disasters by clearly displaying an evacuation plan for guests and having a clear policy for compensation. Additionally, a plan could be made for transporting staff to work.

Does your business need a disaster recovery plan?

If you are a very small or micro business with just a few employees, you might not need a written disaster recovery plan of the scale you would find in a company with hundreds of staff. However, it always pays to be prepared in the event of a disaster and to have a business contingency plan in place.

With 75% of Singaporean business leaders believing they need to embrace digital technologies for future growth, having a risk management framework in place is vital. A disaster recovery plan is the flipside of digital innovation, and no matter the size of your business, you need to know what to do in the event of human error, natural disaster or cyber-attack to diminish data loss, maximise productivity and minimise downtime.

Some of the benefits of disaster recovery plan for businesses includes the following:

• Protect your business from natural disaster.
• Reduce the threat or damage from cybercrime.
• Keep customer data safe and secure.
• Deal with problems caused by human error.
• Find an alternative when you have a systems failure.

What else should your business continuity plan include?

In addition to a risk analysis overview, you may want to include the following details:

• A plan for the chain of command in a crisis management situation.
• Emergency contacts.
• Disaster recovery team e.g. a specialist IT company to recover lost data.
• Back-up data storage and power arrangements.
• Alternative communications strategy.
• Alternative operations sites.

Finding yourself in a crisis management situation can be costly. Although you can protect your business with specialist insurance, you should forecast costs that may be forced by major changes you have to make, such as moving your operations or setting up in a new facility.

Business across Singapore is changing on multiple fronts — companies must deal with disruptive forces, face an increased threat from cybercrime, and prepare for environmental changes that could increase the frequency natural disasters. For a business to thrive, facing those risks head on and putting a solid business contingency plan in place is crucial.

Sage solutions offer a secure and easy way to store your company data, access employee records or payroll and deal with your accounting needs. Sage also offers business management and intelligence software, which can assist with business analysis, data collection, reporting and workflow.