Wake Up. It’s time to Prepare for Business Continuity Plan BCP

So, What is a Business Continuity Plan (BCP)? 

A Business continuity plan (BCP) is a plan of action aimed at ensuring that business will continue during and after a disaster.

It is our duty to forewarn – 

1. That a (detailed) Business Continuity Plan (BCP) is not an ad-hoc, short-term solution. 
2. It is an important aspect of “planning and operations” that requires significant time, resources (money, people, knowledge, tools, etc.), and ‘contribution through collaboration’ from employees in the organization. 
3. A BCP is not a task based on a checklist, where we tick and proceed
4. Business Continuity Planning is a real-time, ongoing activity that warns and protects you from all the elements all through the year.

Historical reference ‘on calamities’ – Chanakya’s Arthashastra, 300 BC

According to Kautilya, a variety of calamities can afflict the population of a state as most people lived in the countryside outside the fortified town. 

The sufferings of the people could be due to acts of god or men. 

Calamities due to acts of god are fire, floods, diseases and epidemics and famine. Other calamities could include ‘divine origins’ like rats, wild animals, snakes and evil spirits.

Calamities by men are many – for e.g. destructions by armies, internal fighting, etc. 

Chanakya opines that it is the duty of the King to protect his subjects from all forms of calamities.

Reference: The ARTHASHASTRA - Calamities of the Population (book)

Why do I need Business Continuity Planning Services?

Starting point: Understanding the Business and underlying risks

A Business Organization (delivering products and/or services) has several stakeholders – Owners / Promoters, Management, Employees, Suppliers, Customers, Partners, Service Providers, Regulators, etc. 

A ‘well run’ organization enjoys the patronage of customers, its own employees and enjoys an excellent reputation in the eyes of the general public.

However, on the flip side, it is the stark reality that every organization is at a risk of facing potential disruptions or disasters. (These are not to be confused with “common Operation impacting events’). 

So, it is imperative that the Leadership Team

1. Has a thorough understanding of the Business
2. Understands the vulnerabilities that exist in the system
3. Have a realistic understanding of threats that can manifest (because of the existing vulnerabilities) 
4. Predict which risks can impact your business in a big way
5. Prioritize the risks that have the highest probability of occurring, and those that would cause the biggest impact.
6. Conceptualizes and deploys - preventative and impact minimization procedures (as appropriate) in place.

In short - one of the biggest challenges for the ‘business’ is ensuring that the business keeps operating, even during adverse times.

Therefore, the Leadership Team has to recognize that “Risks to Business” can come in any form and are bound to happen, whatever may be the ‘Line of Business’. 

So, apart from growing the organization and ensuring smooth operations, it’s the job of the Leadership Team to protect their own organizations from danger and harm.

Why is Business Continuity Important?

From the above, it is clear that every organization will have its own unique BCP and will not match with any other organization. ‘One size fits all’ does not work out here, and it can have tremendous backlash if implemented.

One cannot predict when an event will become an incident eventually leading to an emergency (or a disaster situation)

So, it is imperative that an organization has a structured “back up plan” to counteract disaster situations.

The BCP developed meticulously (exercised, tested and refined based on learnings) will ensure that the organization can continue to operate and deliver products or services, at an acceptable level (MBCO), even when a disaster strikes.

Few advantages include

      1. Continued Service Delivery: 

• Successful execution of a BCP ensures that the organization delivers services or products at an acceptable level (MBCO) which helps in retaining customers even in adverse situations. 
• It can have an edge over competitors (in case they don’t have a BCP).

      2. Safety of Personnel: 

• First and foremost, consideration in any planning exercise (taken care).

      3. Minimizing downtime: 

• Organizations without BCP will be clueless as to what to do next when a disaster strikes. Time lost = money lost.
• Execution of a BCP will hasten up restoration of services, and hence the business too.

      4. Remote working:

• People can contribute ‘during the restoration phase’ and ‘post-restoration phase’ by working from remote locations

Few of the consequences of not having a BCP.

• Reputation Loss 

• Stakeholders expect adherence to contractual clauses. Clients operating on their ‘mission critical’ projects using an organization’s products/services expect quick recovery timeframes (in the event of an unexpected disaster), which is possible only through BCP.  Inability to address disruptions damages the reputation of the organization both from the existing customers’ standpoint as well as potential future customers.

• Unmanageable Financial Loss: 

• based on point no. 1. Penalties due to regulatory noncompliance, contractual breaches, Lack of insurance backup can cause an irrecoverable collapse of the organization. 

• Leading to shut down: based on pts 1 and 2, slowly but surely.

Popular Terms in BCP

Recovery Time Objective (RTO): The recovery time objective (RTO) is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity. (measured in hours or days)

Maximum Allowable Outage (MAO): The Maximum Acceptable Outage (MAO) is the maximum amount of time a system/service/process can be unavailable before its loss will compromise the organization's objectives or survival (also known as MTPoD, Maximum Tolerable Period of disruption).

Minimum Business Continuity Objective (MBCO): Minimum Business Continuity Objective (MBCO) is the minimum level of services and/or products that is acceptable to the organization to achieve its business objectives during an incident, emergency or disaster.

Recovery Point Objective: The amount of data an organization can afford to lose in the event of a disaster. Or, the data which an organization needs to have to resume operations, post a disaster scenario. Commonly referred to like the latest backup data just before the disaster (as decided by the Business).

Also, Refer BCP for Pandemics - Guideline

Know-how Business Continuity Management services help to avoid problems that interrupt with any disasters. Moving into a predefined, well-documented business continuity plan that effectively defines how your business will adapt to an occurrence could help to reduce risk — and it is one of your company's primary investments.