Disasters tend to follow “Murphy’s Law”. They tend to occur when you least expect it or are least prepared for it. There is no such thing as a “right time” for a disaster. But what exactly is a disaster? A disaster is an event that threatens the very viability and survival of your business and causes substantial interruption requiring prompt management attention. Disasters come in many types and forms. You can classify them simply as natural or manmade. Natural disasters include floods, storms, earthquake and others. While man-made disasters can be classified as fire/explosion, products and service brand protection, internal and external. Many events that are internal to a business may result in an adverse impact. These events range from computer system failures, loss of utilities, failures of critical processes and equipment to work place violence. Disasters of external origins include many threats, such as supplier chain disruptions, terrorism and others.
It is not a matter of “if a disaster will strike”. It is only a matter of “when a disaster will strike”.
Lack of planning is a threat to your business survival. An effective plan must consider various aspects of pre-loss preventive measures, emergency response and post-disaster actions to assure survival and continuity of a business. Be prepared and plan ahead.
Need for Planning
When a disaster strikes, what is the management’s responsibility? Management has the responsibility to plan for appropriate emergency response and recovery. In addition, the business is also accountable to its shareholders, employees as well as the community. Crisis response results in a reevaluation of a company’s management by all stakeholders. A well planned response provides an opportunity to turn a negative into a positive impact for the future of the business.
When a disaster strikes, the survival of the business is on the line. The lack of an effective emergency response and recovery plan may spell the difference between success and failure. A business recovery plan without any focus on prevention and emergency response programs is doomed to fail. Failing to plan is certainly planning to fail.
Most businesses have developed parts of the emergency response plan, to one degree or another, in response to various regulatory requirements. The challenge is to develop a proactive plan that is integrated and addresses a wide range of credible scenarios that may one day impact your business.
Perhaps you have considered developing a Business Continuity Management Plan, but are reluctant to commit resources to an effort that appears to have marginal payback. Contingency Planning is not a cost, but an investment in your company’s future and survival.
Development of the plan requires a review of the business processes for their criticality. This leads to a better understanding of your own business processes, a reduction in redundant efforts and better utilization of resources.
Some argue that you cannot plan for all foreseeable and unforeseeable threats facing your business. Planning is a “state of mind”. When you plan your response for the foreseeable events, it gives you a strong framework to respond to many of the unforeseeable events. Many consider this to be such a daunting task that they are afraid to take even the first step. The task of developing the entire plan can be managed by a systematic approach that allows you manage it in phases so it does not overwhelm you.
Contributor: Aamir Jamil, CGEIT, CISM