Every organization faces the possibility of major and minor disruptions of all kinds, from planned events such as IT maintenance and office relocations, to looming emergencies such as hurricanes, snow storms and epidemics, to unplanned events that strike completely without warning, such as earthquakes, tornados, terrorism and fires. Even relatively small incidents like a water or power outage, commute delays and the seasonal flu can have a major impact.
While business continuity planning has traditionally focused on planning failover and high availability of mission-critical business systems, this is only part of the picture. To keep the business up and running, organizations must take a more comprehensive approach encompassing both organizational measures and technologies to minimize disruption, maintain security, and support uninterrupted productivity for users and teams. Best practices for a complete business continuity strategy should address business continuity team structure, business continuity planning, disaster recovery and business continuity testing, crisis communications, and employee safety and awareness programs.
The Importance of Business Continuity—and the Challenges it Poses Whether planned or unplanned, business disruptions that aren’t managed effectively come at a high cost. Lost revenue, missed sales opportunities, and broken service level agreements can have a devastating financial impact. Disrupted partner relationships and supply chains can delay time-to-market, derail important initiatives, and weaken competitive advantage. An inadequate response can harm the company’s public image, as well as the confidence of its customers and investors. Following the disruption, people can find it difficult to regain full productivity due to lost data, interrupted work in progress, and lost collaborative cohesion with teammates and management—not to mention the personal impact the event may have had on them. For IT, recovering from a business disruption can be a complex and time consuming process:
- Bringing the systems back online and restoring any lost data
- Replacing lost or inaccessible devices and ensuring that each can run the user’s required software
- Provisioning and configuring applications
- Designing new ways of working and communicating them to users, from alternate network access methods to workarounds for applications which can no longer be accessed
- Accomplishing all of these tasks in the middle of an emergency
An effective business continuity plan greatly simplifies and accelerates this process, helping IT restore and maintain service to the organization while getting people back to work as quickly as possible. In events with some advance warning, like a planned office move or anticipated weather emergency, the organization can even prevent their work from being interrupted in the first place.
A Global Approach for Your Business Continuity Strategy
Although each emergency is unique and many decisions will always have to be made on-the-fly, a business continuity plan provides a framework and preparation to guide these decisions as well as a clear indication of who will make them. Successful business continuity programs require executives to play an active role in both developing the plan and ensuring buy-in from the rest of company leadership. With this support, security and IT teams can lead the development of a comprehensive business continuity strategy that encompasses all of the following essential elements.
The organization should be able to address all business continuity tasks in every location in which it operates, both to respond to local events and to coordinate the organization-wide response for both local and broaderbased emergencies. Key members of the business continuity team must remain involved in planning and testing throughout the year to ensure that the plan is effective and up-to- date, and to build the familiarity needed to perform under the pressure of an actual emergency.
At Citrix, a core business continuity team for each region includes executive leaders, IT, facilities, and real estate, as well as physical security, communications, human resources, finance, and other service departments. Individual teams are dedicated to:
- Emergency response – leads business continuity planning efforts; makes final recommendations to the executive management committee; provides overall direction for preparation, response, and recovery
- Communications – provides communication to all parties including employees, vendors, public service agencies, and customers
- Campus response – prepares property and equipment for the impending disaster event; performs post-event assessment of damage and its impact on continuing operations; assists with insurance claims; secures buildings
- Business readiness – acts as a liaison with individual business unit teams; makes arrangements to implement disaster business operations for each unit; provides tactical response and business direction
Business Continuity Planning
At a high level, a business continuity plan should identify potential business disruptions that can affect any of an organization’s locations, such as power outages, epidemics, pandemics, and fires, as well as those that are specific to individual locations, such as earthquakes and tsunamis in a seismically active region or civil unrest in politically unstable areas. Planning extends throughout the supply chain as well, including reviewing the business continuity strategies for key vendors, identifying potential risks of operational outages, and evaluating alternatives. To keep the number of scenarios manageable, planning should be based on worst- case scenarios, rather than multiple graduated versions of each incident.
A formal crisis communications program can make the difference between panic and smooth emergency response. The plan should identify all the stakeholders for emergency communications, including employees, contractors, clients, vendors, media, and executive management. The organization’s communications tool kit should include internal and external resources such as telecom, email, public address, intranet, IM, texting, and the company website. The communications team should work to convey a consistent message on the company’s behalf via external channels such as press releases, social media updates, and interviews with spokespeople. Sample emergency messages can be drafted in advance, tailored to specific audiences and modes of communication; these can be updated quickly during an actual emergency to reflect current conditions.
Keeping people safe should be the top priority in any emergency response. There are many ways to develop an employee safety program. Local agencies such as the Red Cross, fire department, and police department, as well as federal entities such as the FEMA Community Emergency Response Teams (CERT) in the United States, can provide training and guidance for your program. Tabletop exercises can help you develop and refine the right procedures to fit your workforce, facilities, and locations. Once your program is in place, it should be included in new employee orientation and reviewed regularly with all employees. Emergency evacuation procedures should be reviewed and tested frequently, and employees should know where to find business continuity documentation. During an emergency, pay careful attention to peoples’ stress levels and make sure they are allowed ample time to sleep, eat, and relax.
Read this white paper to learn about:
- A complete approach to keep people productive during planned or unplanned disruptions.
- Best practices for a complete business continuity strategy.
- Technologies to provide secure access to apps and data on any device, over any network or cloud.