The most serious risk to your organization isn’t malware, supply chain disruption, pandemic or any other event. Ironically, your biggest risk is your inability to adequately recover from multiple simultaneous disruptions.
In the past few years, business and society have adapted to various ‘new normals’, and one of those is disruptions layered one on another and another.
Take a step back and remember the array of events worldwide – the Covid pandemic, cyber attacks, unprecedented natural disasters and severe weather, mass casualty events, supply chain disruptions, high inflation, labor shortages and actions, war, political upheaval and more.
Can business continuity plans sufficiently equip organizations large and small to respond to multiple simultaneous, often long-duration disruptions, and if so, how?
The first step is to look for lessons learned from how your organization responded to the disruptions you experienced since 2019. Your evaluation will suggest how to update your business continuity plan to address the new normal.
As you update your plan, be sure your recovery plan incorporates the following strategies:
- A new approach to defining recovery priorities – Define how your organization will manage competing priorities and allocate constrained resources across multiple recovery efforts. If not already the case in your plan, identify recovery priorities and procedures by event category, e.g. loss of assets and resources including facilities, unavailability of people, loss or disruption of data and IT systems. This approach will make your plan a better guide for recovery from most events.
- A clearly defined structure for managing multiple recovery efforts – Consider adapting the proven Incident Command Structure for managing crises. In that model, there would be a separate team or task force assigned to each recovery, and all such teams would report up to a coordinating decision-maker who manages responses to what may be complex or competing recovery priorities.
Beyond your plan, execute risk mitigations to make your organization more resilient for the new normal:
- Cross-train for more resilient teams – Cross-train for different team roles as well as multiple departments or divisions. This affords much greater flexibility when assigning recovery teams.
- Ensure people can work remotely or at alternate facilities – Test large-scale remote system access, system redundancy and capacity, and equip and train people to work at alternate sites or from home. Also, be ready to manage and communicate with a suddenly distributed workforce.
- Drive uniform adoption of direct-deposit payroll – If not already in place, now is the time to transition to automated payroll processing and electronic deposit, and to ensure universal adoption by employees. Paying people is one critical process you shouldn’t need to recover.
The past few years have proven that organizations can recover after multiple disruptions, but it requires new approaches and additional preparation.