VALUE

How Business Continuity Provides Value to A Business. There are many ways in which Business Continuity can provide a business with tremendous value. Not just during an activation of the plan itself, which may keep the business from suffering substantial losses, but even during times of normal business operations. How? You ask!

The first and most obvious to many is that business continuity planning helps organizations obtain reduced premiums on insurance. Another is that it assists in providing consistency across the enterprise and increased efficiency. Let’s look at each of these and others in more detail.  

  1. Reduced Insurance Premiums: It is well known that having a well-established Business Continuity Plan can assist businesses in obtaining a reduction in premiums for business interruption, supply chain, cybersecurity, and other forms of insurance.

Not certain if your provider will or has reduced your premium? Contact them and ask. If they aren’t willing to (though a majority will) start looking for a new provider that will.

In some cases, we have seen providers work closely with the client to further mitigate risk by providing additional assistance and suggestions. You might also find that an unacceptable risk before having a business continuity plan, becomes more acceptable with insurers now willing to underwrite the risk since you have written documentation on both mitigating and recovery should the risk occur.

  1. Consistency Across the Enterprise: Often, especially when spread across a large geographic area, a business will have different processes to complete the same task. This can often lead to confusion, inconsistencies, delays, lack of trained personnel, and frustration.

These disparate processes are easily found while creating the plan and easily consolidated into one or two (as a backup) processes for complete a specific task. This creates consistency across the enterprise, reduces waste, and even provides for more personnel in having knowledge of how to complete the same processes and tasks. This is also good for workforce continuity should the need arise, especially if having to move the process geographically due to business disruption.

  1. Increased Efficiency: Business Continuity Planning encourages the organization to perform deep-dive analysis into their processes. Mapping out the processes allows the business to find strengths, weaknesses, and inefficiencies and make improvements.

The refining of these processes over time helps the organization to increase efficiency maximizing operations for capacity, agility, and growth finally leading to better cost management.

  1. Meet Government Mandates: While there are currently no government mandates to have a business continuity plan, mandates do exist that can cause a business to meet severe penalties and fines if not met. Such as meeting payroll on time and accurately.

Having a business continuity plan in place for these processes ensures that they can be maintained effectively during a crisis or disruption keeping the business from facing steep fines.

  1. Meet Legal and Regulatory Requirements: In addition to governmental mandates, organizations face legal and other regulatory requirements to have business continuity and contingency plans. While it may not seem obvious at first, many businesses face Service Level Agreements (SLAs) and other contractual agreements that if unmet, can cost a business lost revenue and penalties.

In addition, businesses MUST meet requirements from regulatory bodies to have proper business continuity plans in place. Sometimes including specific requirements and within specific time frames. One such requirement is FINRA 4380. In addition, these regulatory rules have changed from time to time, only increasing in strength.

  1. Meet Needs of Clients and Business Partners: Having these Business Continuity plans in place allows the business to quickly meet the needs of its business partners. Many large organizations now require their vendors and business partners of all sizes to have and maintain a business continuity plan in place before they will even consider conducting business with them.

This gives the businesses that already have the plans and contingencies in place and obvious business edge against competitors and increased business value. as such businesses can command higher prices or premiums on goods and services they provide to other organizations.

  1. Increased Business Value: Organizations that have business continuity and contingencies in place can quickly meet the needs and requirements of their business partners. As such these businesses can command higher than normal prices and a premium when showing they can continue to support their clients and business partners during major disruptions.
  1. Reduced Business Liabilities: Business that have business continuity plans frequently find hidden exposures to the business and take steps to mitigate, reduce, or remove the risks and reduce the overall business liabilities that otherwise might have been unforeseen.
  1. Alignment of IT with Business Strategy: Business continuity planning assists the business in aligning business strategy with IT strategy. Too often businesses have communication and alignment gaps between business and IT strategy which leads to increased frustration on both sides.

Business continuity planning allows for the defining of critical, important, and non-essential processes along with supporting applications and other IT functions so that you can recover your critical processes quickly.  

  1. Alignment to Maturity Model: Business continuity planning allows for the natural progression to a maturity model from non-existent, to repeatable, through to the optimized level.
  1. Alignment with Risk Management: Businesses with mature business continuity plans successfully align with Risk Management to further reduce liabilities and have strong contingencies in place for risks that will have a high impact on the business.
  1. Alignment to Vendors and Customers: Business continuity planning allows you to take a closer look at your vendors and suppliers and see how they will handle your needs during a disruption. This also allows for deeper and closer partnerships with your first-tier vendors and to work together to achieve objectives during disruptions to either entity.

The same can also be said for your most important clients. Well defined contingency plans account for working with top-tier and other clients during disruptions.

  1. Institutionalization of Program: Organizations that implement and maintain their business continuity plans tend to develop institutionalized programs. Meaning the future life and maintenance of the planning itself becomes an embedded process within the organization.
  1. Preparedness as a Culture: Developing a solid business continuity plan likely will create a culture of preparedness and employees will take a natural course to ensure the continuity of new and emerging processes and tasks that develop.
  1. Maintain Operations During an Emergency: Business continuity plans enable organizations to operate after, and ideally during a major crisis or emergency that might arise within or around the business.
  1. Increase Return on Assets: Businesses with continuity plans tend to keep greater track of critical and important assets. This allows the business to take action to realize and recoup the value of assets. This can be done through getting the full life out of the asset, donating the asset, and many other methods to achieve monetary value out of assets that otherwise would have not been achieved.
  1. Safeguard Critical Business Assets: Business Continuity planning allows for businesses to better safeguard critical assets in a variety of ways. Whether through insurance, hardening structures, or other methods. Planning makes for the identification of critical assets to take further action when required.
  1. Safeguard Business Reputation: Business continuity planning with well-defined crisis communications plans can help mitigate and, in some cases, prevent major impacts on an organization’s reputation.
  1. Safeguard Employees: Business continuity plans can also account for the safeguarding of employees and their workforce.
  1. Training and Education: Business Continuity Plans that are properly tested and exercised makes for a greater success of recovery during a disruption through continuous training and education.
  1. Discover Hidden Business Value: Business continuity planning creates opportunities for finding hidden value in the business. This is achieved through consolidation and deduplication of processes that may overlap. Better and more refined processes and new ways of conducting processes. In some cases, it also leads to new ideas and opportunities to provide to clients and customers.

It is not uncommon for organizations with business continuity plans to be able to quickly and efficiently respond to market and geopolitical changes and increasing their competitiveness.

  1. Reduce Revenue Loss: Business continuity planning leads to reductions in revenue loss.
  1. Increase Return on Investment ROI: Numerous cases exist for increased ROI with Business Continuity, among them are better-defined Disaster Recovery strategies and implementations often leading to cost reductions.

Businesses that faced disruptions with well-defined business continuity plans, could react quickly and adjust leading to profits while competitors struggled to recover.

business continuity plan

 

Throughout the course of my career spanning over 25 plus years, I’ve witnessed many planners and organizations getting stuck during their continuity planning. This happens for a variety of reasons including how you manage the overall program. Here are some important ways on how to get ‘unstuck’ in your contingency planning.

The BIA phase is one of the most common phases that organizations and planners get hung up on and end up being ‘stuck’ in without making progress and moving on to the strategy selection and planning stages. This happens when you’re trying to get everyone through the BIA process prior to moving on into the other phases.

In large organizations with many business units and processes getting ‘stuck’ in this part of the business continuity process can easily derail your entire program. In fact, I have seen a healthcare organization 3 ½ years into their business impact analysis with an estimated six more months remaining until they thought they would complete this phase of the program. They also felt it wasn’t productive to move forward into additional steps prior to completing all BIA’s for the entire organization.

Three years in, it is highly likely that the data you collected in the beginning, is no longer valid. In most cases, a BIA should be completed every two years. In some cases, a BIA is completed once per year. So being 3 1/2 years in without further progress is not beneficial to the organization or to your program.

How to Avoid Getting Stuck

Solution

The best way to avoid getting stuck in the first place is to have a solid plan before you start with your first BIA. Determine how many BIA’s you will need to complete overall. Once you do this, you can easily break them down into smaller groups of four or five and plan out how many rounds of these groups you will have to do.

Start with your first group of business units and complete the BIA process with this first group. Once this is completed, move the first group into the strategy selection and planning phase and get your next group ready for their BIA phase.

Splitting your business units into groups allows you to continuously cycle them through each phase of the planning process. This allows them to move along in the process while the information is fresh, maintains the momentum, and rapport you built during the BIA process.

This also allows other groups and your management teams to see and experience the progress of your planning program which will contribute to your success.

What to Do If You’re Stuck

Time for Action

Here is how to get ‘unstuck’ in your contingency planning if you’re already in a situation where you might be having trouble moving the needle.  There are a few things you can do to start your planning moving forward again. Since you want your business continuity program to be successful, I recommend that you start with the most recent business departments that completed their BIA’s. Moving them directly into the strategy selection and plan building phase.

Then go back to where you started in the beginning and meet with the departments that completed their BIA’s the furthest back in time. Review the data that you have looking for changes and make the necessary adjustment to the data you gathered.

Once you do this you may find that you can move these business departments into the next stage of strategy selection and plan creation and documentation. In some cases, you may find that so much has changed, from personnel, processes, responsibilities, and even applications that you might have to redo the entire BIA process again.

Don’t fret, simply continue this process, and as you find departments that have little to no changes move them along into the next phase and redo BIA’s for those groups that have too many changes to quickly gather the data.

This may seem like you’re moving backward at times, but you’ll be making more progress than you were previously by moving business units into the next phases.

Keep the Momentum Going

Once each business department group completes the creation of their planning document, move them into a tabletop walkthrough to look for gaps. missing information, or something that might cause an issue during recovery.

These groups can then be placed into a maintenance category where the plan will be reviewed at least once per year. Hopefully, someone will be dedicated to keeping the plan updated as changes are made making this process of doing a yearly review much easier.

If you need more help getting unstuck in your business continuity program book a free consultation today

Book Consultation

 

The Importance of Business Continuity

The Importance of Business Continuity is an extensive Whitepaper first written in 2009 by our CEO & Principle Managing Consultant – Keith Erwood. It is newly updated with fresh content, new stats and important new information.

The Importance of Business Continuity is a great resource

Importance of Business Continuity open
Importance of Business Continuity open

For continuity professionals and practitioners as well as business owners, executives, and business managers who have or are looking to implement Business Continuity and Disaster Recovery programs in their businesses. 

For those new, to Business Continuity the Importance of Business Continuity provides a brief overview of what business continuity is and why you should have a continuity plan, but more importantly how to get started developing and implementing your own program for business resilience and preparedness. 

Inside The Importance of Business Continuity, you’ll learn more about minimizing downtime, Protecting strategic elements and assets, maintaining your reputation, communicating efficiently, resuming operations, how preparedness measures mitigate costs, methods of calculating ROI, and more. 

You’ll learn key statistics such as The impacts to a Pharmaceutical giant following a ransomware attack in 2017, a staggering percentage of small businesses impacted by breaches in 2018, as well as how much the average cyberattack is costing businesses of all sizes – hint, it’s over $100,000 and the amount may surprise you. 

The Importance of Business Continuity is a great resource to have at your fingertips or close by to facilitate discussions with your executive management team, crisis management team, IT recovery team, and anyone else that you might want to discuss business continuity or disaster recovery with. 

We’ve also updated our section on How to get started – including the basis, communications, data protection and more for larger businesses. The best part is it’s free.

We’d like to add here at the Erwood Group, we are driven by our purpose to our relentless commitment to preparedness so you can Prepare Prevent and Profit. The Importance of Business Continuity should help you do just that. 

Click the button below to be taken to the page to access The Importance of Business Continuity

 

Get Whitepaper

 

 

Coronavirus

Businesses face challenges in reopening after Coronavirus.  Why? Well, there are several reasons, from temperature checks and whether to do them, even if you can. Sourcing cleaning supplies, added security, enforcing social distancing, and finding out employees don’t want to return to work yet.

Below we mention some of these issues and provide some recommendations on how to handle each situation to make your reopening a little bit smoother.

Employees May Not Want to Return to Work Yet

With every disaster or major disruption, there is also a psychological impact. This is particularly true when it comes to the Coronavirus. The biggest reason your employees might not be ready or even refuse to return to work is they may feel unsafe.

Another reason for this is many employers are discovering they have to compete with higher unemployment payments that may be greater than the employee’s actual earnings.

Yet, another often overlooked issue may be how employees get to and from work. Employees that don’t have transportation, may look to avoid public transportation and even carpooling to avoid contact with other people. This may cause them to refuse to return to work.

Recommendations on Employee Safety:

One of the first things you should do when you first begin to consider avoiding challenges in reopening after coronavirus is to set up a series of one-to-one calls with your employees and survey them about returning to work. Find out their concerns, fears, and doubts directly from them. Don’t just assume they will all want to return right away. Some employees may need some extra coaxing.

Another thing you can do to ease this transition is to have employees meet at the worksite to visually observe and experience the proactive steps you’re taking to ensure the safety of not only them but customers and others who may come to the worksite. Have them experience and participate in the cleaning and sanitization process. Let them see and experience social distancing policies. Have them help set up for social distancing by actively measuring out 6-foot distances.

Have them wear their face coverings before entering the worksite and experience what it is like to wear it continuously while working and discussing the proactive steps being taken to overcome the challenges in reopening after coronavirus. Then reassess their comfort level. Do they still have concerns? Can they be addressed further?

Recommendations on Employee Compensation:

You may have to consider offering increased compensation policies or even a one-time bonus incentive to encourage employees to return. If for instance, you implement all the safety measures you can, and many employees still refuse to return consider increasing the hourly pay rate or a one-time return to work bonus. We witnessed businesses that remained open and offered a $2 per/hour increase encouraged people to return and increased the number of new applications for employment

There are currently discussions taking place on having government subsidizing a return to work through incentives. For example –Idaho is paying people $1,500.00 to return to work. Many employers that remained open during the coronavirus increased pay and offered other compensation incentives should employees become ill or perhaps exposed, such as increased sick leave and pay during quarantine periods.

Whether other Local, State, and Federal governments end up providing some type of return to work incentive remains to be seen.

Recommendation on Employee Transportation:

If you have employees that utilize public transportation, they may be concerned about traveling to and from work. This may be a bigger concern than the safety of your worksite. Additionally, some employees that car-pooled in the past may no longer be willing to do so.

While some of your employees may refuse to utilize public transportation altogether during this time, one of the solutions you can implement to reduce challenges in reopening after coronavirus is to allow employees to take public transportation to travel during off-peak times. This will allow them to travel and share contact with fewer people and less crowded transportation. This may take some trial and error since many businesses may implement the same policies. Also, Public transportation may allow for fewer riders, and commute times may increase. Anticipate and allow for this.

You may want to consider informing carpoolers that are not domiciled together to take extra precautions. Such as wearing face coverings while traveling together. Suggest they take other precautions as well, like those the CDC recommends for Ridesharing, taxi, and limo service.

As a last resort, if cost-effective and feasible you may want to consider hiring your transportation for employees. You can either have them expense their transportation or hire a shuttle bus that allows for social distance spacing provide pickup and drop off service for employees.

 

Social Distancing May be Harder Than You Think

Included in social distancing mandates in some localities is a reduction in the number of people allowed into a worksite. This reduction doesn’t just include customers, it includes your employees as well.

Some businesses will have the added challenges in reopening after coronavirus by having to select which employees can return, and which do not. On top of that, will you be able to have enough staff on-site to handle any customers that need service? Too little, and customers will have to wait longer than what they may deem acceptable. Too many, and your costs increase, and profits decrease. For some businesses, this will be a continuous balancing act and for others, it will be a non-issue.

The next challenge you’ll encounter is if your worksite has enough space and flow for employees to be socially distanced and still be able to work effectively. You’ll also have to consider breakrooms, restrooms, hallways, and small spaces, and what about the reception area?

Recommendation on Social Distancing:

Make sure you have clear and concise signage that explains the social distancing policy at your entrances and displayed throughout your worksite.

Next, you’ll want to incorporate clear visuals and signage that shows 6-foot distancing clearly. You’ll also want to implement a nonpunitive and friendly reminder policy where all employees can remind others, including customers and guests of the social distancing policy.

Temperature Checks Are Not A Panacea  

Employee Self Temperature Check
Employee Self Temperature Check

While this sounds like a great way to ensure employee safety, it includes its own set of challenges. Where will you source the preferred no-touch thermometers? Will you use and implement thermal cameras and where will you source them? Many scams are out there in sourcing for both – do your due diligence. Who will take employee temperatures? Other employees? Managers? Self-checks? Should you hire an outside vendor? What type of vendor? Will, you set up screens and barriers for the checkers? What about Personal Protective Equipment (PPE) and what kind? Will you record or not record temperatures? If you do you will have to comply with HIPAA, and how will you do that?

It doesn’t end there. What is your policy if someone has a temperature of 100.4°F? Sure, you won’t allow them access to the worksite, but then what? Do they need to self-quarantine? Do they need to go to a doctor? Get tested for COVID-19? How and when can they return? Also, they are now covered under the Americans with Disabilities Act (ADA). Once you send them off-premise, do you require contact tracing for those around that person? If so, how far back will you go?

Next, how will you go about getting the temperature? The CDC guidance calls for doing this before entering the facility or worksite to minimize exposure. This, however, has proven extremely difficult to implement and most employers that are implementing temperature screening are doing it just after the employees enter the facility. Outside increased temperatures of as little as 80°F and people traveling in hot cars have caused false positives. One client implemented utilizing a large swamp cooler outside the entrance to help reduce this. Another potential problem seen is people trying to reduce their temperatures with icepacks. How will you handle that?

Then we have compensation issues to worry about. Having employees waiting in line before the start of their shift or day can cause delays, lateness, and if required is considered part of work.

All of these issues combine to create immense challenges in reopening after coronavirus. Many businesses that start off planning to implement temperature screening tend to abandon it once they’re confronted with the challenges of implementing it.

Recommendations for Temperature Screening:

Now that you are aware of many of the challenges around temperature screening, the first step to take if you’re still considering this is to create a written plan on how you will meet these and other issues you encounter.

Once you address this through a written plan, conduct a walkthrough of the area where you will be doing the temperature screenings. Ensure that you will have enough space for the screener, any barriers you will use, and the person being screened. Next consider the time to check each person and how long it will take to check each employee, guest, and vendor entering the facility.

Next, we recommend hiring a vendor to do the actual temperature screening if possible. If you’re a small business and can’t afford to hire a vendor, utilize your employees to check other employees, or have them conduct self-checks.

Work out and talk through all the potential iterations of what will happen when an employee has a temperature of 100.4°F. Write these policies and procedures down, and do not deviate from them.

We highly recommend that you do not record temperature readings from any employee, whether normal, high, or below normal. Speaking of below normal. You’ll have to decide what to do when someone has a below normal temperature because it will happen.

If you deploy thermal cameras, we recommend people spend time training and getting used to them. There will be a learning curve as to where the camera picks up high temperatures and you may need to use a backup touchless check as well. From experience, thermal cameras work well and speed up the process overall but will also cause significant false positives when the outside temperatures climb. Some may require constant calibration as well as temperature changes occur in the surrounding environment.

Beware of Scams:

Always do your due diligence when researching vendors and products. We as well as clients have run into numerous scams and fake vendors while researching temperature screening solutions. Call clients listed on their sites and reach out to colleagues and see what they are using and where they obtained it. Also, never pay large upfront fees if you can avoid it.  

Handling Visitors and Vendors

Another area that presents challenges in reopening after coronavirus is how to handle visitors, guests, and vendors. Early on, it was typical to prevent visitors of any kind from entering your facility. Today as we begin to reopen, visitors of some types are more expected. However, there are different types of visitors and you may want to handle each differently.

One type of visitor could be anyone that shows up unannounced. This could include family members of employees, job seekers, new vendors, or even local officials checking in on you.

Each situation might have to be handled differently, but you should have policies in place to prevent confusion.

Recommendations for Visitors of Employees:

We recommend people visiting your employees that are not doing business with you remain and wait outside your facility. This reduces both the number of people going into your facility and the need for testing or providing PPE to people who enter your worksite. Employees can meet with family, friends, and anyone else outside the worksite.

Recommendations for Job Seekers:

Place signage outside refusing admittance along with a number where they can seek assistance if necessary. Provide them with an online URL application completion process or your jobs/careers website address.

Recommendations for Vendors:

All vendors should have face coverings or a mask when entering the facility. You should also require hand sanitizing before entering as well. If you are going to temperature screen employees, you should do the same for all vendors entering the site for an extended period of greater than 30 minutes. You can also choose to check all of them before letting them into the facility. Set all sales/marketing and non-essential, non-delivery-based vendor meetings to teleconferencing only.

Request all vendors to provide touchless only options for billing.

Recommendations for All Visitors:

All visitors with permission to enter the worksite should sign in and out and provide a cell phone number along with whom they are visiting and why. Face coverings and hand sanitizing should be required. Limit all face to face meetings.

 

Going Contactless

You will need to set up touchless or contactless methods of interacting with customers and vendors. This includes payment collection methods and the providing of goods and services.

Recommendations for Going Contactless:

First, ask your payment processing vendors about their contactless options and services that you can provide to your clients. If you accept card payments, consider collecting the payment information over the phone and directly inputting it into your payment processing systems.  We advise against writing it down and then putting it later. Additionally, you can offer to invoice the customer and accept payment later depending on the type of service you provide.

Next, come up with a delivery method to provide your goods and services to clients and customers. Offer curbside pickup and delivery. Allow, a limited number or one person into your establishment at a time to pick up your products.

Can you deliver some services through a teleconference, videoconference, or through the mail or email? If so, do it where you can.

Find additional ways you can provide goods and services to clients where possible.

Additional Needs

Consider what other additional needs you have. Some businesses require additional security and cleaning vendors. When you find you need a new or additional vendor, we have found it best to start early in the process and execute early. We have seen businesses wait and then be left with zero options in some cases. Find what you need, implement and you can always make adjustments as you go along.