According to recent data from insurance experts, an estimated 40 per cent of businesses never reopen after a disaster. With this startling statistic in mind, it’s clear that implementing steps to prepare for and respond to disasters is crucial to help your business reduce the risk of experiencing large-scale losses.
In order to protect your business from unavoidable interruptions, it’s important to have an effective business continuity plan (BCP) in place. At a glance, your BCP should serve the following purposes:
• To protect employees and personnel
• To prevent environmental contamination
• To protect revenue, assets and information
• To prevent loss and to contain loss that occurs
• To protect your reputation
Review the following guidance for an outline of steps that you can take to develop an effective BCP and minimise business interruptions.
1. Determine the Risk
When determining the potential risks for business interruptions, consider both environmental risks and human risks. Additionally, consider which risks are preventable and which are not.
Once the risks are identified, you can begin to understand all elements involved, such as the hazard itself, the assets at risk, vulnerability to the risk and the ultimate impact of the risk. In order to be best prepared, rank each risk according to the likelihood of occurrence and the severity of impact.
2. Calculate the Cost of Interruptions
After the risks have been ranked, analyse the impact of each risk. In calculating cost containment, the following should be considered:
• Lost sales or income
• Increased expenses
• Regulatory fines or contractual penalties
• Potential business delays
3. Understand Your Insurance Cover
The next step would be to review your insurance cover. Business interruption insurance generally comes into effect in these circumstances:
• Physical damage (eg fire or flood) to the premises causes suspended operations.
• Damage to property that is covered by the policy prevents customers or employees from accessing the business.
Since business interruption cover can differ significantly, it is important to understand the policy terms, such as exclusions, extensions, cover limits and indemnity periods. Be sure to review your policy carefully with a certified insurance broker to ensure bespoke cover for your unique business needs.
4. Implement Steps for Prevention and Mitigation
There are three different approaches for controlling and containing potential hazards:
• Prevention: This method identifies preventable hazards and implements steps to avoid occurrence of the hazards.
• Deterrence: This method identifies potential criminal activities that create business hazards. Steps are taken to prevent the criminal activities.
• Mitigation: This method identifies hazards that cannot be prevented. Steps are taken to control and contain the hazards in case of an occurrence.
5. Create a Crisis Communication Protocol
As part of your BCP, it’s important to establish a crisis communication protocol in order to provide employees and customers with updates and critical information. The protocol should include the following:
• A chain of command: A chain of command allows for information to be shared efficiently and ensures that all personnel receive proper information in the event of a disaster.
• Pre-scripted messages: Eliminate confusion by pre-scripting messages that will be shared with customers, employees and the public in the event of a disaster.
• A bi-directional communication network: Allow for communication to occur in multiple directions in order to efficiently pass information in the midst of a disaster.
6. Prepare an Incident Response Plan
In addition to a crisis communication protocol, your BCP should include an incident response plan to ensure your organisation is prepared to respond appropriately and efficiently to a disaster. This plan should be practised and reviewed regularly for effectiveness. Specifically, the plan should include the following elements:
• IT and data recovery: Implement a data backup programme to protect and recover important information. Enforce workplace policies that assist in both preventing and mitigating the impact of a data breach. Further, consider developing a separate cyber-continuity and incident response plan with your staff to address your organisation’s unique cyber-security risks.