No I am not talking about an upset employee who has just had a family bereavement, or whose pet is seriously ill. I am talking about what would your business do if you could not get into your office because of Tear Gas or Riots outside of the office.⁹
Everyone has a business continuity plan for Typhoons (or at least you should have) but does anyone have any plans for the current troubles. I seriously doubt it and if you don’t then you certainly should start to plan one now.
We have now had over three months of protesting and rioting and I waited for today to write this blog as I wanted to see what happened on October 1st, China National Day. Without a doubt there was an escalation in the activity and level of violence occurring. In the absence of change I cannot see this stopping any time soon and therefore all companies regardless of size should be planning for the possibility that their office is not accessible at some point in time.
Below are the basic 10 points that need to be covered in a Business Continuity Plan.
1. Critical Business Functions
Make a list of all business functions and determine which are critical for your daily operations. Everything is important but not everything is critical. Work out what absolutely must continue to ensure you still have a business when the crisis is over and focus on them.
2. Essential Equipment and Systems
Make sure that all your critical data is available from outside the office. With the current availability of high quality cloud solutions this should never be an issue nowadays. Have all your data and systems replicated between the office and the cloud to ensure connectivity from any location with suitable security.
3. Potential Risks and Threats
As per the introduction you probably have a Typhoon policy but that should be expanded to include other types ot risks and threats. Riots, earthquakes, martial law etc. Also don’t just consider your Hong Kong office if you have overseas offices as the risks are different in other countries.
4. Emergency Contact Information
When a crisis occurs there is no time to research things. The internet may be unavailable so ensure you have all important employee and third party contact available offline so that communication can be handled as necessary.
5. Disaster Recovery Team
Work out who in the company is required to make decisions in the event of a crisis. Put the team together and ensure that you only include the critical personnel. Do not have a team that includes all your employees. Include first level leaders who will disseminate the relevant information to the rest of the staff.
6. Roles and Responsibilities
Every member of your disaster recovery team should be clear in terms of the expectations of the role and responsibilities. Assign accordingly and ensure all members are trained so that they can complete the task. You cannot learn during a crisis, you have to act and get it correct. For example if someone is assigned to be the medical officer then ensure they have basis medical training.
7. Emergency Drills
23% of companies with a disaster recovery plan never test it. Is it any surprise that when a crisis happens their plan fails. Often tests are done when it is convenient for the business. You should understand that a crisis never waits until it is convenient for you. You should test your plan a few times a year and at least once a year it should be during normal business operations. Only then will you know whether you plan is robust enough to survive a real crisis
8. Data Backup Plan
Whilst you have your data secured and hopefully replicated to the cloud as mentioned earlier you also need to ensure you have comprehensive backups. With ransomware so prevalent now backups are even more critical. Ensure you test your backups by doing random restores. Remember replication is not backup.
9. Alternative Facilities and Equipment
If your office is not accessible ensure you have pre-determined where your critical team members can meet and work if necessary. This may be the MD or CEO’s house or a backup office facility. Ensure you have sufficient internet at these locations to access your data and systems.
10. Alternative Communications
What will you do if the internet or phone lines are offline. Make sure you have a rally point if necessary so you can ensure everyone is ok. Have a plan for how to continue business. Remember it may only be you that is in a crisis and all your clients etc are ok so communicate with them. Normally people understand and accept as long as they are informed.
Business Continuity Planning is critical to any business. First steps are to ensure you have data available from outside the office. This often means using cloud solutions. If you need assistance migrating to the cloud or looking at your business systems then contact FunctionEight to discuss.