Reason one: Maintaining communication with current and new customers at all times

First and foremost, if you are unable to communicate with your customers, how will you conduct business? They have to be able to send you orders, communicate information with your team, and your team has to be able to keep them up-to-date. New customers also have to be able to reach you. Your BCP should have something in it about how you will re-establish communications once an event that triggers the plan takes place. IT is in charge of handling email, chats, phones, and so on; therefore, you want them there to help you plan that out.

Some of that planning may be as simple as switching phone providers to one that allows you to use a computer or mobile app to handle calls instead of a desk phone. Maybe it is moving email from on-premises to a cloud provider before an incident.

Reason two: Keeping your staff working even if their regular environment is inoperable

Let’s assume that the event triggering the BCP did not impact your staff. Assuming that is the case, if your office is unusable due to a natural disaster, environmental issue such as a broken pipe or structural issue or any other event beyond your control, how will you fulfill your business’s mission?

What happens if you have no computers at all because you stock exactly enough to handle day-to-day operations? In this day and age, business revolves around computers. Finance, production, customer service, executive, and other teams all rely on computers to do their jobs. Your IT team will be able to give you great feedback about how to handle keeping them working. An option may be as part of the BCP process you now consider keeping a set amount of spare computers at all times on hand.

Reason three: Ensuring a seamless restoration of operations

When the event that triggered BCP activation ends it is time to restore normal operations. It is highly unlikely a major disruptive event will simply just end and business resumes like nothing happened. If that means you have to repair your existing facility or operate at a new one, do you have vendors in place to get you back up and running?

Think low voltage cabling contractors, CCTV contractors, access control contractors, and so on. First of all, your IT director or provider should have all these people in their rolodex ready to go. Secondly, they should be listed in the BCP in case your normal IT team is unavailable – business doesn’t stop because John was unable to fulfill his duties today. Lastly, you should be in contact with those vendors before the incident is even over to get on their schedule.

Reason four: Helping test the plan to make sure it will actually work when it is needed

IT is a tremendously complex field. You cannot expect someone who does not have the relevant experience to be able to validate a plan for its accuracy or test it. You would not ask a plumber how to properly frame a room or build a chimney. Therefore, you should not ask your chief financial officer how to (for example) set up failover for your servers and deploy telework infrastructure on a moment’s notice.

The point of drafting a business continuity plan (BCP) is to be prepared in case of a disruption event. When you need it, you need it to work. This means you need buy-in from all of your department heads. They need to be able to execute what this plan says on little to no notice. They should be part of the plan’s creation and any/all testing of it. You cannot expect to drop a plan on their lap at the start of an incident, say “do it”, and expect it to go well – it is just an unreasonable expectation. Team work makes the dream work.

Reason five: Helping make sure your plans do not end up putting you at risk

Let me paint you a picture: A cyber attack strikes your company and takes down your main servers. It also takes down your routers, firewalls, WiFi, printers, and everything else. You are one step ahead of these malicious actors! You have a warm site in the cloud with a secondary copy of data that was secured and is unaffected. So, you tell your staff to log in to the alternate site and get to work.

You, however, did not know that a manager approved Sally to telework from her home computer instead of her company issued one against the strong opposition from IT two months ago. Now, that computer is the origin point of the attack. Sally dials in to the secondary environment and just a few hours later that whole environment is down too. No business can be conducted now and your business comes to a screeching halt.

Maybe this is something you have not even considered yet. I can assure you, IT knows these things and wants to discuss them with you. They would have told you during a BCP meeting that stuff like this was taking place and posed a great risk in certain cases. Machines not under company control will lack the relevant protections and monitoring that company issued ones will have.

Do other companies include IT?

One of the most prepared companies in the world, Waffle House, does! Waffle House puts on a master class on preparedness every single day. They are so good at it, in fact, that FEMA uses them as part of their gauge of impacts to an area following a hurricane. This is known as the Waffle House Index. Check out this video below to learn a bit more about their preparedness including IT.

Can you help us with this?

Yes we can! Our team has training in emergency management and business continuity. We are ready and waiting to get involved in helping you prepare for the best days and the worst days. Give us a call today at 973-636-7350 or contact us via our contact page.