Keeping Your Business Safe: Building a Disaster Preparedness & Recovery Plan for Your Small Business
If you don’t want to fall victim to this statistic, you need a solid plan in place before disaster strikes.
Disasters and emergencies, whether natural or man-made, large or small, can have a dramatic impact on your company’s ability to keep your doors open and stay profitable.
So if you don’t already have one, then the time is now to create your disaster preparedness plan. Let’s take a look at the steps you should take right now to evaluate potential threats to your business and keep your company safe in an emergency.
First, Assess and Prioritize Potential Threats to Your Business
To go about creating a disaster preparedness plan for your business, you first have to understand the problem. Start by thinking about those obvious situations that could pose a risk, such as a fire, flood, or other major weather event.
But what about the less obvious disasters?
Do you have protections in place against cyber threats? Do you know what to do in case of an active shooter or other criminal situation? Are there threats of bodily injury or contamination posed as supplies or equipment at your workplace?
The wide range of potential disasters facing your business can be enough to leave you paralyzed. In reality, though, different scenarios pose a different level of risk to your individual business depending on your location, industry, and other factors.
If you’re not sure where to start assessing potential risks, take a look at the U.S. Small Business Administration’s risk assessment checklist. It will help you evaluate each potential risk factor by probability and impact in order to better prioritize your disaster recovery planning.
First thing to remember: prioritize human survival above all else.
In those critical first minutes when a natural or man-made disaster occurs, your immediate priority is always the protection of human life. So, the initial piece of your disaster preparedness plan should focus on creating and communicating procedures that will keep the people who make up your small business safe in an emergency situation.
Make sure to prepare for medical emergency situations. Workplace medical emergencies vary greatly depending on the disaster, type of job and the worksite. However, there are steps that can give you the upper hand in responding to a medical emergency. Encourage employees to take basic First Aid and CPR training. If it is feasible, offer on-site classes for your co-workers. You should also keep First Aid supplies in stock and easily accessible. Finally, encourage employees to talk about medical conditions that may require support or special care in an emergency.
Next identify your company’s specific emergency response requirements and objectives.
The exact needs of your emergency response plan depend upon your industry, size, location, and the highest priority risks you’ve identified for your business.
As you develop your business’s response plan, consider the requirements that may be put in place through these three key factors:
- Regulatory Requirements. Some aspects of your small business emergency action plan are dictated by local, state, or federal law. The U.S. Occupational Health and Safety Administration (OSHA), in particular, details required emergency response guidelines for any business with more than 10 employees. Fortunately, OSHA offers extensive online tools that can help you follow their standardized guidelines, including fire safety requirements, evacuation plan regulations, and expectations for emergency preparedness kits for your facility.
- Public Emergency Services. Local public services such as your city fire department and police force are committed to helping businesses craft a disaster preparedness plan. As you develop your business’ emergency response plan, consider reaching out to these entities to provide guidance, review the plans you put in place, and share contact information and communications procedures for outside community resources.
- Business-Specific Emergency Preparedness Needs. Although the guidance of regulatory bodies or emergency service personnel will go a long way toward helping you develop your emergency response plan, certain preparedness needs will be unique to your individual business and facility. To develop a plan that is actionable for your specific business and location, combine the guidelines of outside experts with what you know about your facility, your team, and how your business runs from day to day. Consider, for example, the layout of your facility, the work schedules of various personnel, and in particular the best course of action for any individuals with special needs.
To be most effective, your written emergency response plan should be clear, actionable, and well-organized, providing as much detail as possible while also allowing personnel to quickly access the information they need in any given scenario. Make sure to assign Team Roles as needed (i.e. Disaster Management, Network, Server and Applications) and provide clear delineation of roles and responsibilities of all teams.
We’ve got a great template to get you started crafting your plan:
Now it’s time to Run Company-Wide Emergency Response Simulations
Once you’ve completed a basic walk-through and implemented the feedback you receive, you’re ready for a more hands-on approach to testing your disaster preparedness plan. Depending on the size of your business, it’s wise to conduct live action drills at least once a year for each of the highest risk emergency scenarios you may face.
Then… make sure you finally…
Test Your Disaster Recovery Process & Plan
This is where you plan and walk through the policies and procedures you will be following when your IT services have been disrupted for any of the emergency scenarios we have discussed here.
Now we want to bring the focus of the plan to restoring all affected business processes as quickly as possible, either by bringing disrupted services back online or by switching to a contingency system.
This portion of your DR plan should take into account the following:
- IT services: Which business processes are supported by which systems? What are the risks?
- People: Who are the stakeholders, on both the business and IT side, in a given DR process?
- Suppliers: Which external suppliers would you need to contact in the event of an IT outage? Your data recovery provider, for example.
- Locations: Where will you work if your normal premises are rendered inaccessible?
- Testing: How will you test the DR plan?
- Training: What training and documentation will be provided to end users?
At the center of your DR plan are two all-important KPIs, which are typically applied individually to different IT services: recovery point objective (RPO) and recovery time objective (RTO). Don’t be confused by the jargon, because they’re very simple:
- RPO: The maximum age of a backup before it ceases to be useful. If you can afford to lose a day’s worth of data in a given system, you set an RPO of 24 hours.
- RTO: The maximum amount of time that should be allowed to elapse before the backup is implemented and normal services are resumed.
While this testing process may not re-occur as frequently as an evacuation or shelter-in-place drill, be sure that you do re-evaluate the protocols any time there’s a major change in your personnel or your business processes.
Obviously, frequent disaster recovery planning and testing of this magnitude can become a burden on any small business. As a rule of thumb, recovery plan experts recommend focusing on process failures instead of on specific events when building out your plan.
For most business owners, the ultimate question is not if, but when you’ll be faced with a major emergency or business disruption. That’s why, although disaster preparedness planning is hardly any entrepreneur’s favorite topic, it is of critical importance for any small business that wants to succeed in the long term.
By following the steps to create a thorough disaster preparedness plan for your business, you are making the ultimate investment to make sure that the business you’ve worked so hard to build can continue to thrive for years to come.
Contact eGuard Tech and we can help you get the right plan in place today.