Business Contingency Preparedness

7 Questions of Company Preparedness

1. Is your business impact tolerant?
2. Have you mitigated points of failure?
3. Are you and your staff prepared for Business interruptions?
4. Is your Contingency Plan documented and approved?
5. Have you reviewed your Plan with staff, suppliers and customers?
6. Is your Plan current and regularly tested?
7. Does your Plan insure timely resumption of critical business functions?


1. Is your business impact tolerant?

If you can accept the results of an impact on your business then you are tolerant of that impact. To reach a point of impact tolerance you must prepare by evaluating your risks, assessing their probability of occurring, analyzing your business processes, implementing contingency plans, communicating and exercising these plans and keeping the plans current. The difference between impact tolerance and disaster is your preparedness.

2. Have you mitigated points of failure?

As you evaluate your business processes, you must evaluate each process, in detail, to identify possible points of failure. To insure an acceptable level of continuity for your business, a decision must be made on plans and procedures to be implemented and put in place, to minimize or eliminate a process failure. If contingency procedures are in place they should be re-evaluated and tested regularly. Do not assume you are ready. Plan ahead and include contingency planning procedures in your change control process. Your pre-event contingency planning and preparedness validation will determine how little your business and customers are impacted when a failure occurs.

3. Are you and your staff prepared for Business interruptions?

The Business Planning Process does not end with an implemented and documented Plan. The Plan must be kept current, tested regularly and communicated to all those affected. The communication of expectations, approved and documented in your Plan, should define the Roles and Responsibilities of all participants when the Plan is activated and de-activated. The time to prepare is before an interruption occurs.

4. Is your Contingency Plan documented and approved?

Do not assume everyone knows "what to do" when a potentially disastrous event occurs. The actions to be taken to insure that post-disaster business is continued, should be discussed, approved by management and documented for review. Documentation of the Plan provides a reference platform of clarity for staff, suppliers and customers.

5. Have you reviewed your Plan with staff, suppliers and customers?

The actions to be taken, defined in your Contingency Plans, identify the impact a potentially disastrous event may have on your business, staff, suppliers and customers. Reviewing appropriate portions of your Plan with each group will allow you to insure acceptability and clarify expectations. It should be noted that all required components of recovery should be include in your Plan (workplace, technology and tools, staff, support, communications, etc.)

6. Is your Plan current and regularly tested?

If your Contingency Plan doesn't reflect the current business processes, levels of risk tolerance, mitigation procedures, recovery processes, team member roles and responsibilities, notification lists and other critical components for a successful and cost effective recovery and mitigation of disaster, then your Plan is not current. If you have not verified, by testing, that the steps documented in the Plan will work, as specified and expected and in the timeframe required then you can not be assured that you will meet business and customer expectations. Regular testing of major portions of your plan should occur annually. If significant changes occur in your business or a significant process, another Impact Analysis should be completed and the required Plan changes implemented, documented and tested to insure they meet expectations. Testing should validate the recovery procedure and the minimum time to recover.

7. Does your Plan insure timely resumption of critical business functions?

The measure of time between failure and your recovery back to an acceptable level of business, can determine whether you will still be in business when you have completed your recovery. Many businesses have learned, too late, that customers move to other suppliers when services or products cannot be received as expected. You should include a proof-of-concept step in any remote site recovery agreement or Service Level Agreement (SLA), as well as with your plan validation, to insure your Plan will satisfy your recovery time objectives and recovery expectations. You can best minimize the impact to your business by preparing your Contingency Plan and communicating with your customers before, during and after their expectations are impacted.