June 20, 2023

How to Draft a Business Continuity Plan

The process of coming up with a business continuity plan using the Covid-19 pandemic as a guide.

How to Draft a Business Continuity Plan

Sleek v2.0 public release is here

Lorem ipsum dolor sit amet, consectetur adipiscing elit lobortis arcu enim urna adipiscing praesent velit viverra sit semper lorem eu cursus vel hendrerit elementum morbi curabitur etiam nibh justo, lorem aliquet donec sed sit mi at ante massa mattis.

  1. Neque sodales ut etiam sit amet nisl purus non tellus orci ac auctor
  2. Adipiscing elit ut aliquam purus sit amet viverra suspendisse potent i
  3. Mauris commodo quis imperdiet massa tincidunt nunc pulvinar
  4. Adipiscing elit ut aliquam purus sit amet viverra suspendisse potenti

What has changed in our latest release?

Lorem ipsum dolor sit amet, consectetur adipiscing elit ut aliquam, purus sit amet luctus venenatis, lectus magna fringilla urna, porttitor rhoncus dolor purus non enim praesent elementum facilisis leo, vel fringilla est ullamcorper eget nulla facilisi etiam dignissim diam quis enim lobortis scelerisque fermentum dui faucibus in ornare quam viverra orci sagittis eu volutpat odio facilisis mauris sit amet massa vitae tortor condimentum lacinia quis vel eros donec ac odio tempor orci dapibus ultrices in iaculis nunc sed augue lacus

All new features available for all public channel users

At risus viverra adipiscing at in tellus integer feugiat nisl pretium fusce id velit ut tortor sagittis orci a scelerisque purus semper eget at lectus urna duis convallis. porta nibh venenatis cras sed felis eget neque laoreet libero id faucibus nisl donec pretium vulputate sapien nec sagittis aliquam nunc lobortis mattis aliquam faucibus purus in.

  • Neque sodales ut etiam sit amet nisl purus non tellus orci ac auctor
  • Adipiscing elit ut aliquam purus sit amet viverra suspendisse potenti
  • Mauris commodo quis imperdiet massa tincidunt nunc pulvinar
  • Adipiscing elit ut aliquam purus sit amet viverra suspendisse potenti
Coding collaboration with over 200 users at once

Nisi quis eleifend quam adipiscing vitae aliquet bibendum enim facilisis gravida neque. Velit euismod in pellentesque massa placerat volutpat lacus laoreet non curabitur gravida odio aenean sed adipiscing diam donec adipiscing tristique risus. amet est placerat in egestas erat imperdiet sed euismod nisi.

“Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum”
Real-time code save every 0.1 seconds

Eget lorem dolor sed viverra ipsum nunc aliquet bibendum felis donec et odio pellentesque diam volutpat commodo sed egestas aliquam sem fringilla ut morbi tincidunt augue interdum velit euismod eu tincidunt tortor aliquam nulla facilisi aenean sed adipiscing diam donec adipiscing ut lectus arcu bibendum at varius vel pharetra nibh venenatis cras sed felis eget dolor cosnectur drolo.

The war theorist Carl von Clausewitz is often paraphrased about the discontinuity between military plans and war realities with the notion that the ideal conditions of war are never met. Dwight Eisenhower provided another angle in the 20th century with “planning is essential but plans are useless.” It’s hard to imagine a better time than now to revisit the associated notions. COVID-19 is wreaking havoc in whole numbers of places, and causing fear and panic in the rest.

Disaster recovery plans are often wonderfully convincing documents that businesses are required to have (or more likely file away), but we need to start thinking about restructuring for actual resilience.

When it comes to COVID-19, was your entity ready? Did your plans for telecommuting and remote work succeed or fail?

For many startups, the move to telecommuting wasn’t difficult. The end-user environment doesn’t mean clunky desktop computers hard-wired in a specific location anymore. It’s a bunch of laptops with remote access to various internal and external services, such as email and some sort of internal chat systems, where staff work from home as often as not.

How sustainable that remote capable work model is long term is a separate question, but there’s no time better than now to reassess your infrastructure and processes.

The best time to review past planning is when your plans are in action. Since you probably have the time to delay that Netflix series for now, go record what you did for this current emergency in your disaster management plan. That next episode, and you, are probably not going anywhere for a while, anyway.

A lot of thought and planning go into an organization’s resilience. There are a number of basic tenets to guide you, and there is likely time to make adjustments now.

First, determine what is critical in your physical office location. Are there servers that can be shut down for the interim? Are your backups still happening? Are there password lists or digital offline resources that you can’t access remotely? Can you continue operations without physical access for the next month or three?

Second, review any over reliance on a single provider. Monocultures (the reliance on a single provider) are poison to resilience in action, yet choosing the most common providers is often the easiest and most expedient route with services.

It’s unlikely that Google will stop processing your email, or that Amazon Web Services will come to a hault during this COVID-19 pandemic, but what if they did in another scenario?

Third, there are basic areas to review specifically in communications: communications among the staff, communications with customers and communications with service providers.

Communication with staff: You probably have staff cell phone numbers besides their work email addresses and the ability to chat on a service like Slack. Can you send them regular snail mail? Do you have alternate email addresses for them?

Stop making assumptions based on how things normally work, and start imagining if this or that service isn’t operational. Better yet, imagine if the usual pipes aren’t there, i.e., if there was some catastrophic issue with email communications. Some entities maintain old-school numeric pagers for backup communications. Those ancient devices work on regular AA or AAA batteries, and don’t rely on complex systems like 4G cell phone networks. Sure, you might look silly with it, but the old pager networks just broadcast out pages and work when everything else goes to hell. And best of all, adversaries who might attack your infrastructure aren’t likely to simultaneously attack that system.

Communication with customers: If you just have a few customers that you’re acquainted with on a personal level, it’s probably easy. But if you have a large number who you maintain mostly passive interaction with, it’s another. If your web site goes down, does that mean you lose communication with your customers?

Maybe Twitter accounts take up the role, or Facebook. Or maybe you should maintain a separate emergency-only simple web site for broadcasting information.

Communication with service providers: The new organizational models are more difficult to manage. One can’t just ask the accounts payable department to print out a list of service providers they paid in the last 60 days because too many service providers are “free.”

When times are back to normal, you should start listing all of those providers, paid or free, that matter. Having a sense of your full footprint is the first step not just in building resilience but also in assessing privacy and security operations.

Build a hierarchical listing of the service providers ranked by how critical they are for your operations. Your email provider probably ranks high, which might include a data center facility. Do you have support contact information? How do you measure their uptime? Organizations that create and maintain sites like “https://status.hostname.tld" get extra cookies. Those who lived through Superstorm Sandy should remember that.

The COVID-19 “cost” to business is contagion, staff falling ill, sometimes with fatal consequences. The advantage to have an operational and easy-to-implement remote work operation could mean longer term health, both mental and physical for your employees and other employees who are not so fortunate.

Building resilient systems means making a lot of decisions that don’t seem to make much sense in “normal” times. And they often mean incurring costs of money and time that don’t immediately provide proof of a return on investment to management or investors. But like insurance policies, they justify their costs in times like these. Amid the fears and panic of COVID-19, how many organizations and individuals are thinking “I wish we just had done X before this”? Use the time and experience of this pandemic to prepare your business to the next crisis. It may not be a pandemic next time, but planning is essential, even if the implementation of the plan is practically useless.

About the author

I never met a repetitive, laborious task that I didn't want to automate.

Subscribe to our newsletter

Thanks for subscribing to our newsletter
Oops! Something went wrong while submitting the form.
Subscribe To Our Newsletter - Sleek X Webflow Template