Disaster Planning

 

Related Terms: Crisis Management

Small business owners are strongly encouraged to make contingency plans for responding to and recovering from disasters that may befall them. The motivation for doing so may be more sharply present in the aftermath of the 2005 Katrina hurricane that almost wiped out New Orleans. Analysts note that disasters—whether they take the form of floods, corporate espionage, fires, or power outages—can have a devastating impact on a business's viability. Business experts also insist that the importance of a good disaster and recovery plan has never been as acute as it is today. In large part this is because today so many businesses rely on vulnerable technology (communication networks, management information systems, process control systems, etc.) to execute fundamental business operations.

Yet as Alan M. Levitt reported in Disaster Planning and Recovery, "various studies and surveys instruct us that most organizations have not established a comprehensive strategy for disaster planning and recovery. The percentage of organizations that lack any semblance of a plan is, simply put, frighteningly large." Levitt also noted that many disaster contingency plans that do exist are "applicable only to certain specific business processes (put another way, it is designed only to rescue specific bits and pieces of the business, not to save the entire organization!)." Many other companies' disaster planning policies, meanwhile, seem to consist only of disaster insurance. Such coverage is valuable, but it is only of limited usefulness. Indeed, Kenneth N. Myers, author of Total Contingency Planning for Disasters, described disaster insurance as only one element of a comprehensive disaster contingency plan. "The role of insurance in protecting against loss of physical assets, such as buildings and equipment, is clear," wrote Myers. "However, using insurance policies to protect against the loss of cash flow, the ability to service customers, or the ability to maintain market share is often not practical'¦. The primary function of business insurance is to provide a hedge against loss or damage. A disaster recovery and business continuation plan, however, has three objectives: 1) Prevent disasters from happening; 2) Provide an organized response to a disaster situation; 3) Ensure business continuity until normal business operations can be resumed."

It is essential, then, that small businesses take the time and effort to construct comprehensive disaster and recovery plans if they hope to weather unwelcome interruptions in business operations in good financial and market condition. "Some call it Crisis Management," remarked Building Design & Construction magazine. "Others call it Disaster Management, Emergency Preparedness, Business Resumption, or Contingency Planning. The newest 'buzz word' is Business Continuity Planning. It really doesn't matter what it's called as long as your company does it."

CREATING A DISASTER AND RECOVERY PLAN

"It is not easy to recognize the hundreds of hazards or perils that can lead to an unexpected loss," wrote Susan Anastasio in the SBA's Small Business Insurance and Risk Management Guide. "For example, unless you've experienced a fire, you may not realize how extensive fire losses can be. Damage to the building and its contents are obvious, but you should also consider: smoke and water damage; damage to employees' personal property and to others' property (e.g., data-processing equipment you lease or customers' property left with you for inspection or repair) left on the premises; the amount of business you'll lose during the time it takes to return your business to normal; the potential permanent loss of customers to competitors."

Of course, many other types of disasters can strike a business as well, ranging from those triggered by natural events such as floods, tornadoes, earthquakes, or hurricanes, to those that come about as a result of localized environmental problems, like water main breaks, work force strikes, power outages, hazardous materials spills, explosions, and major transportation mishaps (aircraft crash, train derailment, etc.). In addition, damage that is the direct result of premeditated human actions such as vandalism, sabotage, and arson can also be classified as a disaster.

The first step in creating a strategy (or reviewing existing contingency plans) to protect a company from these and other events involves mustering the necessary business will to undertake the challenges associated with the task. However, business observers contend that many companies fail in this regard. "The fact is that the majority of private-sector management is still reluctant to allocate the necessary time, staff, or funds to prepare and plan for the possibility of a disaster that may put them out of business," according to Building Design & Construction. Myers agreed that this tendency to give short shrift to disaster planning is a common one, observing that "when the economic climate is favorable, contingency planning is last on the list of things to do; when profits are down, contingency planning is the first item to be cut from the budget."

Small business owners, then, need to make sure that they devote adequate resources to disaster preparedness and recovery planning before beginning the process. Indeed, Levitt said that contingency planning efforts are ultimately doomed if they are undertaken without top management commitment, involvement, and support; participation of front line managers and staff teams in both planning and implementation; and ongoing communication with all constituencies of the business.

Once a business's leadership has decided to invest the necessary time and effort into the creation of a good disaster preparedness and recovery plan, it can proceed with the following steps:

Determining Vulnerabilities "Begin the process of identifying exposures by taking a close look at each of your business operations and asking yourself what could cause a loss," counseled Anastasio. "If there are dozens of exposures you may find dozens of answers'¦. Many business owners use a risk analysis questionnaire or survey, available from insurance agents, as a checklist." These questionnaires will typically address the business's vulnerability to losses in the areas of property, business interruption, liability, and key personnel, among others.

Obviously, this component of disaster preparedness planning—often referred to as risk management—needs to be comprehensive, covering all aspects of business operations, including telecommunications, computer systems, infrastructure, equipment, and the facility itself.

 1 | 2  NEXT