Business Continuity Planning for SMB


Depending on the region(s) your business is located in, catastrophes can take the form of earthquakes, floods, building fires/ wildfires, tornadoes, or hurricanes.  These only account for some of the potential natural disasters. Add to that the Hard drive crashes, threats faced from computer viruses, malwares, and hackers, and there is certainly enough to require detailed Business Continuity planning

Over the course of past few years, businesses have come to depend almost 100% on computerized information systems that run the day-to-day operations.  While this creates ease and less of a need for paper storage which can easily be lost or damaged, there can be serious consequences if the computerized information system is disrupted even for an hour.

Planning should not be limited to IT. Anything that could disrupt the business can cause chaos and loss. What is needed in order to stop and avoid the ensuing panic, is a plan on exactly what steps need to be taken to return back to normal operation or “Business Continuity”. One that goes beyond resuming business, and allowing you to continue to make money in the event of a major disruption.  Although IT network may seem the most critical, the company must have a plan in place where every business function has been considered.  Too often companies assume the likelihood of a disaster to be low, so they do not plan for it, resulting in a huge loss of revenue.



 Employees in every department must work together according to the plan, knowing their roles in a disaster.  While servers may be critical to being rebuilt in a certain amount of time, some businesses may be concerned with receiving supplies first.  Employees must know their roles ahead of time to ensure the best flow of business continuity.


Risk Assessment

 Risk assessment analyzes the outcomes of possible dangers if and when they occur.  For each type of disaster there are different possible outcomes that need to be assessed.  Personal injury should be first and emergency arrangements need to be put into place.  Individual employee situations must be taken into account, with considerations as to why they may not be able to return to work immediately.



 Having a Business Impact Analysis is necessary to business continuity as it considers many facets of the disaster situation.  The BIA will determine what needs to be reacquired and the timeframe you have to do it in.  It analyzes the importance of time sensitive business procedures and consequences of loss. This plan should include identifying the employees that are leaders and can perform emergency assignments, and establish ways to communicate if phone networks are down.  There additionally has to be practice responding to an emergency situation as well as partnering with local emergency response organizations.  Who will take over if CEO is unable to provide the required duties.  Financial impacts from a disaster need to be known following the risk assessment which can include:


  • Lost income
  • Extra costs including overtime pay
  • Delay in income or sales
  • Fines & Penalties
  • Customer loss due dissatisfaction


You need to ensure that staff are able to connect to the Information System from an alternate location or even their homes to remain in touch with company operations.  They should additionally be able to remain in touch with all co-workers to continue collaboration.  Employees need instructions on who ranks in importance and who to contact first in terms of customers, vendors, investors, and partners.

Disaster drills that are a surprise and realistic are a helpful part of the plan as the company will know how the staff will react physically and emotionally.  The employees will get a chance to practice their roles and how to use the remote access, and be evaluated on their performance. The drills will point out what areas of the business continuity plan need to be changed and what aspects work well.


Interim Measures

 In the situation where a disaster has occurred, interim measures must be planned for and implemented following the risk assessment.  For example, the recovery of IT systems may include relocating their operations to a different site that should have been established in the BIA.  Other factors to consider are the use of substitute equipment that may not be as familiar to the IT department, or a plan to outsource work to a non-affected area.  All costs must also be accounted for in the BIA.

Business continuity plans are important and it is best if they are handled by professionals.  While we can assist you with all the IT related planning, we encourage you to visit the links below for information on how to deal with the rest of the organizational preparedness: