By: Ma. Barrehan Flores, ISO 27001 LI, Information Systems Assurance Senior Analyst

The COVID-19 pandemic has undeniably affected businesses, particularly Micro, Small, and Medium Enterprises (MSMEs), which account for more than 90% of the country’s private sector. Government-imposed quarantines, consumer behavior and supply chain changes, massive workforce disruptions, and a decrease in cash flow have all forced MSMEs to reevaluate their current business models and adapt to the new normal. Lack of business continuity or contingency plans in the event of major disasters, such as the pandemic, is also a contributing factor, leaving companies afloat – with no means of moving forward.

Business continuity planning plays a crucial role in ensuring continuity of operations in case of disasters – Business-As-Usual (BAU), to say the least. However, many companies do not have a Business Continuity Plan (BCP) – or do not even consider having one.

What is a Business Continuity Plan?

Disasters can happen at any time – without warning – and they may disrupt your business operations – or, in the worst-case scenario, even shut them down for good. When a disaster occurs, a BCP should focus on how your operations can continue under the worst circumstances imaginable. Having a BCP will not just allow your organization to survive through any crisis, but also to thrive in the future.

Common Reasons for Not Having a Business Continuity Plan

There are many misconceptions about business continuity planning. The most common assumptions made by MSMEs for not having a BCP are the following:

 “Our insurance shall cover losses.”

It is the most common misconception. Insurance covers your losses, but not all of them. In the event of death, any legal/regulatory violation, or even loss of reputation, your company will not be insured. You may implement insurance in conjunction with your BCP to create an added layer of asset security.

 “It is just an expense. We can’t afford it!”

Because companies are in business to secure profits, planning and mitigation measures are often compromised. A BCP involves necessary resources such as people, budget, and time, which companies may see as too much expense for something that has not even happened yet. However, threats like data breaches and cyber-attacks may cause significant financial and reputational losses to the company and preparing for such events is important.

“We have no time!”

A BCP involves a great deal of time, expertise, and knowledge. With companies constantly focusing on innovation and revenue growth, having a BCP may not always be worth the time, money, and effort it takes to develop one. This is a common misconception that can lead to a significant loss of revenue along with the possibility of closure.

Preparing for the Next Disaster

It is critical to establish a BCP with flexibility in mind as you prepare for the next normal. Your plan should include not only pandemic preparations but also a wide variety of crisis events. It will also ensure your employees’ safety and the viability of excellent service delivery to your clients and communities. To reshape your organization to prepare and adapt to the threats of future disasters, the following are the key focus areas:

Identify and Assess

In developing your BCP, start by identifying and assessing your vulnerabilities and the level of risks your business faces. Establish your risk profile in terms of impact on your People, Processes, and Technology (PPT).

Develop the Plan

Based on the results of your risk assessment, establish a Business Continuity Plan. There are several methodologies for developing a robust plan, but you may use the following as a reference:

Step 1: Identify your key products and services
Step 2: Define the objectives of your Plan.
Step 3: Evaluate the impacts of disruptions on your business and people.
Step 4: List your mitigation measures to minimize impacts.
Step 5: Develop and maintain your communications plans
Step 6: Maintain, Review, and continuously improve your Plan.

Implement and Act

Once you have developed your BCP, regularly test and improve its effectiveness. Ensure to document the testing results and embed a BCP in all your existing and new processes.

Disasters can occur at any time, and in the worst scenario, you may lose all your business. In this case, the BCP is invaluable. It will allow you to continue your operations and maintain viability even in the most uncertain times.

If you do not have a Business Continuity Plan, Exceture, Inc. can assist you in developing, implementing, and maintaining your plan.

Exceture, Inc. has proven management system consultancy expertise providing a fast-track planning and implementation of your BCP. Our goal is to achieve optimum results keeping business disruption to a minimum while keeping it within your budget.

Also, we take an integrated approach to compliance by aligning your BCPs with your needs for Risk Management, Information and Cyber Security, and Data Privacy.

Contact us today at [email protected].