GOOD PRACTICE Business continuity plan - why your company should have it

The pandemic has made companies aware that although it is impossible to predict all the black scenarios, having a solid business continuity plan sometimes makes a difference between “to be” and “not to be”.

When in March 2020 it turned out that remote work was a necessity, we were ready. We went into home-office mode almost overnight, and soon our office building closed completely. After establishing communication channels and weekly inter-departmental meetings to discuss current events, we became one hundred percent virtual.

Administration, IT support, customer support, sales, marketing – every area of ​​our work was now functioning online, and we didn’t even know when we would be able to return to the office. Not until two months had passed that we started our slow returnal to the company, and we are still not able to gather the entire team there late June due to security regulations. How will we remember this challenging period?

We know that not all companies offer a digital product, and thus, are not able, at least in theory, to smoothly switch to work in remote mode. After all, it’s hard to expect a furniture manufacturer to suddenly abandon production lines and switch to selling three-dimensional CAD models of his products, unless, of course, they decide to tailor the offer to the needs of The Sims fans. However, even while observing the digital market, we saw how much difference a well-structured business continuity plan makes. The peace of mind, which is one of our core values, could not take a more tangible form.

The pandemic has made us look very carefully at the level of organization in the company. BCP (business continuity plan) usually assumes adequate prevention of the risk of losing business continuity – and the epidemic is one of the main factors preventing business operations. In such a situation, it is worth remembering not only about securing the supply chain or providing personal protective equipment for employees, but also, which is not so obvious, about tools such as an electronic signature, the lack of which can drastically limit the decision-making of the company’s management board when the physical contact of its members is limited or impossible.

It is also important to properly train employees, familiarize them with the procedures, set duties to be performed when disruption of business continuity occurs and plan many other issues. What difficulties a company may face
we often learn only when they appear right in front of us. Meanwhile, many BCP issues can (and should) be considered in advance. For example, it is worth asking yourself whether the company knows how to comply with the provisions of the GDPR while working remotely? Do employees use secure networks when working from home? Do we have optimal MDM (mobile device management) solutions at place? Indeed, in connection with the restrictions that were forced upon them, entrepreneurs were most surprised by administrative and technological issues.

So, the better the business continuity management system is implemented, the smaller the financial losses for the company and the more room for maneuver when difficulties arise. In no case is this an unnecessary effort, which has been confirmed in the last few months numeorous times.

Looking at the continuity plans of IT systems, companies are usually much better prepared in this regard. IT Continuity Plan is a standard somewhat inscribed in the functioning of the IT department. This is a well-known saying that the work of an IT team is based on putting out fires and patching holes. Therefore, IT departments relatively easily adapted to remote work (in a sense, they work in this mode on a daily basis). Procedures in case, for example, the server will fail or the system will detect a threat, they must be developed on an ongoing basis, therefore the pandemic and the need for remote work were not a major challenge for IT departments.

However, good ITCP is not just backup and VPN for engineers. It is primarily the entire Disaster Recovery infrastructure, to which we can switch our systems in the event of a backup infrastructure failure, preferably several hundred kilometers away, which further minimizes the risk of failure in both server rooms simultaneously.
One of the important parameters of the IT Continuity Plan is also RPO. RPO (recovery point objective), i.e. a data recovery point, e.g. at the level of 15 minutes, means that data from the main server room is copied to the backup server room every quarter of an hour, so in the event of a failure of the main server, the client will lose work progress from the last quarter at a maximum.

In turn, the RTO (recovery time objective) parameter means the time necessary to switch the service to a backup environment (Disaster Recovery). Designing RPO and RTO consider various failure scenarios and develop detailed procedures, and then test them with the team, so you’ll be prepared for (almost) every situation.

Due to the fact that we operate in the industry of confidential information protection, we care for security and business continuity very precisely. In the end, the liquidity of proceedings in our clients’ deals, often multi-million-dollar, is at stake. During 11 years we have developed strict rules of conduct. Our Business Continuity Coordinator describes the recently implemented continuity tests as follows:

“We have created the opportunity for team members to practice roles and responsibilities, as well as the possibility of group discussion on procedures. We wanted individual people not only to be prepared to carry out their tasks in the event of a failure, but also that the customer service team had the opportunity to ask questions that the project team may not have asked themselves before. We wanted everyone to understand the so-called “Big picture”. We regularly update procedures to ensure continuity and conduct retests every year.”

This year our continuity tests took place just before the pandemic. The tests involved an almost completely different team from the one who developed the original assumptions, and yet we did not encounter major difficulties.
Since we run tests regularly, and any incidents that occur during the course of each “review” seal our system even more in case of difficulties, we are confident that even a pandemic will not interrupt users at work. And this is the main goal of the entire undertaking.

And the VDR system itself is, in a sense, a component of business continuity plan of our customers’. With its help, any company will be able to smoothly transfer processes requiring confidentiality into remote mode, such as obtaining crediting, restructuring, auditing, conversations with contractors and lawyers, working on sensitive documents and many others. The need to work remotely does not have to involve the suspension or cancellation of projects involving external partners and clients of the company. They can be effectively run in a Data Room. Read more on how to choose a Virtual Data Room effectively.

We all want to believe that a pandemic as surprising as the COVID-19 will not be repeated but in spite of this preparation of BCP should not be postponed. Any delay in operations and inability to make decisions, as in the case of a pandemic, means business losses. And this is just one of the reasons why BCP should always be there.