In a previous post, we began a discussion on the topic of business continuity planning. Business continuity planning is the process of identifying, planning mitigation for, and practicing to mitigate potentially existential threats to an organization.
In the first post, we discussed this concept broadly. Over the next few posts, we’ll look at the process for preparing for such events.
First, we start with identifying potential risks.
Risk Categories
Risk Management Monitor groups business continuity events into four categories:
- Effects on facilities, making them inaccessible or unusable;
- Effects on operational capability, such as supply-chain interruptions, processing errors, or staff unavailability,
- Effects on technology; and
- Effects on the organization itself, ranging from financial problems to intellectual property rights.
This can be a useful starting point to brainstorm the types of risks facing your organization.
General Risks
While certain risks are more likely to impact some businesses than others (more on that below), there are some risks every organization faces: loss of key staff, financially crippling legal costs, loss of a key customer or supplier, etc.
What Keeps You Up at Night?
Now, when we start thinking about the risks specific to your business, one of the first steps is to follow your gut. What keeps you up at night? Is it the thought of a proprietary piece of information finding its way to a competitor? A data breach? Negative publicity among a key group?
Watch the News and Be a Student of History
There are pros and cons of having competitors in your industry. One of the pros is you can learn from their successes and—often more importantly—their mistakes. What are the risks that have taken down companies in your field?
It can be difficult to brainstorm the types of business continuity risks that face your organization. Some may seem farfetched and extremely unlikely. Indeed, the types of risks considered in business continuity training typically are rare events—unlikely to occur but with potentially business-ending consequences.
In the next two posts, we’ll look at how to develop strategies to mitigate the risks you do identify and the process for drilling your key staff on those mitigation strategies.