Top tips for a business continuity/disaster recovery plan that works

When a crisis breaks, employees and other stakeholders must know for certain what actions need to be undertaken, and who is responsible for them, says Karen Humphris, senior manager: Advisory at ContinuitySA.

Johannesburg, 16 May 2019
Read time 3min 10sec

According to research conducted by the Business Continuity Institute in 2019, 71% of organisations activated their response plans at least once over the past year.

"This finding is consistent with the previous year's survey, and indicates just how important it is to have a response plan that works well," says Karen Humphris, Senior Manager: Advisory, ContinuitySA, Africa's leading provider of business resilience services.

Based on ContinuitySA's three decades of experience, she offers the following tips to ensure an organisation's business continuity and/or disaster recovery plan performs as desired when the chips are down:

* Establish clear roles and responsibilities. When a crisis breaks, employees and other stakeholders need to know for certain what actions need to be undertaken, and who is responsible for them. This should include clearly identifying who has the authority to declare a disaster and invoke the appropriate plan.

* Think resilience. Plans must not only provide sufficient guidance, but must be flexible enough to address any event. A good idea is to structure the plan around dependencies, and to provide enough detail to allow for it to adapt to different scenarios. A common mistake is for plans to be too inwardly focused. It is also very important that plans are practical and user-friendly: role-players must be able to navigate efficiently through an event.

* Don't focus on IT alone. IT is critical, of course, but the BCP must look at the big picture, and cater for all dependencies. These would include key staff, specialised equipment, IT system/application requirements, key third-party service providers and site requirements.

* Make provision for emergency response and crisis management, including crisis communication. The first response is vital, especially from the point of view of ensuring the safety of employees and others. As the crisis unfolds, well-crafted and accurately disseminated communications are vital not only in keeping staff informed (and thus maintaining morale), but also in ensuring that the outside world gets the right messages. Poor crisis communication can irretrievably damage brand reputation.

* Refresh role-players' awareness and understanding of the BCP and DRP continually. Don't assume that role-players know what they have to do, or will remember over time. The plans need to be kept alive for them.

* Consider a mobile app. An app can ensure that plans are activated and executed timeously; they also enable the constant exchange of information between role-players, thus increasing the chances of success.

* Take out cyber insurance. While IT should not be the focus of BCPs, its importance as the platform for modern business means it is a key vulnerability. Over the past two years, the Business Continuity Institute's Horizon scans indicate that cyber security has become the number one threat to organisations. Cyber insurance does not only cover liabilities, it can also provide access to specialised skills like lawyers, forensic investigators and crisis communication specialists.

* Engage a specialist business continuity provider to undertake gap analysis. This will reveal the organisation's current state of readiness and also any shortcomings in the existing BCP and DRP. A maturity assessment should also be performed periodically to ensure the plans are constantly enhanced.

* Test, test, test. Your BCP and DRP might look good on paper, but it needs to be tested regularly. This is the only way you can be sure they work and that everybody knows what they have to do.


ContinuitySA is Africa's leading provider of business continuity management (BCM) and resilience services and has been helping the continent's public and private organisations become more resilient for more than 30 years. Delivered by highly skilled experts, its fully managed services include ICT and cyber resilience, enterprise risk management, work area recovery and BCM advisory, all designed to enhance business resilience in an age of escalating threat. By helping clients understand their risk profile, and then develop an appropriate risk-mitigation strategy, including the ability to recover swiftly from a disaster, ContinuitySA provides peace of mind for all stakeholders.

ContinuitySA operates the continent's biggest network of recovery centres, with more than 20 000m2 of space in Gauteng (Midrand and Randburg), the Western Cape (Tyger Valley), in KwaZulu-Natal (Mount Edgecombe) as well in Botswana, Mozambique, Kenya and Mauritius.

ContinuitySA is a Gold Partner of the Business Continuity Institute (BCI) and was inducted into the prestigious BCI Hall of Fame in 2016. It is also a Gold Partner of Veeam, a leading global provider of software enabling disaster recovery as a service and backup as a service.

ContinuitySA. Our business is keeping you in business.

Additional information about ContinuitySA can be found at Network with ContinuitySA on Google+, LinkedIn, Twitter and Facebook.

Editorial contacts
Warstreet Marketing Rebecca Warsop (083) 252 9347
Have your say
Facebook icon
Youtube play icon