Plan Now, Or Pay Later

Week after week, month after month, warnings flood e-commerce, and brick-and-mortar enterprises, about the technology we all have come to depend on at home and at work. New threats from viruses, hackers or just bug-filled software make the cliche, “Can't live with it, can't live without it” an increasingly accurate descriptor of our high-tech world.

But could we really live for long without our computers? Instead, long before anyone worried about the virus of the day, businesses planned against disaster to avoid any type of disruption to the many devices we rely on.

September 11 starkly reminded everyone of the human toll of sudden loss, but it doesn't take a terrorist attack to cripple a business dependent on its technology. For example, a building fire, severe storm or power outage could block access to critical systems or office data for days. The simple loss of a laptop loaded with confidential data, or a disgruntled employee's sabotage, can wreak havoc.

Partnerships Require Disaster Proof Networks

The risks don't stop at the door of one's own firm, either. In today's world of cost-cutting driven thin inventories and just-in-time procurement, a business must assess risks to its suppliers, as much as it must determine its own vulnerabilities. A crippling problem at a key supplier or a firm's own business could shut either down fast.

Fortunately, business-continuity planning, a fairly old phrase that has become buzz in the business world because of the importance of actually executing this valuable practice, can lessen the business hardships that disasters bring. Even though we can't eliminate weather emergencies, employee problems or, unfortunately, terrorist risks, businesses can try ' in advance ' to mitigate the effects of these incidents.

Although the right protection will be different for each firm, most companies can benefit from many basic risk-control techniques.

For example, diversification reduces vendor-selection risk, as well as the risk of making investments. When a recent UPS strike overwhelmed the capacity of other shippers, they often gave existing customers priority. Having multiple vendor accounts in place, without any set-up delays, may reduce recovery time.

Decentralization and redundancy are techniques commonly used to limit business risk. For example, advance plans to allow employees to telecommute, such as providing ahead of time access to equipment and communications networks, can keep work flowing during temporary power or technology outages. A back-up Web site ' or a so-called dark site ' can be established, in advance, as an information source for employees when other communication channels are down.

Training multiple employees for critical tasks ' the somewhat old but often critically valuable practice of cross-training ' can also prove invaluable if illness or other problems keep a key employee out of work. In sales particularly, customers might be more likely to remain loyal after a company loses an employee if they already know their new account representative, whether the loss is due to a disaster or is simply a defection to a competitor.

Even the accounting department can prepare for emergencies. Immediately creating a separate account for all expenses related to loss recovery will allow insurance claims to be filed more quickly. Such a separate account will also make it easier to distinguish insured losses from routine expenses that are not covered ' and expedite claim payment.

If a firm depends on key suppliers, a little used form of business-interruption insurance is available to protect a firm against covered losses among suppliers. More easily, and probably cost-effectively, good planning should include discussing the suppliers' plans for continuity, so that any company's own plans can cover gaps that may develop.

Not Just The Least You Can Do

Perhaps the greatest message of business-continuity planning is that every firm must have a plan, prepared in advance. If possible, that plan should be tested in a dry run. The morning of a crisis is not the time to wonder whom to call or where to look for information, because, regardless of the problem that launches personnel into action, customers and employees will still expect services and paychecks.

Many firms put off such planning to attend to the press of normal business, because their officers, and even rank-and-file employees, feel that a disaster isn't likely to happen. That head-in-the-sand approach is as short-sighted as a private house owner not carrying homeowners' insurance, or someone not storing key documents in a fire-resistant location.

In fact, firms with fiduciary or other legal responsibilities legally can't ignore such planning. Regulators may insist on seeing such plans. Even unregulated businesses should consider act-of-God clauses in major contracts to limit responsibilities after a disaster.

At a minimum, a good continuity plan must designate a crisis leader. That individual will be responsible not only as the point person should a crisis occur, but also to strong-arm everyone in the firm to cooperate in creating the plan.

Recovery from a disaster, big or small, can be expensive and time-consuming for any firm, but planning to avoid those problems, whatever the cost, will almost always be cheaper than fixing them after they occur.

Week after week, month after month, warnings flood e-commerce, and brick-and-mortar enterprises, about the technology we all have come to depend on at home and at work. New threats from viruses, hackers or just bug-filled software make the cliche, “Can't live with it, can't live without it” an increasingly accurate descriptor of our high-tech world.

But could we really live for long without our computers? Instead, long before anyone worried about the virus of the day, businesses planned against disaster to avoid any type of disruption to the many devices we rely on.

September 11 starkly reminded everyone of the human toll of sudden loss, but it doesn't take a terrorist attack to cripple a business dependent on its technology. For example, a building fire, severe storm or power outage could block access to critical systems or office data for days. The simple loss of a laptop loaded with confidential data, or a disgruntled employee's sabotage, can wreak havoc.

Partnerships Require Disaster Proof Networks

The risks don't stop at the door of one's own firm, either. In today's world of cost-cutting driven thin inventories and just-in-time procurement, a business must assess risks to its suppliers, as much as it must determine its own vulnerabilities. A crippling problem at a key supplier or a firm's own business could shut either down fast.

Fortunately, business-continuity planning, a fairly old phrase that has become buzz in the business world because of the importance of actually executing this valuable practice, can lessen the business hardships that disasters bring. Even though we can't eliminate weather emergencies, employee problems or, unfortunately, terrorist risks, businesses can try ' in advance ' to mitigate the effects of these incidents.

Although the right protection will be different for each firm, most companies can benefit from many basic risk-control techniques.

For example, diversification reduces vendor-selection risk, as well as the risk of making investments. When a recent UPS strike overwhelmed the capacity of other shippers, they often gave existing customers priority. Having multiple vendor accounts in place, without any set-up delays, may reduce recovery time.

Decentralization and redundancy are techniques commonly used to limit business risk. For example, advance plans to allow employees to telecommute, such as providing ahead of time access to equipment and communications networks, can keep work flowing during temporary power or technology outages. A back-up Web site ' or a so-called dark site ' can be established, in advance, as an information source for employees when other communication channels are down.

Training multiple employees for critical tasks ' the somewhat old but often critically valuable practice of cross-training ' can also prove invaluable if illness or other problems keep a key employee out of work. In sales particularly, customers might be more likely to remain loyal after a company loses an employee if they already know their new account representative, whether the loss is due to a disaster or is simply a defection to a competitor.

Even the accounting department can prepare for emergencies. Immediately creating a separate account for all expenses related to loss recovery will allow insurance claims to be filed more quickly. Such a separate account will also make it easier to distinguish insured losses from routine expenses that are not covered ' and expedite claim payment.

If a firm depends on key suppliers, a little used form of business-interruption insurance is available to protect a firm against covered losses among suppliers. More easily, and probably cost-effectively, good planning should include discussing the suppliers' plans for continuity, so that any company's own plans can cover gaps that may develop.

Not Just The Least You Can Do

Perhaps the greatest message of business-continuity planning is that every firm must have a plan, prepared in advance. If possible, that plan should be tested in a dry run. The morning of a crisis is not the time to wonder whom to call or where to look for information, because, regardless of the problem that launches personnel into action, customers and employees will still expect services and paychecks.

Many firms put off such planning to attend to the press of normal business, because their officers, and even rank-and-file employees, feel that a disaster isn't likely to happen. That head-in-the-sand approach is as short-sighted as a private house owner not carrying homeowners' insurance, or someone not storing key documents in a fire-resistant location.

In fact, firms with fiduciary or other legal responsibilities legally can't ignore such planning. Regulators may insist on seeing such plans. Even unregulated businesses should consider act-of-God clauses in major contracts to limit responsibilities after a disaster.

At a minimum, a good continuity plan must designate a crisis leader. That individual will be responsible not only as the point person should a crisis occur, but also to strong-arm everyone in the firm to cooperate in creating the plan.

Recovery from a disaster, big or small, can be expensive and time-consuming for any firm, but planning to avoid those problems, whatever the cost, will almost always be cheaper than fixing them after they occur.