A catastrophe, by definition, is an event that causes great and often sudden damage or suffering. Catastrophic events, such as those caused by natural disasters, are difficult, if not impossible, to fully predict yet recent events have shown us that preparing for the unpredictable is critical to business survival.

According to the Federal Emergency Management Agency, 40% of small businesses will not reopen after a natural disaster. One year later, 25% more affected small businesses will close. By year three, 75% without a business continuity plan will fail.

In 2018, droughts, hurricanes, flooding, and wildfires caused $225 billion in economic losses around the world, according to the Weather, Climate & Catastrophe Insight 2018 Annual Report.

Because these catastrophes are low-probability events, many businesses fail to plan for their aftermath in the form of a business continuity plan. Here are four keys to helping your business continue to operate in the wake of a natural disaster.

1. Analyze the Business Impact

If a wildfire were to run through the town of your business headquarters, how would your business be affected? If an earthquake were to destroy the warehouse where your inventory is held, what would be the impact? Ask the same of each type of natural disaster. These very fundamental first questions are critical to forming your business continuity plan. By analyzing the business impact in this specific and personal way, you can begin to see how you will need to prioritize critical business functions and determine which processes are most critical to recover, how quickly they must be recovered after a disaster, and how much you are willing to pay to protect them.

2. Assess the Risks

How likely is it that you will face a wildfire, hurricane, earthquake, tsunami, etc.? Create a list of potential disasters and prioritize them based on their severity and likelihood of occurrence. Remember that by their very nature, natural disasters have a statistically low probability of occurrence so we’re really talking about the likelihood based on a relative scale. Looking at potential disasters this way will help you determine which should attract the most attention during your business continuity planning.

Another aspect of assessing the risks is to look at the recovery plans you have in place now compared to what would be needed. How wide is the gap? The wider the gap, the greater the possible threat.

3. Prepare the Plan

With insight from the first two steps, you can formulate your business continuity plan (BCP). The plan should document strategies and procedures to maintain, recover, and resume critical business functions and processes and it should include procedures to execute the plan priorities for critical and non-critical functions, services, and processes.

Unlike a more general business disruption event, such as a small localized fire or a burglary, catastrophic natural events tend to impact a wider area and have a much longer recovery time frame. The focus often starts with limiting the loss of life and crisis management. As such, your continuity plan needs to have elements you might not normally think of including. Here are some of those elements:

1. Ensure fire protection systems, generators, redundant systems, and gas tanks are in proper working order, filled, and fully secure.
2. Work with local police and fire departments to have procedures in place for receiving and responding to warnings from outside agencies and emergency responders.
3. Designate a crisis response person(s) and have internal and external communications prepared in advance.
4. Review your emergency preparedness and evacuation plans for everyone in the building. Identify and designate safe areas in the building, such as an interior reinforced room or bathroom, for different scenarios.
5. Ensure the emergency supply kits are fully stocked with water, medical supplies, batteries, flashlights, etc.

For additional ideas, the Federal Emergency Management Agency (FEMA) has prepared comprehensive emergency preparedness materials to help with disaster preparedness.

4. Test the Plan

Your business continuity plan will be a living, breathing document that will need to be updated, practiced, and tested regularly. Here are some considerations:

• Develop training, testing, and maintenance schedules
• Conduct training with the business continuity planning team
• Conduct orientations for all team members, customers and/or clients, as applicable
• Perform a business-wide simulation exercise to test elements of the plan. Have a small group develop the simulation but keep the details under wraps so that the team doesn’t know what to expect.
• Perform a post-simulation review to uncover weakness or gaps in the plan
• Update the continuity plan to include lessons learned
• Continue to test the plan two to four times a year, keeping an eye to business processes, infrastructure, or personnel that may have changed in the interim

The main factor that puts businesses at risk, post-catastrophe, is their failure to prepare. If you’d like help getting started with a business continuity plan, we welcome you to request a conversation with a risk management expert.

To stay prepared, organizations must expect the unexpected. Business Continuity Planning (BCP) addresses the need to have contingency plans in place to deal with potential threats that can turn an organization on its head. Continuity planning is a necessary part of coming out on top in the face of the most challenging circumstances such as a natural disaster, a significant market crash, or a serious hit to a company’s brand or reputation.

As a risk manager, CEO, or any party responsible for the long-term success of an organization, you need to have a plan in place to clearly outline what you would do if the worst were to happen tomorrow. Here are four phases to putting your BCP in place.

1. Business Impact Analysis (BIA)

The first step to building your company’s BCP is to consider the potential impact of each type of disaster or risk event that your company may face. For example, a company in the finance industry may consider the role of the stock market, data breaches, or the possibility of a fraud scandal. The BIA helps you discern which processes are the most critical to recover or initiate in a state of a disaster and assigns a monetary value to the protection of assets involved in specific business processes.

Key goals of the BIA should include:

1. Identifying the impact of uncontrolled events
2. Prioritizing critical functions
3. Establishing maximum tolerable outages

2. Risk Assessment

Upon identifying the impact of the risks facing various functions across your business, the next step is to determine the potential magnitude of these risks. This is a critical assessment to perform, as it helps establish which risks should be most emphasized in the BCP. Priorities can be established by looking at which risks are most likely to occur to determine the breadth of coverage for your company’s BCP. To do this, you can run a gap analysis to compare your company’s current contingency plans against that of the proposed risks to identify any holes you need to fill. With knowledge of these gaps, you can analyze various threats to identify their respective impact.

To aid in this process, it is helpful to work from a list of potential emergencies or viable threats as well as the likelihood and impact of such events such as to personnel, assets, or monetary impact. These can help formulate different scenarios to plan for, such as natural disasters or terrorist threats, as well as minor events such a power outage.

A best-practice risk assessment report should cover the following:

• Summary of Business Operations
• Risk & Vulnerability Analysis
• Critical Support Infrastructure
• Physical Environment
• Recovery Time Objectives
• Business Recovery Strategies & Priorities

3. Business Continuity Plan Preparation

During this step, the BCP is developed, taking into account the likelihood, magnitude, and potential impact of the risks that were identified in the previous step. The BCP preparation stage will take it a step further by documenting strategies and procedures to maintain, recover, and resume critical business functions as quickly as possible. Part of this preparation will entail a list of procedures to address priorities for critical and non-critical functions, services, and processes.

The BCP should include:

• Business Operations
• BCP Organization
• Plan Activation & Operation
• Preparation & Readiness Checklists
• Emergency Operations
• Facility Restoration & Relocation
• Emergency Communications
• Emergency Forms & Terms
• Incident-Specific Response Checklists

4. Business Continuity Plan Testing and Table Top Exercises

Once a plan is established, it’s time to put it to the test with table top exercises. During this final step, key staff members and management will come together to simulate their response to various emergency situations that were identified as likely risks. Using the procedures outline in the BCP, these exercises will identify gaps in the plans to improve them in a controlled setting. This process can also help establish the different roles and responsibilities across team members.

When it comes to risk mitigation, hope for the best but plan for the worst. Take your risk planning to the next level by getting started with your Business Continuity Plan. Talk to a risk mitigation expert today.