Q. I am looking for specific ways that I can strengthen our business continuity program both internally and externally. In today’s challenging economy, I want to make sure that we are doing everything that we should. Are there any best practices on this?
A. In planning to enhance an existing business continuity program, we ask, “What do I hope to achieve?” and then identify the specific objectives. Regular evaluation of programs and activities provides needed metrics and probably is one of the motivating factors to enhance the program. Here are some best practices that can help, which can be modified to fit your needs.
Inviting major suppliers, as well as local police and other first responders, to participate in tabletop exercises can be very useful in helping to strengthen response capability and enhance relationships. For example, you might develop an exercise that gets the major supplier involved in an activity that demonstrates how an effective business continuity program can significantly impact them.
Equally, hosting a company/supplier/first responder tabletop exercise can build critical connections as well as develop external partnerships. More importantly, understanding how police and fire would respond in a crisis situation could identify critical emergency response resources that you were not aware of. The value is that the company enhances their level of crisis management through tabletop exercising by integrating major suppliers and/or first responders into the process.
During a recent tabletop exercise, the value of developing external partnerships became apparent. An investigator with the Federal Railroad Administration was participating who shared with everyone that in the past they had shut down a rail line for over a week in order to investigate a train accident due to suspected sabotage. Clearly, losing your main rail line for seven days or more could seriously impact business operations. This external partnership provided insight into how a company can build resilience and sustainability into shipping and receiving operations through collaborating with external entities.
Risk, threat, or vulnerability assessments should be conducted on all business departments within the company and, again, be sure to include first responders. Engage nontraditional business units in assessing risks, as there could easily be unknown critical impacts. Additionally, this process can further relationships with internal stakeholders.
Require major and critical suppliers to allow you to participate in their assessment processes. For example, some businesses have extended the assessment process to involving the public sector, such as a large upscale shopping mall inviting the local police and fire liaison to review the process, resulting in the mall modifying their strategy as a result of learning new information.
There is great value in identifying and managing risks through engaging non-traditional partners that will enhance program impacts.
Emergency response is a critical component of a business continuity program. Are the right stakeholders involved in response activities? For example:
- If it appears that the company’s response capabilities are spread thin, then look deeper into the company for other nontraditional units that could assist in some capacity.
- Part of the business continuity program should have established relationships with police, fire, health, and emergency management officials.
- Contact adjacent businesses to your facility to discuss how area businesses could form joint response capabilities.
The value is an enhanced company response program that incorporates joint responsibility through collaboration.
In auditing the business continuity program start first with completing a needs evaluation, then plan the objectives based upon what those needs are. After that, start identifying internal and external stakeholders. Always review your plan with the leadership to ensure support. Finally, be persistent, positive, and start building the business continuity program through relationships and task performance.
Answer provided by Brit Weber, Security Executive Council Subject Matter Expert Faculty.