The TCS Blog rss

  • Home
  • Why You Need to Create a Business Resiliency Plan and How to Start One

The TCS Blog

Why You Need to Create a Business Resiliency Plan and How to Start One

By: Total Computer Solutions

Two creative millenial small business owners working on social media strategy brainstorming using adhesive notes in windows

A Business Resilience Plan provides insight into resuming a set level of operation following a disruption. Many businesses have prepared their employees to act in situations concerning a fire, hurricane, flood, or power outage.  

But many were not prepared for the significant changes made at the beginning of the COVID-19 shutdown. Businesses have become more resilient, forced to become more flexible, and abide by stricter guidelines. People have adapted to new ways of working, marketing, and fulfilling customer demands.  

Although we are nearing the end of the pandemic, it would be wise to create a Business Resilience Plan just to be prepared. The benefits outweigh the cost, and it can help with security, streamlining workflow at your business, and get people trained and ready to handle whatever comes their way. 

Having a Business Resilience Plan Helps You: 
  • Mitigate the impact of threats and disruption 
  • Enable your business to continue to operate 
  • Minimize health and safety threats 
  • Helps you return to normal at a faster rate 
  • Improve business performance 
  • Avoid costly alternatives 
  • Minimize risk 

Business resilience is the ability to respond and adapt to disruptions and disasters, preserve and safeguard people and assets, and maintain business functions and operations. 

There are 5 Facets of Business Resilience: 
  1. Scalability— Your business' responsiveness to threat
  2. Continuity — Tools for action must be available at any given time
  3. Security — Ability to resist intrusion and malicious threats
  4. Availability — Tools required for the action plan must be ready
  5. Recovery — Ability to restore operations and return to the prior state 
There are four main steps for coming up with your Business Resilience Plan: 
  1. Identify— Name essential resources, employees, business functions, goals, and threats.
  2. Plan — This will help reduce the impact and threats. Workflow (materials and resources with human or machine effort) must be preserved and reestablished promptly. 
  3. Implement — Put your plan into motion and get everyone involved. You must protect critical assets!
  4. Recover — Use strategies to return to business Post-COVID. 
Essential Questions 
  • What are the most significant risks to the company? 
  • What essential business functions and operations need protection? 
  • Which parts of these functions are flexible, and which are not? 
  • What resources does everyone need for those functions? 

Know which resources, personnel, and functions keep you in business. Determine which threats could prevent successful operation. Cyberattacks, data breaches, and IT and Telecom outages was the most concerning threats to disruption.  

Establish Business Goals 
  • What are you aiming to improve with your business post-disruption? 
  • What do you seek to accomplish? 
Business Impact Analysis 

You will want to get a clear idea of what it takes to keep your business running. List business functions by priority (and by department), recovery time, and minimum operation level.  

The Business Resilience Plan Implementation 

When putting the BRP into motion, you will need to make sure you have: 
  • Resilience Procedures 
  • Training Exercises/Certifications 
  • Ready Workforce 
  • Measurement and Monitoring 
  • Continual Improvement 
In your Risk Assessment (RA), there are four categories of the level of impact: 
  1. Negligible — no disruptions or damage 
  2. Marginal — May affect operations without shutting down, little or no damage. 
  3. Critical — Disrupts temporarily and may cause significant damage. 
  4. Catastrophic — Disaster affects the entire region, causes disruption, closure of buildings. May include destruction, injuries, deaths. May not receive outside resources for days or months. 

Risk Management identifies, evaluates, and prioritizes the risks that could be detrimental to business resources, functions, and personnel. Plans can help minimize the negative consequences or do away with the negative impact altogether.  

There are six different kinds of risk: 
  1. Functional & Operational 
  2. Financial 
  3. Organizational 
  4. Strategic 
  5. Legal 
  6. Technological 

Incident Management is about discovering, assessing, and correcting hazards. Together with Crisis Management, your team will be able to handle whatever comes your way quickly. 

There are two types of hazards: natural (fire, earthquake, tornado, flood) and human-made (data entry mistake, cybersecurity attack, security breach). They may be internal (not backing up data, breakable items in the building) or external (located near a river or airport).  

Assessing the relevant risks and hazards (and prioritizing them as necessary) will help your team develop plans like emergency evacuation routes. 

There are six Critical Business Assets: 
  1. People — Includes personnel, customers, vendors, supplies, business partners, and visitors. Prepare by creating a key contact sheet for every category of people involved in your business, including other companies and community members. On the contact sheet, list names, phone numbers, email, social media, contact in case of emergency, and any other important information you may need quick access to later. 
  2. Data — Includes files and documents, records, server backup, and info. Protect your data. Use data backups such as a hard drive, cloud storage services (like or OneDrive), or hard copy documents. Be aware of cyberattacks and make sure to follow the recommendations to avoid malware. 
  3. Operations — Includes accounts payable and receivable, computer hardware and software, providing services, payroll, food prep, mailroom, and manufacturing. 
  4. Inventory — Includes supplies designated for emergencies, merchandise stock, manufacturing stock, resources, emergency supplies, office supplies, and raw materials. Maintain an inventory list that includes all items used by the company. Have diversity with suppliers so that you don't have an emergency with no back-up supplies.  
  5. Equipment — Includes servers, network, special equipment or machines, furniture, copiers, printers. Create an equipment list with the item's description, serial number, date acquired, vendor, and cost.  
  6. Buildings — Includes offices, warehouses, leasing or rental space, store units, restaurants, storefront. Assess items around the building that may pose a risk, such as a leaking roof.  

The disappearance or removal of any of these assets would cause disruption and could result in losses. Keep up with your lists and make sure you update them once or twice a year. 

Critical Business Assets are the foundations of your business, and you may experience a major disruption if any of these are missing from the equation. Do your best to protect your assets by creating plans, back-up plans, training, and taking the necessary steps to reduce or eliminate risk.  

Encourage people to go over an outline of your Emergency Action Plan (EAP) show them what to do in the event of different disasters. 

An EAP May Include: 
  • Evacuation Procedures 
  • Method of Reporting an Emergency 
  • Rescue and Medical Duties 

Some of these may require employee training. Hold awareness and educational sessions. Keep alert communication options up to date and make sure all people can receive alert messages on time. 

Need Help with Your Business Resilience Plan? 

When you return to work, try to create diagrams of all your workflows, prepare each plan and list accordingly, and make sure your employees are well-trained in what to do given different situations. If you need help coming up with your Business Resilience Plan, please reach out to us, contact us, and we will gladly help you prepare to ensure your business's success!  

Request a FREE consultation to discuss Business Continuity Planning and Strategy by filling out a form or calling us at 336.804.8449. 

network consultation