Business Continuity Planning, Disaster Recovery and Covid-19

Ensure a proper and trouble-free recovery process with a business continuity plan to sustain business operations.

The current Covid -19 pandemic shows us how important BCP/M (Business Continuity Planning / Management) is, particularely when supplemented by a DR (Disaster Recovery) strategy. The virus has made clear how vulnerable we are and has uncovered long neglected weaknesses in processes and systems.

Disaster Recovery Plan

Three months ago, did we really think it would not affect us?

A virus in and of itself can't shut down a company's systems, operations, or services. It is a lack of sufficient preparation that increases the risk of these sorts of disruptions. Under the current circumstances, with so many quarantined at home, even a network outage can have a huge impact on business functions.

Disaster recovery strategies and BCP/M become more critical as enterprises adjust to the business disruptions caused by the coronavirus. While current BCP/M plans may not take into account a pandemic, can we afford to ignore such situations because they only rarely occur?

Disaster Recovery (DR) and Business Continuity Plans (BCP) are essential to sustain business operations.

It's not often that a company faces a pandemic, but natural disasters, man-made disasters, security threats (such as malware attacks) and downtime are all realities. In fact, the world has experienced serious infectious outbreaks within the last 20 years with bird flu (H5N1), swine flu (H1N1) and Ebola; fortunately, these diseases did not spread as quickly and easily as Covid-19, so their impact was more limited. Nonetheless, after the H1N1 pandemic at the latest, risks associated with infectious diseases should have been considered in a BCP.

To ensure business continuity and a smooth recovery process following severe disruptions, it is crucial to carry out a risk assessment, establish a recovery strategy and make concrete continuity plans. Otherwise, organizations stumble unprepared into catastrophe, leaving management less able to address the situation calmly and appropriately.

By answering the following questions and evaluating the answers, management can begin to prepare for the worst:

  • How can my company ensure that business processes can be restored?
  • How can my company access backup plans or ensure the recovery of lost data?
  • Is this approach sustainable? Is it controlled?
  • What protective measures have been implemented for the safety and security of employees, their families and the environment (health, social engineering, awareness)?
  • Which IT security procedures can be implemented for employees as a precaution (VPN, home office, training, MFA (Multi-Factor Authentication), requirements and policies)?
  • Is there a replacement if the providers' technical representatives cannot be on site to repair equipment that requires maintenance (supply lines for replacement of machine parts or materials) may be disrupted?
  • Does the BCP/M include precautionary measures for both staff and systems?
  • Have sufficient resources (money, time, manpower) been invested in preparation to ensure a seamless, trouble-free recovery or business continuity process after natural or man-made disaster?
    • Continuity of business operations: Implementing remote access infrastructure for the entire organization (VPN devices, redundant high-speed Internet connections to the enterprise, laptops and/or servers on site to host user connections)
    • Ensuring the availability of resources: Proper access to the required resources in the office and/or home office (additional firewall rules required, VPN users have access to the systems …)
    • Keeping employees online: e.g. mobile hotspots for remote access to the Internet in case of a power failure, etc.
    • Ensuring interruption-free communication: e.g. availability and accessibility of a support hotline
    • FAQ: Accessible and available offline even if no access to company networks can be established.

Management should keep employees informed of plans for dealing with major disasters, sensitize them to the challenges and inquire about their preparation. For example, telework arrangements should adhere to standardized guidelines:

  • A home workspace that is quiet, comfortable and, depending on the need for protection, externally secured
  • A room with a closable door is optimal for telework
  • Avoid working in areas shared by family members for entertainment (TV, Netflix, Amazon Prime or similar)
  • No sharing of work devices with family members or other third parties
  • Test the quality of remote access regularly
  • Test for full functionality once a year, minimum

Questions about how to deal with other business interruptions such as network failures, loss of revenue, loss of data, security gaps and threats, and stagnating or declining productivity should already have been assessed in the standard BCP/M and be documented together with countermeasures accordingly. Statistics from FEMA (Federal Emergency Management Agency) in the U.S. show that unfortunately about 40% to 60% of small and medium-sized companies never open their doors again following a disaster!

This can be prevented.

With a proper disaster recovery strategy and business continuity plan in place, this outcome can be avoided. We can help identify your risks, find solutions to existing problems and guide you safely through the next crisis.

Expert Support

Got questions? Contact us.

Share page