The probing questions in each section are intended to give an idea of the questions Business Continuity planners ask about business operations. These types of impacts are usually considered during the risk & business impact assessment activities, at which time businesses determine the appropriate mitigation strategies based on their individual risk & exposure.
The items in this list are taken from industry best practices as defined by organizations such as Disaster Recovery International (DRI)
and the Business Continuity Institute (BCI)
. This is not intended to be a exhaustive list of all possible BC considerations and probing questions, so the reader is encouraged to visit their respective websites for more complete information.
- Loss of Employees or Employees Unable/Unwilling to come to work
- How could you continue to run your business if more than 30% of employees are unavailable to work for an extended period (2 weeks? 4 weeks? 3 months?)
- Are you able to quickly source and train an alternate work force if necessary?
- Is succession planning in place for key staff?
- Loss of a Site – short-term and long-term duration
- Are you able to continue operations at an alternate work site or using remote teleworkers?
- Would a work site closure impact your ability to continue supplying key customers?
- Is the source of specialized equipment & tooling required at an alternate facility pre-identified & kept current as the business environment changes?
- Are alternate manufacturing facilities capable of ramping up in an acceptable timeframe?
- Loss of External Infrastructure – short-term and long-term duration
- Are mitigation strategies in place to minimize the impacts of a power disruption? If back-up generators are part of the mitigation, how long can they run?
- Do your operations need to ensure filtered or potable water is available in case of local water supply/sewage disruptions?
- Do you have alternative communication technologies that can be used in case telecommunications are disrupted? Do your crisis communication plans incorporate & test all of these options?
- Loss of Computing Capability – Applications or Infrastructure – short-term and long-term duration
- Are critical datacenters protected from physical threats? Is access restricted and monitored?
- Are UPS machines or back-up generators used to minimize the impact of power disruptions on critical datacenter operations?
- Do all critical applications have the appropriate disaster recovery plans in place? Do the business groups which rely on those applications have business recovery plans in place? Are manual workarounds available and exercised periodically?
- Loss of Vital Records (data and documents)
- Are data back-ups conducted on a routine basis and stored safely at an off-site facility?
- Does your business have an information security strategy in place to protect critical systems against malware and cyber attacks?
- Transportation disruptions/inability to ship products
- Have you considered secondary warehouses, shipping lanes and alternate carriers?
- Are there any restrictions on your ability to adjust freight arrangements imposed by local government or customs officials?
- Critical suppliers unable to deliver their products as planned
- Have you discussed business continuity with your critical suppliers?
- Do you have contingency plans in place if they cannot deliver to you?
- Are secondary sources available for critical suppliers? How quickly could these be activated during an emergency?
- Do your inventory and spare parts strategies allow sufficient buffer to ensure operations are not disrupted?
- Are engineering workarounds an option for extended supplier outages?