Test the Plan, Plan the Test – Why Successful Business Continuity Plans Are Put into Action Before a Crisis

How will your business respond if faced with a natural disaster, a cyberthreat or an active shooter scenario?

Will the organization stay afloat in the midst of such a crisis? Any amount of disruption costs your business money and can destroy customer relations. In fact, 75 percent of companies without a continuity plan fail in three years after facing a disaster. Those companies unable to get back up and running in 10 days post emergency do not survive at all.

A business continuity plan provides your company with the roadmap to navigate a major business disruption, including a natural disaster or large-scale emergency. However, having a plan in place is only the first step; the plan also needs to be continuously monitored and tested for gaps or obstacles.

Who Should Be Involved in the Test?

According to the Department of Homeland Security, there are four groups that should be involved in testing the business continuity plan:

  • All employees of your business
  • Your emergency response team
  • Your business continuity team
  • The crisis communications group

All employees need to know about protective actions they need to take. This involves testing the plan to see what to do in terms of safety and security, as well as loss prevention. The emergency response team needs to test its ability to follow roles and responsibilities defined in the plan. This includes evacuation, shelter, incident management, cleanup and medical care.

The business continuity team, which generally includes division or department management, is responsible for testing incident management and oversight. As for the crisis communications group, they manage the testing of the emergency notification system.

What Should Testing Accomplish?

Testing a business continuity plan verifies how effective the plan is in real-time scenarios. Therefore, when you test the plan, you are looking for weaknesses or gaps in the plan. Once weaknesses are identified, your teams can work together to improve them.

When Should Testing Take Place?

A business continuity plan test should take place quarterly at a minimum. For a quarterly plan review, organize a meeting with the division or department managers who are directly involved with the business continuity plan, including new hires. If the organization is growing rapidly or experiences high management turnover, you may want to consider increasing testing frequency to monthly.

Where Does Your Business Conduct Testing?

Testing typically includes a variety of tabletop scenarios and full-scale exercises. Tabletop scenarios can effectively be conducted in a conference room. During a tabletop session, employees read through potential emergency situations. Participants then describe how their role would respond based on the business continuity plan.

Full-scale simulations include a dry-run test in which everyone participates in a walk-through scenario on premises. For example, with a cyberthreat, this will most likely be focused on the IT department and company data centers. For an active shooter incident, the testing will involve closing entrances and exits and testing emergency notification alerts.

Why Should You Test Your Business Continuity Plan?

Along with training and practice, testing provides your teams with an opportunity to improve the plan. When testing the plan’s strengths and weaknesses in a non-emergency environment, all parties brainstorm and streamline the procedures and processes. This helps bolster the BCP in the event of an actual adverse situation.

How Can Your Business Make a Better Plan with OnSolve?

A key part of any business continuity plan is having a reliable communications system. At OnSolve, we’ve helped thousands of businesses connect effectively with employees and key stakeholders during high-stakes events, ensuring the smooth implementation of communication plans. We offer various types of communication solutions to fit every business size. Contact OnSolve today to begin implementing critical notifications and alerts into your business continuity plan.