Business & Legal, Strategies-COVID, Tech
Business Continuity, COVID-19, Dr. Steven Goldman, MIT Professional Education, Recovery

Lessons from the Pandemic: Top 5 Updates for Your Business Continuity Plan

The pandemic is causing unprecedented upheaval, and business continuity plans are being scrutinized like never before. How has yours held up? Are there areas you now wish you had covered more thoroughly? Of course, a key tenet of successful business continuity is that it is always a work in progress. You need to keep learning and improving your plan to make it even more effective. In that spirit, here are the top five ways to update your business continuity plan, based upon what the COVID-19 pandemic has taught us so far:

1. Assess “the usual suspects”

Following any drill, exercise, or actual event, smart organizations amend their business continuity and related plans based upon what they learned. When reviewing your current plan, be sure to update each of these fundamental areas:

  • Business Impact Analysis
  • Policies and plan
  • Response teams’ members and contact information
  • Individual team and position procedures
  • Internal and external contact lists
  • Priority of recovery of facilities, people, departments, processes, etc.
  • Supply and distribution chains

2. Create a separate pandemic response/recovery plan

Some organizations included pandemic response as part of their overall crisis management or business continuity plans. However, best practice has long been to have a separate pandemic response/recovery plan, and the COVID-19 outbreak proved that; indeed, a stand-alone pandemic plan is optimal. When creating a separate pandemic response/recovery plan, make sure it includes a pandemic response team (identify members, define responsibilities, etc.), as well as provisions for employees who need to work remotely (see #3). In addition, the plan needs to cover:

  • Policies and plan
  • Set up, operation, de-activation
  • Contact lists
  • Lessons learned from COVID-19
  • Annual drill/exercise requirement

3. Implement work from home (WFH) plans/policies/processes

What has your organization learned about WFH over that past few months? Start putting those lessons to work now. It is likely your recommendations will cover a variety of topics, ranging from communications and security protocols to purchasing comfortable WFH chairs for employees. Keep in mind that WFH can be implemented as part of a response to other crises, most notably severe weather or long-term facility evacuation. Some companies are developing WFH procedures as separate documents that can be used when needed for an applicable crisis. In addition to the elements listed above, be sure your WFH plan includes lessons learned from COVID-19 and an annual drill/exercise requirement.

4. Improve communications

One of the recurrent lessons learned following a review of nearly any drill, exercise, or real event is that communications could (or must!) be improved. Once again, the best practice is to have a separate crisis communications plan that can be enacted in response to any disastrous event. A stand-alone crisis communications plan can also be applied to events that may not meet the definition of a crisis but still require a rapid and coordinated communications response. Based on the results of your COVID-19 response, make sure you review and update:

  • Internal and external communications policies and procedures
  • Contact lists
  • Mass notifications/communications processes and systems
  • Social media
  • Your organization’s i-footprint
  • Annual drill/exercise requirements

5. Review technology/connectivity

Although technically not part of a business continuity plan, your information technology (IT) disaster recovery plans need to be reviewed in the wake of the recent pandemic. For example, several companies believed they had an adequate WFH technical basis. However, when 95-100 percent of the company started to work from home, several IT executives discovered that their work from home capacity was inadequate. Most recovered, but it was not easy. Additionally, many companies have learned that “IT security from home” does not necessarily meet company or government standards. As a result, your CIO and IT executives should be reviewing, at a minimum, the following:

  • IT systems functionality under various crisis conditions
  • Disaster recovery team(s)
  • WFH
  • Cyber security
  • Remote operations
  • Long-term operations
  • Annual drill/exercise requirement

The COVID-19 pandemic has underscored the need for robust and effective business continuity plans. It has also provided the opportunity for businesses to update their current plans with all that has been learned over the past few months. Using the list above as a general guideline, adapt and adjust the recommendations to suit your organization and specific situation. As Rahm Emanuel, former Chief of Staff to President Barack Obama, reportedly advised, “You never let a serious crisis go to waste.” While the true impact of this terrible current crisis is still being assessed, your organizations can take steps now to be better prepared for the next one.

Dr. Goldman is a lead instructor of a course on Crisis Management & Business Continuity offered through MIT Professional Education. The 2020 session, which runs July 21-23, will address issues relevant to COVID-19 to help organizations better prepare for the ongoing impact of the pandemic and other public health crises that may occur in the future.

Click here for more information.

Upcoming Events


Related Articles