Business Continuity Planning – Not Just for Big Business

Regardless of the size of your organization, business continuity planning can scale to suit your needs.

You may be under the assumption that business continuity planning is something that only companies with vast resources and deep pockets can successfully implement. Or maybe you think that only companies with multimillion-dollar revenues or hundreds of employees need to worry about developing business continuity plans.

At risk3sixty, we see business continuity as a critical process that companies of all sizes, revenue levels, and industries should dedicate a proportional amount of time and resources to implement.

Does EVERY Business Need Business Continuity Planning?

As you look at the list of the organizations on the Fortune 100 list, it’s easy to think of reasons they would need to focus on developing robust business continuity plans. At the scale  these companies operate at, it’s nearly impossible to envision a world in which they are not taking the steps necessary to guarantee their continued operations.

“Of course Apple needs a business continuity plan, they employ tens of thousands of people and bring in hundreds of BILLIONS of dollars in revenue annually. Even a small interruption in their business has huge ramifications.”

“Walmart surely devotes huge amounts of resources to its business continuity planning! They’re providing distribution and retail services to billions of people across the globe!”

“Amazon is the global leader in e-commerce, processing millions of orders each day. Their vast resources likely have multiple teams of highly-trained professionals constantly assessing their business continuity environment.”

While these are valid rationales for these companies to develop business continuity plans, that’s only half of the story. Looking at the other end of the business classification spectrum, far from the global giants of Walmart, Apple, and Amazon, you will find small businesses operating at much smaller scales.

Their scopes span miles instead of continents, with revenues in the tens of thousands of dollars rather than the hundreds of billions.

When looking at these companies you may have vastly different ideas about them allocating such finite resources to business continuity planning.

“They operate a single-person business as a consultant within the professional services industry and only maintain a revenue of $150k annually. The only infrastructure they have is a single laptop. Surely they don’t need to worry about business continuity.”

“They’re just a five-person start-up, developing software in the cloud without a physical office. They are probably already positioned to effectively respond to any incident without making dedicated efforts in business continuity planning.”

These examples assume small companies can’t benefit from thought-out plans to respond to incidents due to their size or positioning. However, failing to determine your response before the incident may lead to the end of your business, no matter the size. Even a small business with only a few interdependencies can fail.

  • What happens if the single-person consulting operation loses their laptop or it is stolen? Have they planned for how they will notify their clients in accordance with data protection regulations? What if their hard drive fails? Have they made the decisions previously regarding appropriate backup implementations? A business continuity plan can be as simple as maintaining external and encrypted backups as well as client communication templates. Such small measures could make all the difference in successfully navigating these incidents.
  • What if access control has not been properly designed within the software development startup? In this situation, only one individual may have administrative access to the source code repository or other cloud infrastructure. Have they made the business continuity decisions necessary to maintain critical credentials in a third-party key management system (KMS)? Or will an untimely separation of that individual from the company stop progress in its tracks?

Even companies that appear to be able to respond nimbly to incidents are vulnerable. Not having basic business continuity plans in place to handle incidents which otherwise would be inconsequential might have devastating impacts.

Now That You Know Why, What Do You Do?

Smaller and simpler companies may have fewer business-critical objectives on which they must focus to ensure they stay in business.

They may be able to meet those objectives with only a few hours or planning and no additional spending. Large companies may need to devote many full-time professionals to develop the necessary procedures to ensure continuity of operations with budgets in the millions of dollars.

Business continuity principles apply to organizations of all sizes.

Knowing that you are somewhere between that one-person consulting firm and the Amazons of the world, do you feel prepared?

If you don’t, know that you’re not alone. Many organizations are realizing that their size and relatively smaller revenues have not kept them “under the radar” in the event of disruptive incidents. They are finding that their lack of preparedness planning has left them incredibly vulnerable during tumultuous times.

While the best time to build a business continuity program is during periods of relative calm (and well before the plans are needed to be utilized), the second-best time is today.

If your organization is at the beginning of its journey towards developing your business continuity program, or if you are looking to further mature your existing program, please request to speak to one of our qualified team members here. We will guide you in developing a robust program that your team and customers can be confident in.

Share to


Share to

Like our content? Subscribe and stay informed.