如何为危机管理制定业务连续性计划[+模板]

When abusiness crisisoccurs, the last thing you want to do is panic.

倒数第二个你想做的事情就是unprepared. Crises typically arise without warning. While you shouldn't start every day expecting the worst, you should be relatively prepared for anything to happen.

A business crisis can cost your company a lot of money and ruin your reputation if you aren't proactively prepared to handle one. Customers aren't very forgiving, especially when a crisis is influenced by accidents within the company or other preventable mistakes. If you want your company to be able to maintain its business continuity in the face of a crisis, then you'll need to come up with a plan to uphold its essential functions.

In this post, we'll explain what business continuity is, give examples of scenarios that would require a business continuity plan, and provide a template that you can use to create a well-rounded program for your business.

Table of Contents:

• 业务连续性
• 业务连续性Types

• 业务连续性计划

• How to Write a Business Continuity Plan

• 业务连续性Plan Template

• 业务连续性Examples

• 业务连续性Management

If you think about business continuity in terms of the essential functions your business requires to operate, you can begin to mitigate and plan for specific risks within those functions. Below we'll go over different types of business continuity.

业务连续性Types

1. Operational

操作意味着系统和连续性processes your business relies on are able to continue functioning without disruption. As these processes are critical to business operations, it's important to have a plan in place in case disruption occurs so you can minimize the loss of revenue.

2. Technological

Organizations that rely on technology to run want to ensure the integrity and continuity of those systems. For example, while the functionality of Google Drive is not within your realm of control, there are many internal systems that you'll want to maintain and mitigate, like maybe having an offline file storage system to access important documents.

3. Economic

经济连续性意味着您的企业在可能的破坏过程中仍能继续盈利。每个企业都有起伏，因此您想做的一件事是对组织的未来，以实现可能达到底线的负面情况。

4. Workforce

Workforce continuity means that you'll always have enough staff, and the right staff, to handle the work that comes through your doors, especially during times of crisis.

5.安全

Workforce continuity goes beyond planning the right roles and staffing the right people to fill them. In order for them to show up every day and perform well, they must feel safe to do so. This involves creating a comfortable work environment, and ensuring that, even during a crisis, people have the tools they need to succeed and feel supported in the workplace.

6.环境

Environmental continuity means that your team is able to operate effectively and safely in their work environment. This can mean considering possible threats to your physical office or headquarters, and coming up with plans of action if these issues occur.

7. Security

You want your employees to be safe. You also want your employees and business assets to be secure as well. Security breaches can cause major harm to your operations, safety, and reputation. Continuity in this realm means prioritizing employee security and safety of important business information, and plans of action if the information were to become compromised.

8.声誉

Customer satisfaction and a good reputation can fuel your flywheel and result in increased revenue. The flip side of this coin, however, is that a tarnished reputation can cause great harm.

Reputation continuity means continuously monitoring conversations about your brand or business, prioritizing customer satisfaction, and coming up with action plans for rectifying situations if your reputation is called into question.

业务连续性计划的重要性

业务连续性计划很重要，因为在危机时，有时，尤其是在危机期间，定期运营将需要继续进行。在每种类型的危机中制定业务连续性计划将有助于维护您的运营。

业务连续性vs. Disaster Recovery

灾难恢复计划是作为总体业务连续性计划的一部分而创建的。灾难恢复计划的区别在于技术计划专门针对从失败中恢复，而业务连续性计划在危机期间管理关系。

例如，在更大的危机中（例如被淹没的建筑物），您可能已经失去了一些IT服务。因此，在较大的业务连续性计划中包括一个或多个灾难恢复指令，将专门用于恢复这些IT服务。

业务连续性计划

Business continuity planning is the process of creating a plan to address a crisis. When writing out a business continuity plan, it's important to consider the variety of crises that could potentially affect the company and prepare a resolution for each.

经常应该测试一次业务连续性计划？

It's simple — the more time you put into your business continuity plan, the better it's going to be.

You should constantly be looking over the plan to make sure it's up-to-date with your current business processes. The larger your organization is, the more complex your systems are going to be, meaning you'll want to review your business continuity plan more frequently to ensure there aren't any overlooked gaps.

The following schedule is recommended to maximize the reliability and validity of your plan, while also minimizing the amount of time you're putting into plan review.

1.每年两次查看您的清单。

Your teams should review the elements of your business continuity plan bi-annually to make sure all the responses still apply to your current status. In addition, you'll use this opportunity to ensure that each response aligns with your desired business goals.

2. Conduct emergency drills once a year.

Just like schools have fire drills, your organization should have emergency drills to prepare your staff for the steps that are laid out in your business continuity plan. This will also help when a real crisis occurs because they will have practiced the steps before.

3. Hold tabletop reviews every other year.

All stakeholders that are involved in your business continuity plan should meet every other year to discuss it. The review doesn't need to take too much time and doesn't require physically running through the steps, but it can help you uncover red flags that may otherwise go unnoticed without testing.

4. Conduct a comprehensive review every other year.

Unlike the tabletop review, the comprehensive review takes a deep dive into the plan. It should look closely at cost-benefit analyses as well as recovery procedures to ensure everything is up-to-date with current business operations.

5. Mock Recovery Test, every two to three years

这是一项深入的测试，在其中，您的连续性计划被组织起来，以测试任何弱点或不幸。由于该测试是耗时的，因此不应该经常发生，但是它将确保所有内部利益相关者对计划充满信心。

No matter what type of business you are operating, you need to be constantly considering the possible threat of a crisis. If you want to be able to effectively manage them, then it's essential that you have a business continuity plan in place to tackle difficult or unexpected situations.

业务连续性Plan

概述了方向和业务连续性计划procedures that your company will follow when faced with a crisis. These plans include business procedures, names of assets and partners, human resource functions, and other helpful information that can help maintain your brand's relationships with relevant stakeholders.

For example, one crisis that your business may have to respond to is a severe snowstorm. Your team may be wondering, "If a snowstorm disrupted our supply chain, how would we resume business?" Planning contingencies ahead of time for situations like these can help your business stay afloat when you're faced with an unavoidable crisis.

在下面，我们将继续编写业务连续性计划的过程。

1. Select a business continuity team.

Before you begin strategizing, assemble a management team to be in charge. The job of crafting a business continuity plan isn't a light one, so this group should include people who are detail-oriented and organized. Some of the roles on the team are:

• Executive manager: This is the person who leads the writing process and is the link between company executives and the rest of the business continuity team.
• Program coordinator: This is the team leader who coordinates all activities related to the plan, such as budgeting and development of recovery procedures.
• Information officer: This person is responsible for accessing and sharing data related to the business continuity plan.

2. Define plan objectives.

What are you trying to achieve with this plan? It's important to know the end goal, whether it be resuming business processes as normal or improving the organization's reputation. When laying out the objectives, you should also consider your budget to get a sense of the resources that you're going to be working with.

3. Schedule interviews with key players in your departments.

Executives and upper management have a great bird's eye view of an organization, but business continuity issues happen at all levels of an organization. For an analysis that's truly comprehensive (and, in effect, valuable), you'll want to interview key team members in various departments of your organization.

选择个人知道the ins and outs of their department's operations and understand the importance of its functionality within the grander scheme of the organization. You can ask questions such as:

• What are your top 5 most important processes?
• What systems or applications are needed to support your operations?
• How does [X department] depend on your work in this area?
• 您认为，我们最大的盲点是什么？
• What were to happen if [worst case scenario]?
• Who would be impacted if [worst case scenario] and how?

4. Identify critical functions and types of threats.

The above questions are a guide to help give you insight into the areas of your business that require the greatest degree of business continuity. Prioritize the business functions and threats that are the most critical according to:

• 它发生的可能性，
• The extent of the loss based on impact.

5.在确定的每个区域进行风险评估。

这里的想法是量化您在采访中收到的信息：

• How long would it take to recover from a critical situation in this area?
• How much revenue would be lost during that time?
• How much productivity would be lost during that time within that department?
• How much productivity would be lost for other departments as a result?
• How many customers and/or stakeholder confidence will be lost?
• Will there be additional costs to get it resolved?
• 会有额外的责任费用吗？
• How much does it cost to implement prevention measures?

6. Conduct a Business Impact Analysis.

一旦您通过不同的流程收集了信息，就该将这些信息编译成反映更广泛业务的格式了。

A Business Impact Analysis (BIA) analyzes the main operations of an organization, the major resources it uses, how its operations relate to one another — a.k.a. when one function goes down, how does it affect other operations — and how long each function generally takes to complete.

BIA是最终业务连续性计划的关键部分。在这里，您总结了有关违反收益的成本的发现，以进一步强调了优先级的问题。

7. Draft out the plan.

Now that you have a good idea of what to include in your plan, start by composing a first draft that can serve as a baseline. The draft should include the following aspects to ensure a well-rounded, actionable plan:

• The purpose, objectives, budget, and timeline of the plan.
• The members of the business continuity team and their roles.
• All of the important stakeholders that are involved in the business continuity plan.
• The Business Impact Analysis.
• 将采取积极的策略来预防危机。
• Reactive strategies that will immediately respond to crises.
• Long-term recovery efforts.
• Training and testing schedules for proactive preparation.

8. Test the plan for gaps.

Of course, you should immediately test your plan.

首先与那些在连续性计划中发挥关键作用的人进行交流。在他们知道自己参与计划之后，进行模拟恢复测试并将计划付诸实践。记下此过程中出现的任何差距。

9. Revise based on your findings.

测试完成后，请更正您在整个过程中发现的任何缺陷。

继续测试和实施更改，直到您对结果满意为止。但是，重要的是要意识到业务变更可能需要更新您的计划。鉴于此，重要的是要继续测试您的计划，以确保它适合您的业务需求，并为任何类型的危机做好准备。

Now that you've learned everything there is to know about business continuity plans, use the following template to start creating one for your organization.

业务连续性Plan Template

Name of Organization

Date

I.计划管理

1. [Purpose of the plan]

2. [Objectives of the plan]

3. [Budget]

4. [Timeline]

The gathering process for this section could take anywhere from 1-2 weeks, as you'll want to take enough time to uncover all the necessary information that helps you understand why the plan is necessary for your business. It is essentially the background information for your plan.

II. Governance

1. [业务连续性团队的成员以及其角色和联系信息]

2. [Other stakeholders with their contact information]

III. Business Impact Analysis

1. [业务影响分析]

This section of your plan will take the most amount of time to complete. As it is a full assessment of how a crisis will affect your business, you'll need to analyze multiple different types of scenarios that you may encounter and analyze how each one will affect your business and the specific areas of your business that will be affected.

旨在花费一周左右的时间来起草分析，并与相关的团队和利益相关者合作，这些团队和利益相关者将在发生危机时制定计划。要进行实际的分析，请给自己1-2周，或足够的时间来准确评估他们在业务发生的情况下可能对您的业务产生的影响和影响。

IV. Strategies and Requirements

1. [Proactive strategies to prevent crises]

2. [Reactive strategies to immediately respond to crises]

3. [Reactive strategies for long-term recovery from the crises]

After conducting your business impact analysis, you should have an understanding of how your business will need to respond to crises when they arise in order to come out on top. Spend a week or so crafting the strategies that will make up your continuity plan, and collaborate with relevant stakeholders.

V. Training and Testing

1. [员工的培训时间表]

2. [Testing schedule]

It's best to test and iterate on your plan multiple times a year to ensure that it's up-to-date with your business needs. Maybe you run through the plan once a quarter to ensure that everyone is on the same page and new hires have the chance to learn along with their experienced peers, or maybe you do scenario run thoughts twice a year.

Let's go over some examples of scenarios that would require a business continuity plan that will help you understand why your business needs one.

1. External product outage.

Type: Operational

Let's say that your entire workforce accesses, creates, and manages necessary files in Google Drive throughout the day. What happens if Google Drive has an unplanned product outage? Do you have a backup plan in place for your team to access files, or will there be a major loss of productivity until the issue is resolved?

Identifying your essential operational functions can help you identify and mitigate risk. This is where your interviews will come into play the most.

Examples of operational failure may include:

• Product failure,
• Outages with essential suppliers or services,
• Disruptions in your supply chain,
• 部门瓶颈和人为错误。

2. Unplanned internet or telecom outages.

类型：技术

Say your network goes down in the middle of the day and employees are unable to access the internet or dial out with their phones.

Do you have an information technology department that can quickly diagnose the issue? If you don't, do you know the numbers of your ISP provider so that you can quickly get them on the phone and resolve the issue?

You can't always anticipate unexpected errors, but you can put a process in place to handle them swiftly and effectively.

以下是与技术相关的业务连续性问题的一些示例：

• 数据丢失，
• Unplanned internet or telecom outages,
• Hardware/software failures.

3.收入损失。

Type: Economic

Your biggest client goes out of business, slashing your annual recurring revenue by hundreds of thousands of dollars. Did this client make up the majority of your revenue and you counted them as a sure thing, or did you insulate yourself against this loss with other sources of income? How will you adjust to the revenue loss, where will you cut the budget, and do have a concrete plan to protect against workforce layoffs?

Markets change, client attrition happens, economies ebb and flow. The important part is to understand how your organization can weather these events.

Here are some examples:

• Financial loss,
• Recession,
• Market changes or disruption.

4.关键员工的营业额。

Type: Workforce

假设你有一个明星在你的领导人hip team. With extreme performance comes opportunity, and that rockstar may decide to leave your organization to pursue employment elsewhere.

Are there critical business functions that only this employee knows how to do, or do you have a cross-functional team who can take on the work should they decide to leave? How does this impact the workflow of the company, especially if it takes time to fill the role with someone else?

这一切都取决于资源管理，并确保您可以以敏捷的方式适应劳动力的变化。

However, this is often easier said than done, and here are some examples of threats to your workforce continuity:

• Staffing issues,
• The turnover of a critical employee,
• 工作停工和/或罢工，
• 人际冲突，
• Not scaling and formalizing your systems and processes.

5. Workplace emergencies.

Type: Safety

A fire broke out in the break room. Do you have a fire alarm that alerts employees it's time to vacate? Do your employees know where the fire extinguishers are located in the building? Do they know where to evacuate to? What plans do you have in place post-fire in case the worst is realized for your physical office?

Ultimately, you have to protect your staff and create an environment where they can do their best work instead of worrying about threats to their person.

以下是您的业务连续性计划应考虑的安全风险的示例：

• Occupational hazards, injury, and death,
• Workplace emergencies such as gas leaks or fire,
• Health hazards such as a pandemic,
• Incidents of violence.

6. Property hazards.

Type: Environmental

Let's say that a pipe burst in your bathroom and flooded out the building. What kind of threat does water damage pose to your office or workplace? Is your technical equipment safe? Your employees? Your files? Will you lose anything irreplaceable? Do you know who to call for water damage and restoration? Do you have funds set aside for emergencies like this?

Your office space is a business asset, but it can quickly become a liability if you're unprepared.

• Property hazards such as plumbing issues or gas leaks,
• Severe weather such as flooding or snow,
• Natural disasters such as earthquakes or tornadoes.

7. Cyberattacks.

Type: Security

A phishing company chooses to target your employees' emails to gain access to your sensitive data.

Do you have a strong spam filter that can reduce the number of emails employees receive? Are employees trained on email security, and will they recognize phishing attempts? If someone does accidentally buy into the scam, what protocols do you have in place to mitigate the damage from a breach?

A feeling of safety can come from having security procedures in place to mitigate risk as well as deal with issues as they arise.

以下是计划和减轻安全风险的一些例子（技术和物理）：

• Cyberattacks and network breaches,
• 恶意软件和病毒,
• Theft and vandalism,
• Phishing emails.

8. Negative publicity.

Type: Reputation

Do you have a plan in place to manage your reputation, and do you know the biggest risks for negative publicity in your space?

Once you create a business continuity plan, your work isn't over. Continue to iterate on the plan and identify new risks that become possible over time and/or with increased experience.

Business continuity planning isn't a one-time feat. Your plans need to be constantly reassessed if you want to adequately prepare for every situation. Consider adopting a business continuity management team to oversee your continuity plans and keep them up-to-date.

Here are examples of reputation issues that can affect business continuity:

• 负宣传，
• Company layoffs,
• Lawsuits,
• Negative reviews.

One responsibility that business continuity management teams have is planning for disaster recovery. Disaster recovery is a component of the business continuity plan that specifically focuses on product issues.

As mentioned above, the more time you put into your business continuity plan, the better it's going to be. The more often you test, the stronger your plan will be, as you'll be able to quickly identify problem areas and correct them before you're forced to deal with them during a crisis.

编者注：该帖子最初于2019年3月发表，并已更新以进行全面性。