Note: this is a continuation of part 1

 These and many other questions must be addressed, along with the “what ifs“. First, is your plan accessible? What if it’s stored on your server which is down? Perhaps you planned on using your land-lines for phone service, but in this case, what if they’re down? Can you re-route incoming calls to some other place that’s up and running, and remotely service your customers and vendors? Maybe you planned on having your Customer Service staff use their personal cell phones, but what if the cell towers are down and no signal can get through? Or, if the signal is up but there’s no local electricity, what happens after the batteries run out?

 As you can see, creating a full-fledged Business Continuity Plan is a very detail-oriented process which assumes nothing is working and progresses from there. This spring, members of the Association of Contingency Planners (of which I am a member) performed an invaluable test. We created a hypothetical company and brought on an impending flood. In Phase I, we tested the Plan’s ability to hunker down and prepare for the storm. Then, to make the exercise more realistic, we were stopped midway and told that the hypothetical storm arrived 12 hours early, so we had to alter our plan on the fly (Phase II). Midway through this alteration, we had another monkey wrench thrown in (just like in real life) and had to once again change plans accordingly (Phase III).

 What was surprising is that many of the plans had too many assumptions built in, rendering them anywhere from dubious to downright useless.

 In closing, testing your plan before a catastrophe is the only way to find out about its deficiencies while there’s still time to correct them. By the way, the people, department, or company that developed or updated the plan is the worst choice for testing the plan. Similar to having a financial audit; the accountants who prepared your books cannot audit their own work.

 I hope this helps you in avoiding future problems. Please remember our trademark – “Don’t confuse Good Luck with Good Planning ^tm” — just because you haven’t yet experienced a disaster doesn’t mean that you’re prepared for it.

 Matthew H. Stern, CDP CCP CCE is the president and founder of The CIO Source, Inc., a New York firm specializing in I.T. Management and Risk Mitigation. Their offerings include developing and testing clients’ Business Continuity Plans. He can be reached at newsletters@theCIOsource.com

Their website is at http://www.theCIOsource.com

Copyright (c) 2010-2011 Matthew H. Stern, all rights reserved