Before you start your risk assessment and BIA, the first thing you should do is get all the stake holders on board with the business continuity program. Out of the stake holders, the most important to get on board, in my opinion (for what that’s worth to you), is your employees, in particular those who are going to be providing input into the business impact analysis. You do not want these people hem and hawing when you are trying to gather important information for your business continuity plan. You want them thinking of the process as something that is going to protect them as well as the company, and in turn you want them thinking of all the critical information you’ll need to ensure you get your dependencies, RTOs, and RPOs right.
So how do you get the stakeholders onboard? Like most things in life, you appeal to their self interest. What is in it for them?
For example, if you are talking to shareholders, you want to put a BCP (business continuity plan) in place in order to minimize any potential losses to the company and to ensure the company survives and thrives. The BCP will be one way to protect their investment and to ensure the investment isn’t lost when disaster strikes.
Your employees care about their jobs. Let them know that you are starting a business continuity program in order to ensure the company can survive any disaster. This in turn will help to preserve their jobs in the event of a disaster, which is a time when a job and the income it provides will be needed the most. There would be nothing worse than a disaster that effects the employee’s home and family and that employee also finds out they lost their job. Now they have to recover personally and professionally. Talk about stress!
If your company is owned by an individual or a small group of owners and you are tasked with business continuity or want to get buy in from the owner(s), explain that you want to ensure the company survives. The owner(s) are going to want to ensure what he, she or they built lasts and can be passed on as they see fit. The owner(s) do not want to put years of hard work into building a business only to see it destroyed by lack of preparation for a business impacting event.
What about your customers? Customers, in particular B2B customers, would love to hear that you are working on business continuity. It tells them that they can depend on you to be there even if disaster strikes. If your customers are comparing your reliability against another company’s, who wins, the company without a business continuity plan or you with your business continuity plan? Brag about having plans. It will get your customers questioning any potential rival’s reliability.
Lastly, although there are more, is your vendors. You need to reach out to vendors, especially ones that provide inputs to time-sensitive processes, and explain you are going to need some information from them for your BCP. From their point of view, they should be happy you are ensuring you’ll still be there buying from them in the event of a disaster. No one wants to lose a customer, especially ones that’s obviously reliable enough to plan for disasters.