What people should put into business continuity plans is the information needed to get organisations back on their feet after disaster strikes. Leafing through BC plans often reveals that planners have made choices as to what to put in or leave out. If an item isn’t mentioned, it doesn’t necessarily mean that the plan is incomplete. Rather than clutter up a plan with too much information and too many unlikely hypotheses, it’s better to have a slimmer and more effective approach. But how slim should it be?
A BC plan available from the U.S. Small Business Administration is a case in point. Available on the SBA web site, the “Disaster Recovery Plan” explains how the SBA will help out in cases where disaster strikes small businesses in the USA. Although it doesn’t exclude other types of disaster, it clearly emphasises the natural ones such as floods, hurricanes, and earthquakes, and also terrorist attacks; in brief, the kind of disasters that hit a particular geographical area.
Although it’s fair to mention natural disasters like these given the number of them that can hit a country the size of America, the plan doesn’t make any specific reference to other disasters such as supply chain breakdown or IT outages. Statistically, these less spectacular disasters have a greater chance of happening and can do just as much damage to an individual company.
It’s easy to criticise. The SBA’s DR plan has the merits of being available and apparently clear and practical. Yet by calling it “Disaster Recovery Plan” with no further qualification or subtitle, one interpretation is that this is all that small businesses in the U.S. need, and that natural disasters and terrorists are all they have to fear. Perhaps a mention of the things that were also left out could help for better preparation in general.