Unprecedented does not have to mean unprepared: Business Continuity Planning

During these unprecedented times, many businesses are struggling to continue business as usual while the world is rapidly changing around them; however, certain businesses continue to thrive. Throughout this COVID-19 pandemic, companies like MMS, among other leaders in the pharmaceutical industry, are not only carrying out typical day-to-day business operations, but they are well-positioned to offer additional support to companies unable to adapt.

These thriving organizations share a common thread in terms of planning, specifically implementation of a successful Business Continuity Plan (BCP). Having a BCP ensures that organizations can quickly adjust, with little to no disruption to services when faced with business threats that include a spectrum from temporary power outages through pandemics.

Implementing a Successful Business Continuity Plan

A common misstep in BCP development is starting with a focus on the multitude of potential threats which may occur. While planning is needed for various scenarios, the business interruption should not be a starting point.

Developing a list of every possible risk to the business is not only daunting, but it is missing a key element: there is no way to predict the unpredictable.

The key to successful business continuity planning is to start with a focus on the core business elements – the people, processes, and tools required to make the business run – and work backwards from there. Conducting a thorough analysis of all core business elements and implementing broad contingency plans will ensure preparedness for a wide range of business disruptions, including the unexpected and unthinkable.

Another common approach to business continuity planning is to focus on high-risk scenarios only. While addressing high-risk scenarios is an important element, only addressing high-risk items neglects a critical factor – non-discriminatory disasters, those that are not location or industry specific. So, while most businesses located in a flood zone are prepared for a flood, if high-risk scenarios are the extent of their planning, they likely were not prepared to address the impact of a pandemic, like the coronavirus.

Bringing the focal point back to the core business elements ensures preparedness for all risks, regardless of likelihood.

A solid BCP ensures there is a Plan B (and where appropriate, a Plan C, Plan D, etc.) that can be quickly implemented when the need arises. In order for the BCP to be effective, the organization must also review, update, and test the BCP on a regular basis to ensure the backup plans continue to adequately promote the required contingencies that enable the business to operate seamlessly and ensure the safety of employees, customers, and partners, as well as security of data and assets.

MMS, for instance, is certified to ISO 9001, ISO 27001, and Privacy Shield, and our integrated management system is built on the ITIL and ISO framework. The organizational requirements to achieve these certifications have proven to be a key component to the success of the MMS BCP during the COVID-19 pandemic, allowing us to continue providing valuable services to our clients without interruption.

While certifications are not required to implement a successful BCP, the concepts behind these standards can help ensure critical BCP elements are appropriately accounted for, such as:

• redundancy for key staff and systems;
• data recovery, back-up, and access;
• alternative methods of communication with colleagues, clients, and partners;
• an alternative workspace or ability to transition into a remote workplace;
• continuous review of risks & opportunities, and;
• any location-specific requirements that need to be addressed.

Communication is Key

Once business continuity planning is complete, ensure that BCP policies and procedures are shared with applicable team members. Annual training is recommended to ensure continued awareness of these critical procedures. It is also important to ensure that electronic and paper copies are available in multiple systems and locations respectively to allow for access in a variety of scenarios.

Create a Business Continuity & Disaster Recovery Team, or a few key stakeholders, who will be responsible for acting on the plan when the need arises and for regular testing and review of the BCP. Ensure the team member contact information is accurate and available in the BCP and when possible, establish multiple alternative communication methods and meeting locations.

At the start of the COVID-19 pandemic, the MMS Business Continuity & Disaster Recovery Team, with representatives from senior leadership, quality assurance, IT, and HR, met daily to discuss and address the rapidly changing situation. Within the first day the BCP was launched, the team began implementing the required preparations to transition the entire global staff to work from home.

The team was ready to meet this demand before local officials implemented these requirements, allowing for a truly seamless transition to a fully remote workplace. Our HR team communicated to global colleagues early and often ensuring awareness of the BCP, alternative communication methods should they be needed, and most importantly, addressing the health and safety of employees and their families.

Ongoing assessments

Business continuity planning is not a one-time exercise, it is an ongoing assessment of core business elements, ensuring appropriate backup plans are in place to prevent business disruption. Focusing on the people, processes, and tools that are critical to business operations to ensure preparedness even in unprecedented times is key. All companies should communicate the BCP on a regular basis, and when disruption occurs and the BCP is implemented, communicate early and often to ensure effectiveness of the BCP and transparency to all stakeholders.

About the author

Jessica Alamdari, CMQ-OE is Manager of Operational Quality at MMS Holdings. With 15 years of quality expertise, Jessica is a Certified Manager of Quality and Organizational Excellence and a Certified Data Protection Officer. Connect with Jessica on LinkedIn.