Ecommerce Business Continuity Planning: 7 Steps to Assess Risk and Plan for the Unexpected
Get The Print Version
Tired of scrolling? Download a PDF version for easier offline reading and sharing with coworkers.
A link to download the PDF will arrive in your inbox shortly.
In 2018, a ransomware attack hobbled the City of Atlanta. The disruption to their computer systems impacted city services including police and court records, parking, and utilities. Workers were forced to complete paperwork by hand.
In the end, the cyberattack cost the City of Atlanta $17 million — even though the ransom was only $52,000.
The City of Atlanta was caught off guard, with out-of-date software and a number of other IT vulnerabilities.
A story about a German telecom business, however, shows what happens when a plan goes right. When workers discovered a fire inching closer to one of their crucial facilities, they engaged their incident management system to notify and mobilize employees and emergency responders.
The German company’s fast reaction time — facilitated in part by a solid business continuity plan — along with a redundant network design had the facility back in service in just hours.
A solid business continuity plan (BCP) left the German company with better emergency management and the ability to bounce back quickly.
A business continuity plan details processes and procedures that will help keep operations up and running — or restore them as quickly as possible — in the event of a major disaster, whether it be a physical disaster (e.g., extreme weather event) or a technological one (e.g., cyberattack).
Whether you’re a small business owner or work for a large enterprise, business continuity planning will help you respond faster when disruption strikes and minimize the negative impact on your business.
Without a plan in place, you run the risk of being unable to continue selling and shipping products during unplanned disruptions. Your ability to recover from these unplanned disruptions will be much slower and less effective — potentially impacting both your revenue and your brand reputation.
A business continuity plan is not a disaster recovery plan. Disaster recovery planning is part of a business continuity program, but the latter has a much broader scope.
Depending on your particular business and level of risk, every brand will have different primary threats to business as usual. That’s why risk assessments prior to assembling a business continuity plan can be so helpful.
While you’ll need to have a plan in place for every possible outcome, the following threats are the most common business disruptors to watch.
Pandemics can throw a wrench in your business plans from all angles and directions. With citizens forced to stay home and do as much work from there as possible, to increased demand for certain items, and decreased supply due to manufacturer shut-downs or disruptions across the supply chain.
One of the most important plans to put in place if you fear a global pandemic is how your people will communicate with each other and conduct necessary business offsite. It’s also important to have options when it comes to supply in case your supply chain is disrupted.
A natural disaster refers to anything weather related — tornados, hurricanes, tsunamis, etc. — or other natural phenomena like earthquakes, wildfires, and volcanic eruptions. Some of these types of disasters are difficult to predict and can onset in seconds. They could cause grave damage to physical structures and anything inside, as well as disrupt supply chains through affected areas.
A loss of power generation, communication lines, or water shutoffs can cause severe disruption to day-to-day operations, potentially damaging physical assets, and losing productivity and service.
A cyberattack is any computer-based attack on a technical asset. Examples of cyberattacks include ransomware attacks, data theft, SQL injections, and distributed denial of service (DDoS) attacks. At best, your technical infrastructure will be at limited functionality until the issue is resolved. At worst, if you don’t have a data backup, you could potentially lose access to all your business data.
You may be able to avoid some major disruptions, but there’s always room for the unexpected. That’s why you need a solid plan to restore your business after disaster strikes.
You may never be able to plan for every single possible disruption — or the combinations thereof — but it is worth trying. Don’t assume your first plan is going to work. You’ll need to make sure you have backup plans, and backup plans for your backup plans. Consider every single factor that could play a role, and assume that everything will go wrong at some point.
You don’t want to get into a disaster situation and find that your best laid plans actually cannot be carried out as planned. Be realistic about the plan you’ve laid out and make sure that it has as many contingency plans built in as possible.
Business is complex, so we won’t sit here and say your business continuity plan needs to be simple. But it needs to be able to be executed efficiently and with the resources you have at hand. The extra stress and expectations in a time of disaster or disruption can make even regular tasks more difficult to accomplish. Make sure this is accounted for in your plan.
Nothing on paper could ever compare to the curveballs that nature or other unexpected forces may throw at us. Leave lots of room in your plan to adapt to the moment, as circumstances change — sometimes minute to minute. The plan should account for constant monitoring of the situation and provide a good foundation from which to pivot to addressing the issue at hand.
Business continuity planning isn’t just a nice-to-have; it’s essential to every business, and disruptions can be costly. We’re talking anything from a DDoS attack taking your site offline for an afternoon, to a warehouse fire resulting in mass loss of product, to a supply chain disruption that keeps your products from making their way to you in a timely manner.
Lacking a plan for initiating emergency response can lead to financial loss, loss of consumer (and team member) confidence, and impact your brand reputation. Here are some of the primary benefits of having a continuity plan in place.
If you can keep your business operations running through a crisis, you can mitigate financial loss and send a message of stability to your team members and your customers. Having a strong partnership with your human resources function will be important here.
Your customers want to know that you can respond to anything, so they can keep expecting the service from your brand that they’re accustomed to. In disaster situations, consumers often look to their favorite brands to see how they’re reacting on the public stage and how they’re able to weather the internal storm.
Large-scale disasters and disruptions are likely going to be media fodder, so it’s unlikely you’ll get a chance to follow your plan quietly. The world will be watching. Brands that seem prepared and able to rise to the occasion with strength, consistency, and grace will prove their resiliency to their consumers.
Supply chain is a great example of the maxim, “Don’t put all your eggs in one basket.” Supply chain disruptions are common because there are so many ways they could happen. A pandemic could shutter manufacturing facilities, for example. Or a natural disaster could cripple transportation in an important geographic area. A good plan will set out already-vetted options for circumventing supply chain issues.
In cases where many businesses are affected by a disruption, your ability to get business moving again will go a long way in showing consumers that your brand is among the best. In disaster times, too, consumers watch brands closely to see how they’ll react. Quick but poised action will build trust in your brand, giving you an edge on your competitors.
Knowing what to do quickly in case of a business disruption is an important piece of risk management. The longer the downtime, the more potential for financial loss. But with the right plans to pick up quickly and restore functionality where you need it most, you can keep your loss as minimal as possible.
Creating a business continuity plan is, admittedly, probably not the most fun day you’ll have at work. But it is a critical piece of running a resilient business, and it’s important that you, your business continuity team, and the rest of your staff take this seriously.
Business continuity management extends beyond your information technology department and related IT systems — it applies broadly to all critical business functions, including human resources, operations, public relations, and more. At the highest level, the objective of creating a business continuity plan is to keep essential business processes running or minimize disruption.
But every business is different — so you’ll need to identify the goals and objectives most important to the way you operate. Those goals will guide your risk assessment, the business continuity planning process, and potential recovery strategies.
Select a few cross-functional managers or leaders, and anyone else you identify who may bring something valuable to the table. Make sure someone is designated as the leader to keep things moving forward and make decisions when necessary.
Here’s where you’ll identify the biggest potential threats to your business, then research and analyze them thoroughly. Discuss with the team what would happen if you have to reduce, modify, or eliminate essential services or functions. Be sure to document all the identified issues and related business impact.
You’ll have to determine how your organization will maintain essential services/functions in the event of an emergency. Here are some of the essential services and functions that you’ll need to have a plan for.
Think about what happens when you encounter a product shortage. Supply chain issues are common in disasters like major weather events or pandemics. During a disaster, will you have enough inventory? Do you have an inventory management tool or system to help manage inventory? Do you have a plan for times with low or no inventory?
If a crisis hits, can you still fill orders and meet shipping deadlines? It may be helpful to diversify shipping providers. If you use a 3PL, ask them about the steps they take toward business continuity to gauge whether they’ll be able to fulfill and ship in disaster conditions.
If a crisis were to happen, can you adjust your ecommerce platform to show out-of-stock items? Can you handle an influx of customers in a situation where supply is greatly increased? Do you have strong cybersecurity and all of your data backed up?
During a crisis, customers need transparency and empathy. You’ll need to provide a communications plan for your marketing/communications teams and your customer support team. You may need to bring on more personnel to answer customer questions.
Your ecommerce engine runs as a combination of parts, including:
Each of these parts has to have its own plan. How will you address the situation with your customers? Does that communication plan change when it’s the kind of disruption that may have also put their lives in danger? (E.g., as we deal with pandemic conditions, our customers are dealing with that too — and we have to be empathetic as well as informative in every interaction.)
Will you be prepared to switch to another supplier to make sure you don’t run out of inventory? Do you know what your options are if your shipping partner experiences a disruption?
Leave no business function out of your plan, but that doesn’t mean that one doesn’t become more important as you look for ways to operate during disruption. You’ll want to make sure you’ve documented the following:
Level of business risk.
Impact on employees and customers, and how you’ll communicate with them.
Emergency policy creation.
Financial resources that can be tapped into in the event of a disaster.
External organization or community partners who can work together with you to be mutually beneficial.
Present the plan to all your stakeholders, and suggest being proactive by performing trial runs — for a gut check that each part of the plan works as it should. This will help you identify any missing aspects or weaknesses. Then, once you’ve made any updates based on the feedback, begin to train all staff accordingly.
Nothing is ever certain. Maybe you’ll never encounter a major disruption to your business. But the chances are just as good — if not better — that you’ll have your fair share of challenges.
Being fully aware of your level of risk and what needs to be done to keep the business moving is where you want to start. That alone will give you a competitive edge and help mitigate any financial risk involved.
Then, creating your whole plan will help you rest easier at night. Once everyone in your business is fully comfortable with and trained on implementing this plan, you will have the peace of mind to know that if disaster strikes, not all will be lost.
Victoria is a content marketing writer, researcher, and content project manager at BigCommerce. Specializing in writing and web content strategy, she previously spent eight years in public relations and marketing for Tier I research universities. She holds a B.A. in English Writing and Rhetoric from St. Edward’s University and a Master of Liberal Arts from Lock Haven University of Pennsylvania.