Although the generic steps for business continuity planning (BCP) will be the same, there will be some differences between business continuity planning for different industry sectors once you get into the detail. The differences will be in multiple areas, including
- Threat impact
- Critical business functions
- Recovery activities
Let’s take a look at business continuity planning for different industry sectors:
Business Continuity Planning for Different Industry Sectors – Health Care Continuity
The healthcare industry has many distinct business continuity challenges. Maintaining continuity is vital for every business, but perhaps no other industry faces the same level of urgency as healthcare.
When a healthcare facility experiences data loss or any other disruption, then the downtime affects more than just the business. It also affects patients and the care that they receive and can even result in loss of life. Business continuity plan healthcare related impacts can also result in legal cases, especially if a loss in care affects the health of patients. The lack of adequate BCP healthcare approaches can also affect regulatory compliance, at best leading to large fines but at worst, preventing the provision of patient care services.
So the importance of business continuity planning for healthcare cannot be understated. Every organization in this sector and every location, whether large or small, must have a comprehensive and effective business continuity plan.
Healthcare Continuity Parameters
This industry sector relies heavily on people to deliver its critical services. The minimum tolerable downtime (MTD) will be very short for some patients, particularly those in critical care. So as well as considering the different business activities, business continuity for healthcare also has to align itself with the needs of different types of patient care.
Some forms of healthcare are also heavily reliant on technology systems. For example, a CT scanner is an essential diagnostic tool for emergency healthcare. Lives can be lost if this type of equipment is unavailable for more than a few minutes, so a BCP healthcare approach has to take this into account.
Today’s healthcare is heavily reliant on front-line IT systems. These used to be confined to the back office, with clinicians using paper records. But they are now consigned to the past in most developed countries. On-line systems are used to look up important data about the patient, often using hand-held devices. Digital X-ray images are used for diagnosis, and urgent test results are transmitted using messaging systems.
Vulnerability to Cyber Attacks
Healthcare organizations have been planning business continuity for many years. It is usual for locations to have tried and tested emergency plans for a wide range of disaster scenarios, including terrorist attacks, staff reductions, and utility outages. However, experience has demonstrated that healthcare BCP plans are not as prepared for cybersecurity threats for vulnerabilities including:
- Phishing emails
- Social engineering attacks
- Denial of service
As an example of the possible impacts, a ransomware attack in Australia left a healthcare facility with no access to 15,000 patient records for over three weeks. This had a significant effect on patients and the reputation of the healthcare organization.
The most common cyber-related vulnerabilities that should be addressed in health care continuity planning include:
- Weak passwords: Many healthcare organizations lack robust password management policies and supporting systems. This provides an easy route for hackers to gain access to applications.
- Unpatched IT systems: There is often the absence of a rigorous approach for routinely applying patches to applications and operating systems. This means that known vulnerabilities can be easily exploited.
- Poorly controlled access devices: Many organizations struggle to maintain control over healthcare workers connecting their own unprotected devices to the healthcare organization’s networks. Also, many of today’s medical devices are IT-based but do not provide local IT teams with the necessary access to address cybersecurity measures.
- Lack of effective training: Users often don’t understand the importance of ignoring unexpected emails, making it easy for health care business continuity to be compromised by attacks delivered using email.
These vulnerabilities are not unique to healthcare, Business Continuity planning for different industry sectors of all types also has to address them. But they tend to be more common in state-operated health care. Hence maintaining business continuity in healthcare will remain a challenge until these vulnerabilities are resolved across all parts of the industry.
Healthcare business continuity plan template.
The good news is that some regulatory authorities, including local government organizations, provide a healthcare business continuity plan template. These include different sections that cover the specific aspects of BCPO that are common across all healthcare organizations. Use of these healthcare-specific business continuity plan templates can:
- Speed up creation of the BCP
- Ensure that all required aspects are covered
- Provide example recovery approaches that are tailored for healthcare
- Ease regulatory compliance
- Enable linking BCPs with related healthcare organizations
Business Continuity Planning for Different Industry Sectors – Customer Service
A business continuity plan for customer service is essential for just about every organization. Customer service includes all aspects of how an organization deals with its customers, including obvious functions such as support lines, but also customer-facing sales and marketing activities such as sales calls. Some of these are less critical to most organizations than others, so conducting a business impact analysis to identify the critical business functions is key when formulating a customer service business continuity plan.
Contact Center Continuity
The contact center will be a critical business function for just about every organization. They are the front line between you and your customers, so maintaining business continuity is vital for effective customer service. Your BCP has to ensure that you can keep your contact center going no matter what has happened. There are many different types of disruption that need to be considered in a business continuity plan for customer service. Here are some examples:
- Power outages at the contact center location.
- Network interruptions leading to loss of access to the customer service IT systems connectivity issues).
- Bad weather that stops your contact staff from getting into the office
- Natural disasters like fires and floods that require your staff to leave the office or stop them from getting there.
- Crime that leads to loss of key assets such as IT equipment.
- Transport system disruption such as bus driver strikes or road closures, meaning that not all of your customer service staff can get to the office.
Using Alternative Locations
Most business continuity plans for customer service include staff working from different locations during a disruptive event. This can be another office location, either one of your own or a specially rented one provided by a company that provides these facilities as part of a disaster recovery service. Your staff could also work from home. This is all good, but your BCP needs to include consideration of a few tricky issues, including:
- Can your staff access the necessary IT systems from the alternative location? When the pandemic hit in 2020, a lot of organizations found that their solutions for providing remote access to IT systems failed because it didn’t have enough capacity for everybody to work remotely.
- Do you have telephony systems that can route calls to lots of private numbers? Many systems have limited capacity for outgoing calls.
- What happens if your staff are in the office when the disruption happens? Until they reach the alternative locations, your contact center will be out of operation. One way to deal with this is to have reciprocal arrangements with a friendly company that can take your calls for a short time until you get back up and running.
Business Continuity Planning for Different Industry Sectors-Financial Services
There is a wide range of different types of organizations within financial services, ranging from small internal finance functions to large retail banking businesses. For some of these, being able to provide services 24 x 7 x 365 is critical to their survival. Think about services such as cash withdrawal. A failure to provide business continuity for this important service can easily lead to customers leaving you for a competitor, which has happened for real. For BCP financial services approaches, the business impact analysis process is vital. Here are some tips:
- Always think from the perspective of your customers. They are the ones who will be affected if you lose the continuity of your business services.
- Make sure that you consider all threats, even the small ones. For example, what happens if there is a rail crash near a main transport route that stops you from getting cash supplies?
- Look at the IT-related risks. There have been many examples of what seemed to be simple IT upgrades leading to long service outages.
BCP for finance departments tends to be much simpler. The impact of delays to producing the accounts typically isn’t that big, and for most organizations, the finance department staff can work from home. But some aspects of BCP for finance departments are important. Here are some examples:
- What happens if you can’t pay your suppliers on time? They might stop deliveries having a knock-on effect on the BCP for delivering your own products and services.
- If you can’t pay your staff on time, then there could be consequences to how they live. One approach is to ask the bank to repeat the last payment and sort out any differences later once the disruption has ended.
Business Continuity Planning for Different Industry Sectors -Human Resources
Any HR business continuity plan has to consider the same threats as any other industry. Many BCP recovery approaches are similar, including working from alternative locations and providing access to alternative IT systems. However, the business impact analysis for Human Resources will be different. The best approach once again is to think from the customer’s perspective when creating the HR business continuity plan. Which services are critical to them? Ones like recruitment and disciplinary actions aren’t as critical as providing care to staff that are having issues.
One key aspect that an HR business continuity plan must address is the staff’s welfare during the invocation of BCP for other parts of the business, particularly when the disaster that caused invocation includes things like floods and fires affecting the premises. Considerations should include:
- How can the staff get home if they can’t get their vehicle keys out of the office?
- What if the evacuated staff have no money with them to buy food?
- How can staff contact their loved ones to let them know that they are safe?
Considerations like this example from an HR BCP should be part of every organization’s plans.
Business Continuity Planning for Different Industry Sectors- Conclusion
Business continuity planning for different industry sectors contains many common elements. Still, the risk assessments for each BCP will highlight key differences in what is critical to maintaining continuity, what impacts different threats have, and what are appropriate recovery actions. For every industry sector, the best approach is to think from the customer’s perspective when creating your BCP, as it is them that keep you in business.