CONTINUITY OF BUSINESS:  KEEPING YOUR BUSINESS AFLOAT DURING A CRISIS

Written By Dennis Eberly

(Previously published in PI Magazine, May/June 2020 issue)

This article is being composed in the midst of the COVID-19 world-wide health crisis.  By now, many of you have probably learned a lot about how events may impact your private investigation business.  So, while these events are fresh in your mind, this may be a good time to think about a more formal and calculated approach to business continuity planning for your private investigation agency.  Our industry will survive and adapt to the current situation, but rest assured, the next challenge lies on the path ahead.  In order for an agency to meet it on a more solid footing, the agency should seriously consider engaging in business continuity planning. 

WHAT IS BUSINESS CONTINUITY PLANNING?

What is the purpose of business continuity planning?  This is a planning process designed to ensure your business is able to provide essential services in the wake of an unplanned emergency.  The plan must also address the safety of employees, clients, and vendors/contractors.  Additionally, the plan should attempt to preserve the reputation of the agency and its relationships with stakeholders.    

What types of emergencies should this preparation address?  Besides the current pandemic, we should consider weather-related threats, such as floods, hurricanes, tornadoes, and blizzards.  There is a need to consider man-made threats, such as bombings, cyberattacks, NBC attacks, and sabotage.  Lastly, look at accidental threats such as fire, power failure, and HazMat incidents.       

STEPS IN BUSINESS CONTINUITY PLANNING

Business continuity planning is a five-step process.  It is also a constantly evolving process.  As the operating environment, social processes, and technology changes, it is necessary to review and revise the plan in order to keep it current and relevant.  The steps include: 

1.    Risk Assessment:  Identify the various risk scenarios your particular agency may encounter.  Use a qualitative (low, medium, high) or quantitative (numerical) system to rate the likelihood and severity of each identified risk.  Calculate those ratings in order to identify the risks requiring the most immediate attention.

When conducting the risk assessment, you may want to avoid developing tunnel vision with regard to the risk scenarios.  It is prudent to consider threats that may be more likely to develop, due to your geographical location or local social/economic/political conditions.  However, you should also take into consideration a sampling of “Black Swan” events which could impact your private investigation agency.  The 9-11 attacks are a recent prominent example of a “Black Swan.” 

A “Black Swan,” according to Taleb (2007), has three attributes:

1. It is an outlier.  The likelihood of its occurrence is extremely rare.   

2. It carries an extreme impact.  Its effects are significant.   

3. It is inappropriately rationalized by hindsight.        

Another perspective of risk assessment involves analyzing the loss of your agency’s resources.  Categories of resources to be considered include:  personnel, facility, technology, and suppliers/third parties.  Any of the risk scenarios above have the potential to impact one or more of these resources.  Either of these risk assessment perspectives are acceptable approaches to this task. 

2.    Business Impact Analysis (BIA):  Once you have identified probable risks to your business, undertake a careful analysis of how each would likely impact your operations.  Life safety issues must always take precedence.  Following is a sampling of useful questions to “prime the pump”:  How will core operations be conducted in light of new and challenging conditions?  How will financial processes be affected?  How will meeting and communicating with clients and other stakeholders be affected?  How will the supply chain be impacted?  How will marketing activity be altered?  What impacts will there be to safety and security?  Will financial obligations be affected?  Will business records be accessible and protected? 

3.    Strategy and Plan Development:  Once a picture of the probable impacts to your business has been established, procedures and practices need to be constructed in order to mitigate those impacts and minimize interruption of your business.  Consider incorporating strategies to address prevention, response, and recovery concerns.  Consider the duration of the effects of each event.  Will it be a day, a week, several months or more than a year?  Once the crisis subsides, how will you transition your business back to normal operations?  Will you have to consider a new “normal” approach to your business operations?          

4.    Plan Implementation:  Once you have satisfactorily tweaked your business continuity plan and you have produced a final draft, roll it out, and implement it.  Flexibility is a key concept during this process.  As the plan is implemented and tested, it is likely that revisions to the plan will become necessary. 

Identifying effective aspects of the plan will spotlight the appropriateness of your planning efforts.  Identification of those aspects of the plan that do not produce the desired outcomes will sound the alarm for the need to return to the drawing board to revise portions of the plan in order to increase effectiveness.  The primary goal is to optimize your business continuity plan.      

5.    Train, Test, & Maintain the Plan:  The planning process is not complete when the new plan is implemented.  All agency employees will need training to become familiar with plan implementation.  Employees need to know what is expected of them during a crisis.  Furthermore, employees may view the plan from a slightly different perspective and offer valuable input for refinement of the plan to increase its effectiveness. 

Another training consideration may be cross-training personnel in various aspects of the agency’s operation.  In worst-case scenarios, a crisis may result in the loss of employees’ lives and deplete your personnel resources.  Cross-training, especially in mission-critical tasks, may be essential to the survival of your private investigation agency.  A recent prominent example of the impact of personnel loss would be the 9-11 attack on the World Trade Center and the devastating loss of life on companies such as Cantor Fitzgerald, which lost 658 of its 960 employees at its NYC headquarters.  How would your agency continue to operate with a two-thirds reduction in its workforce?          

Once training is conducted, the plan must be tested under realistic conditions.  The testing of the plan will “separate the wheat from the chaff.”  This testing phase is essential in order to underscore what works as intended and to identify areas of weakness in the plan which require refinement.  Unless the plan is tested, its effectiveness is an unknown element.  Weaknesses discovered in the middle of an actual crisis are far too costly and may prove to be devastating to your business.  Accomplish needed adjustments and test again for the desired effect on effectiveness.   

Once you have the optimal business continuity plan in place, a maintenance schedule needs to be implemented.  The plan needs to be reviewed periodically in order to address any changes that may be necessary to keep it effective.  As changes occur, the business continuity planning process continues to function.  Don’t overlook training new employees on the business continuity plan and periodic refresher training for current employees.

START YOUR BUSINESS CONTINUITY PLAN TODAY!

The purpose of this article was to inform owners of private investigation agencies of the basics of business continuity planning.  If you are convinced this process is necessary for the survival of your agency, continue to educate yourself further regarding the planning process.  Begin preparing your agency’s business continuity plan before the next crisis shows up on your doorstep.  Good luck in your endeavors and stay safe!

ADDITIONAL RESOURCES

‍Department of Homeland Security 

https://www.ready.gov/business-continuity-plan

‍ ‍

Disaster Recovery Institute International (DRII)‍ ‍

https://drii.org/resources/professionalpractices/EN

REFERENCES

Taleb, N. N. (2007). The Black Swan: The Impact of the Highly Improbable. New York, NY:   Random House, Inc.

Dennis Eberly
Previous

IDENTIFICATION OF SAFETY RISKS TO THE PROCESS SERVER

Next

HOW TO HIRE A PRIVATE INVESTIGATOR IN DELAWARE:  WHAT SHOULD YOU LOOK FOR?