COVID-19 has been a wakeup call for businesses the world over, for many reasons. A global pandemic that led to stay at home orders, moving everyone’s office to home for an undetermined period.

Although Business Continuity Plans (BCP) and Disaster Recovery (DR) is nothing new, most are written with a single incident in mind, causing a short-term business interruption. Certainly not for a global pandemic, of the magnitude we are still living every day.

It is also true that not all of these plans proved to be robust enough, or had been subject to full testing. You could argue, I have now fully tested my BCP and if your business is still functioning that it worked!

So, what should you do next? Is there such a BCP or DR plan that will cover you for every eventuality? What does your business really need in this area? What lessons did you learn, are you actioning these before they become a distant memory?

Conduct a Business Impact Assessment/Analysis (BIA)

  • This predicts the consequences of a disruption across your business functions and processes.
  • This should include operational and financial risk.
  • Timing and Duration are also important.
  • Disruption Scenarios should include loss of;
    • People
    • IT Infrastructure, data, applications and voice & data communications
    • Building – damage, total loss, and restricted access
    • Utilities
    • Supply Chain

Review your existing controls

If your business holds ISO 27001 or IASME Gold Governance certifications these are excellent places to start as they already document your;

  • Policies
  • Controls
  • BCP / DR

You may just need to complete a full health check, and update with your learnings.

Update your existing plan, if you have one

Take time now to consider all of your learnings, before you move on to the next business priority.


  • What worked?
  • What didn’t work?
  • What interruption did it cause?
  • Was your IT infrastructure fit for purpose?
  • Was your plan agile and flexible to manage a pandemic, or never considered situation?

Conduct in IT & communication infrastructure and technology audit

COVID-19 has put IT & Communications infrastructure under significant pressure. Now is the time to review;

  • What does your business need now?
  • What does your business need in the future?
  • Where does the risk sit in your infrastructure, and how do you mitigate it?
  • Can you recover all of your data, when you need it?
  • Are you prepared for another lock down?

Test, test, test

As with any risk-based action plan, testing is critical to success. You wouldn’t wait for a fire to check you can get your employees out of the building safely!

It is now an accepted norm that you can not plan for every eventuality with your BCP and DR plans, but are they flexible enough to deal with an emerging situation that could continue for an extended period?

Communicate, Communicate, Communicate

Some of the best plans fails because only a small number of employees and managers know what do when an incident occurs. Ensure your plans are documented, shared and trained across your organisations.

Here at Net Defence our consultants have assisted businesses across sectors build and test their BCP and DR plans.

We are also part of the £200m Ogilvie Group that supports numerous industries from construction and home-building to the Fleet industry and surveying. With 600 colleagues spread across 10 locations. We are responsible for their plans, which were triggered without major incident throughout the ongoing the COVID-19 pandemic.