As discussed in “Business Continuity Planning Part 1: Managing Risk by Developing a Business Continuity Plan,” it is often the case that the difference between a failing business and company of great value, surviving for generations – is the ability to plan for, adapt to, and survive the unexpected. Business Continuity Planning (“BCP”) is the process of creating a system of prevention and recovery from potential interruptions and other threats to an organization.
ASSESSING VULNERABILITY
As discussed in Part 1, the first step in Business Continuity Planning is to form the BCP Team, create the Mission, and draft the Policy. The next step is to conduct a vulnerability risk assessment. That is to:
- Analyze the probability of particular emergencies the company is vulnerable to; and then,
- Prioritize those emergencies most likely to occur or most likely to result in an interruption, compared against more remote or improbable emergencies or those most likely to represent minor inconveniences.
This is done by conducting a Vulnerability Risk Assessment. Part of such analyses should include the potential for human impact, including the possibility of death or injury, as well as the possibility for contractual delays or other impacts affecting contractual performance.
To begin assessing risk, the BCP Team should identify mission-critical products, services, relationships, and operations – e.g., what the company does to create revenue and earn a profit; customers relied upon; equipment and materials required; relationships with and dependency on suppliers; reliance on utilities or third-party service providers; and more. From there, the Team should assess the relative vulnerabilities of such mission-critical functions. For more specific examples of how this can be done, contact the author.
DIFFERENT TYPES OF VULNERABILITIES
Protecting the lives, health and safety of employees, as well as other onsite personnel and those involved with ongoing operations, should be of paramount concern – but particularly during an emergency or business interruption event. The Life Safety aspect of any Vulnerability Assessment should align with policies and instructions related to topics such as evacuation procedures and routes, jobsite security (including stored materials and equipment), personnel accountability, designated meeting places and shelters, and all other forms of preparedness during an emergency situation or other interruption event.
The Vulnerability Assessment should also consider potential Financial Vulnerabilities, such as costs to repair or replace damaged or stolen materials or equipment, as well as legal fees or other types of costs that may be incurred as a result of an emergency. Attention should also be paid to billpaying and payment-requests, as well as employee payroll systems, to avoid missing payment obligations during a crisis.
Contractual Vulnerability must be assessed due the impact an interruption may have on performance obligations. A company should become familiar with performance deadlines; change request and time extension requirements; along with cost- or liability-shifting provisions, such as “no damage for delay” clauses, indemnities, liquidated damages, and liability caps; as well as any other contractual agreement that may shift cost or liability obligations in the wake of an emergency or other interruption. The Team should pay particular attention to excuse for non-performance provisions, including force majeure, recognizing that many emergencies and interruptions may not be included in the contract language.
The BCP Team should also assess particular vulnerabilities to a variety of property types and locations. Such Property Vulnerability assessments should include a review of applicable insurance policies providing coverage for various business and real property, whether there are specific project policies in place, and whether important business property can be relocated or secured during interruption events. Assessments for whether certain business property is able to be repaired or easily replaced, and whether temporary property replacements can be readily accommodated, should also be considered.
TAKEAWAYS
The key elements within a Vulnerability Assessment should include:
- Identification of revenue-generating functions (mission-critical products, services, relationships, and operations)
- Assessed relative vulnerabilities to risk for each function, including:
- Life Safety
- Financial and Contractual
- Business and Real Property
The list provided in this section is only representative. Every business is different and vulnerabilities other than those presented here may need to be assessed. Every aspect of a business responsible for revenue creation and overall profitability should be analyzed for specific vulnerabilities.
It is strongly recommended that companies interested in developing a Business Continuity Plan consult with licensed legal counsel, an HR consultant, and/or insurance professional to thoroughly analyze their business organization’s susceptibility to interruptions, and to put together a thorough and specific Business Continuity Plan that complies with applicable regulatory or other legal requirements. If you have particular questions on how to assess vulnerabilities not covered in this section, or analyzing whether a function is critical to the ongoing viability of the business, contact Shutts attorney Michael C. Kelley or an experienced local insurance professional experienced in BCP methodologies and the typical insurance coverages available in your industry. In most cases, Business Continuity Planning should be conducted in conjunction with an overall threat assessment, as well as the procurement of various types of insurance coverages, such as business interruption insurance, which will be discussed in this series.
This is the second of a multi-part series of blog posts which will introduce the concept of Business Continuity Planning and explain the elements that go into making a typical Business Continuity Plan. This series will focus on:
- The Fundamental Elements of a Business Continuity Plan (Part 1);
- Vulnerability Risk Assessments;
- Emergency Action Plans;
- Disaster Recovery Strategies;
- Business Interruption Insurance; and
- Useful BCP Checklists.
- Partner
Michael C. Kelley is a partner in the Orlando office of Shutts & Bowen LLP, where he is a member of the Construction Litigation Practice Group.
Michael’s practice focuses on construction, commercial and real property litigation ...
Search Blog
Follow Us
Recent Posts
- Florida Appellate Court Provides Further Guidance Regarding New Summary Judgment Rule
- SEC Adopts New Cybersecurity Rules
- From 😊 to 💼: Can Emojis Create a Legally Binding Contract?
- HB-3: An Overview of ESG Factors Relating to Public Funds Investment and Financial Industry Impacts
- The Live Local Act Part 2 - Affordable Housing Incentives
- Florida's Live Local Act
- Florida Preliminary Injunctions Must Merely Preserve the Status Quo
- Can a Landlord Obtain Funds Deposited by Tenant in the Court’s Registry?
- Drawn-out negotiations over purchase agreement result in extensive litigation
- In eviction case, trial court wrongly made landlord produce leases with other tenants
Popular Categories
- Litigation
- Contracts
- Landlord-Tenant
- Litigation (Appellate)
- Supreme Court
- Business
- Real Estate Law
- Cyber fraud
- Technology
- Business of Real Estate
- Property Tax
- Development/Land Use
- Cybersecurity
- Data Security
- Conveyances
- Foreclosures
- Estate planning
- Trusts and Estates
- Lease
- Wealth planning
- Business
- Insurance
- Restrictive Covenants
- Title
- Construction
- Promissory Notes
- Regulatory Compliance
- Government
- Creditor's Rights
- Liens and encumbrances
- Compliance
- Eviction
- Americans with Disabilities Act
- Bankruptcy
- Ad Valorem Assessments
- Attorneys' Fees
- Appeals
- Attorneys' Fees
- Employment and Labor
- Litigation (Labor & Employment)
- Small Business
- Mortgages
- Consumer Protection
- Loan guaranties
- Regulation
- Maritime
- GAO
- Commercial Brokerage
- Renewal
- email hacking
- Lis Pendens
- Homestead
- Partnerships and LLCs
- Standing
Editors
- Associate
- Partner
- Partner
- Partner
- Senior Associate
- Partner
- Associate
- Partner
- Associate
- Partner
- Partner
- Partner
- Partner
- Partner
- Associate
- Partner
- Partner
Archives
- August 2023
- July 2023
- June 2023
- May 2023
- January 2023
- October 2022
- July 2022
- March 2022
- February 2022
- January 2022
- December 2021
- October 2021
- September 2021
- August 2021
- July 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- October 2020
- September 2020
- July 2020
- June 2020
- March 2020
- October 2019
- August 2019
- July 2019
- May 2019
- February 2019
- July 2018
- June 2018
- May 2018
- March 2018
- February 2018
- January 2018
- October 2017
- August 2017
- July 2017
- June 2017
- May 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016