As discussed in “Business Continuity Planning Part 1: Managing Risk by Developing a Business Continuity Plan,” it is often the case that the difference between a failing business and company of great value, surviving for generations – is the ability to plan for, adapt to, and survive the unexpected. Business Continuity Planning (“BCP”) is the process of creating a system of prevention and recovery from potential interruptions and other threats to an organization.
ASSESSING VULNERABILITY
As discussed in Part 1, the first step in Business Continuity Planning is to form the BCP Team, create the Mission, and draft the Policy. The next step is to conduct a vulnerability risk assessment. That is to:
- Analyze the probability of particular emergencies the company is vulnerable to; and then,
- Prioritize those emergencies most likely to occur or most likely to result in an interruption, compared against more remote or improbable emergencies or those most likely to represent minor inconveniences.
This is done by conducting a Vulnerability Risk Assessment. Part of such analyses should include the potential for human impact, including the possibility of death or injury, as well as the possibility for contractual delays or other impacts affecting contractual performance.
To begin assessing risk, the BCP Team should identify mission-critical products, services, relationships, and operations – e.g., what the company does to create revenue and earn a profit; customers relied upon; equipment and materials required; relationships with and dependency on suppliers; reliance on utilities or third-party service providers; and more. From there, the Team should assess the relative vulnerabilities of such mission-critical functions. For more specific examples of how this can be done, contact the author.
DIFFERENT TYPES OF VULNERABILITIES
Protecting the lives, health and safety of employees, as well as other onsite personnel and those involved with ongoing operations, should be of paramount concern – but particularly during an emergency or business interruption event. The Life Safety aspect of any Vulnerability Assessment should align with policies and instructions related to topics such as evacuation procedures and routes, jobsite security (including stored materials and equipment), personnel accountability, designated meeting places and shelters, and all other forms of preparedness during an emergency situation or other interruption event.
The Vulnerability Assessment should also consider potential Financial Vulnerabilities, such as costs to repair or replace damaged or stolen materials or equipment, as well as legal fees or other types of costs that may be incurred as a result of an emergency. Attention should also be paid to billpaying and payment-requests, as well as employee payroll systems, to avoid missing payment obligations during a crisis.
Contractual Vulnerability must be assessed due the impact an interruption may have on performance obligations. A company should become familiar with performance deadlines; change request and time extension requirements; along with cost- or liability-shifting provisions, such as “no damage for delay” clauses, indemnities, liquidated damages, and liability caps; as well as any other contractual agreement that may shift cost or liability obligations in the wake of an emergency or other interruption. The Team should pay particular attention to excuse for non-performance provisions, including force majeure, recognizing that many emergencies and interruptions may not be included in the contract language.
The BCP Team should also assess particular vulnerabilities to a variety of property types and locations. Such Property Vulnerability assessments should include a review of applicable insurance policies providing coverage for various business and real property, whether there are specific project policies in place, and whether important business property can be relocated or secured during interruption events. Assessments for whether certain business property is able to be repaired or easily replaced, and whether temporary property replacements can be readily accommodated, should also be considered.
TAKEAWAYS
The key elements within a Vulnerability Assessment should include:
- Identification of revenue-generating functions (mission-critical products, services, relationships, and operations)
- Assessed relative vulnerabilities to risk for each function, including:
- Life Safety
- Financial and Contractual
- Business and Real Property
The list provided in this section is only representative. Every business is different and vulnerabilities other than those presented here may need to be assessed. Every aspect of a business responsible for revenue creation and overall profitability should be analyzed for specific vulnerabilities.
It is strongly recommended that companies interested in developing a Business Continuity Plan consult with licensed legal counsel, an HR consultant, and/or insurance professional to thoroughly analyze their business organization’s susceptibility to interruptions, and to put together a thorough and specific Business Continuity Plan that complies with applicable regulatory or other legal requirements. If you have particular questions on how to assess vulnerabilities not covered in this section, or analyzing whether a function is critical to the ongoing viability of the business, contact an attorney from the Shutts Consruction practice group or an experienced local insurance professional experienced in BCP methodologies and the typical insurance coverages available in your industry. In most cases, Business Continuity Planning should be conducted in conjunction with an overall threat assessment, as well as the procurement of various types of insurance coverages, such as business interruption insurance, which will be discussed in this series.
This is the second of a multi-part series of blog posts which will introduce the concept of Business Continuity Planning and explain the elements that go into making a typical Business Continuity Plan. This series will focus on:
- The Fundamental Elements of a Business Continuity Plan (Part 1);
- Vulnerability Risk Assessments;
- Emergency Action Plans;
- Disaster Recovery Strategies;
- Business Interruption Insurance; and
- Useful BCP Checklists.
Search Blog
Follow Us
Recent Posts
- What You Need to Know About the U.S. Department of Transportation’s Build America TIFIA Loan
- Breaking News: Federal Judge Blocks Nationwide Implementation of the FTC’s New Rule Banning Noncompete Agreements
- September 4th is Almost Here: How Employers Can Prepare for the Upcoming Effective Date of the FTC’s Non-Compete Rule
- Florida’s New Statutory Home Warranty: What Home Builders Need to Know
- Orange County Proposes Temporary Suspension Ordinance on New Development Applications
- Raising the Roof: The U.S. Department of Labor Announces Rule Raising Salary Thresholds for Overtime Exemptions
- New Guidelines Anticipated Following HHS’s Health Cybersecurity Concept Paper
- SECURE 2.0 and Protecting Your Designated Beneficiaries
- Florida Appellate Court Provides Further Guidance Regarding New Summary Judgment Rule
- Pith? Perfect for Lienors, Not So Much for Landlords: Protecting Rights When Improvements Are Made to Commercial Tenancies
Popular Categories
- Employment and Labor
- Construction
- Business of Real Estate
- Litigation (Labor & Employment)
- Construction Litigation
- Competition
- Landlord-Tenant
- Real Estate Law
- Public Private Partnership
- Cybersecurity
- Intellectual Property
- Construction
- Appeals
- Development/Land Use
- Litigation
- Public Finance
- Contracts
- Trusts and Estates
- Data Security
- Business
- Supreme Court
- Privacy
- Technology
- Litigation (Appellate)
- IP Litigation
- Patents
- Business
- Regulatory Compliance
- Florida Government Contracts
- Health Care
- Foreclosures
- Trademark
- Contracting
- Financial Institutions
- Compliance
- Estate planning
- International Dispute Resolution
- Property Tax
- Conveyances
- Florida Public Contracts
- Government Contracting
- Government Contracts
- Government
- Lease
- Appellate Blog
- Patent Office
- Insurance
- Wealth planning
- Federal Government Contracting
- Cyber fraud
- Florida Bid Protests
- Public Contracts
- Infringement
- Proposal Writing
- Public Bidding
- GAO
- International Arbitration and Litigation
- Arbitration
- Bid Protest
- International
- Americans with Disabilities Act
- Restrictive Covenants
- Grant Writing
- Copyright
- Title
- Promissory Notes
- Small Business
- Florida Procurement
- Public procurement
- Consumer Privacy
- PTAB
- General Liability
- Technology
- International Arbitration
- Liens
- Liens and encumbrances
- Creditor's Rights
- Bidding
- Attorneys' Fees
- Inter Partes Review
- Power Generation
- Consumer Protection
- Regulation
- Contracting
- Government Vendor
- State Government Contracts
- Venue
- Ad Valorem Assessments
- Florida Administrative Law
- Attorneys' Fees
- Florida Rules of Appellate Procedure
- Bankruptcy
- Florida Public Procurement
- Russia-Related Arbitration
- Mortgages
- Eviction
- FINRA
- Record on Appeal
- Rehearing
- Loan guaranties
- Patents - Assignor Estoppel
- Dispute Resolution
- Statute of limitations
- Statute of repose
- Maritime
- Liens
- Damages
- Briefing
- Patents - Obviousness
- Request for Proposal
- Department of Labor
- Trade Secrets
- Commercial Brokerage
- Bid Writing
- Florida Bidding Strategies
- Renewal
- Attorneys' Fees
- Florida County Lands
- Florida Economic Incentive Packages
- Jury Instructions
- Stay
- Design Professionals
- Certiorari
- email hacking
- Forum Selection
- Offers of Judgment
- Prevailing Party
- Settlements
- Assignment of Contract
- Assignment of Proceeds
- Lis Pendens
- Banking
- Designer Liability
- Finality
- Fintech
- Appellate Jurisdiction - Deadlines
- Evidence
- Evidence
- Expert
- Expert Science
- Federal Rules of Appellate Procedure
- Federal Supply Schedule
- Florida Public Records Law
- Marketing/Advertising
- Mootness
- Preservation
- Socio-Economic Programs
- Sunshine Law
- Unlicensed Contracting
- Veteran Owned Business
- Partnerships and LLCs
- Homestead
- Standing
Editors
- Of Counsel
- Partner
- Partner
- Partner
- Partner
- Partner
- Partner
- Partner
- Partner
- Associate
- Partner
- Partner
- Partner
- Partner
- Senior Associate
- Partner
- Associate
- Partner
- Senior Associate
- Partner
- Associate
- Partner
- Partner
- Partner
- Partner
- Partner
- Partner
- Partner
- Partner
- Partner
- Partner
- Partner
- Partner
- Partner
- Partner
- Partner
- Partner
- Of Counsel
- Senior Associate
- Partner
- Associate
- Partner
- Partner
- Associate
- Partner
- Partner
- Partner
Archives
- September 2024
- August 2024
- June 2024
- May 2024
- February 2024
- November 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- October 2019
- August 2019
- July 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016