Mistakes grant you the opportunity to learn. But you don’t have to actually make the mistakes to learn from them. This is especially important in business continuity planning. If you correct the mistakes now, instead of when an actual disaster occurs, you’ll be better prepared.
Having a business continuity plan for customer communications isn’t optional. You’ll need to keep these running in times of natural events, power outages, and human error. While you may believe your plan to be well conceived, there still may be gaps. PCI is here to help you identify those and how to close the loop.
Failure to Include Customer Communications in Your Business Continuity Plan
To start, is your plan inclusive of printed customer communications? Organizations have multiple systems and applications that all require placement in the plan. As a dynamic company, change happens constantly. It’s easy to overlook certain aspects.
However, printed customer communications must be on that list and a priority. This could be one of the gravest mistakes to make. Why? Because your customers depend on this information, and you need to make sure they receive it. Business critical communications must have a prominent place in your plan. If they don’t, it’s time for a review. Stay protected by being proactive.
Not Vetting Your Customer Communications Business Continuity Vendor
How confident are you in your provider? Are they protecting your interests or their profits? To avoid this mistake, make sure they have the right equipment and capabilities but are also 100% compliant with any regulations with which you must abide.
To properly evaluate any vendor, there are important questions you should ask.
Here are a few to consider:
- What are their compliance practices and certifications?
- How do they keep customer data secure from breaches or exposure?
- Is the provider ready to support you as soon as an event occurs to disrupt operations?
- How will they ensure that your communications are accurate?
- What kind of business continuity experience do they have?
Not Updating Content with DR Vendors
Of the questions above, the one on accuracy warrants further discussion. When you set-up a plan with a provider, the templates and information you provide are accurate at that time. But that doesn’t mean it will be years or even months ahead. Communications change frequently because of internal or external reasons. If you don’t keep the content updated, then more disasters may be in store. The communications sent may be incorrect, which could be frustrating to customers. Further, the content could be non-compliant, which is an even bigger problem.
Not Planning for all Types of Risk
When most people think of business continuity, it’s in response to an actual catastrophe like hurricanes, tornadoes, or earthquakes. These scenarios lend themselves to scenes from disaster movies. However, the reality is that large-scale mass destruction isn’t the leading cause of disasters. In fact, natural disasters are a very slim part of causation. The leading cause of disaster recovery is hardware failure at 45% followed by power outages at 35% (which may or not be weather related). Another rising cause is cyber-attacks.
So, while you may be planning for the worst possible scenario with total destruction, it’s a better idea to plan for what will probably happen. Focus on risk mitigation, which includes determining the best way to continue mission-critical communications. There needs to be no break in service, no matter what the challenge might be.
Not Testing Out the Plan
A plan looks perfect on paper. But how will it translate once a real situation occurs? With customer communications, you should work with your vendor to create drills that simulate such an experience. Having a test run identifies weaknesses in your own process and that of your provider. Some businesses keep a constant “test” plan running with their customer communications partner, allowing them to do a small portion of mailings on a monthly basis. This kind of solution also ensures that they always have your most current templates.
Not Considering Compliance
Even if catastrophe strikes, you can’t dismiss compliance. It may be an important factor you haven’t detailed in your plan. There are several steps in the process, and they all have to be carried out compliantly. This includes delivering the personal information to the vendor in the files, the physical printing of such files, and their mailing. Disaster doesn’t exclude you from compliance. Be sure you and your vendor are prepared for compliance in recovery mode.
Identify Oversights in Your DR Program Now
Mistakes have the potential to deeply upset your business continuity protocol. When thinking about how where mistakes may lie, use these suggestions for your assessment. If you find that your DR plans for customer communications are insufficient or that your vendor can’t meet your needs, it’s time to explore new options. To help you get started, download your Disaster Recovery Checklist.