- Skip to main
- Skip to footer
- Board of Directors
- Walmart History
- New Home Office
- Working at Walmart
- Sam's Club
- Location Facts
- Contact Walmart
- Media Library
- Contact Media Relations
- Ethics & Integrity
- Belonging, Diversity, Equity & Inclusion
- ESG Reporting
- Health & Wellness
- Stock Information
- Financial Information
- Corporate Governance
- ESG Investors
- Investor Resources
- Supplier Requirements
- Apply to be a Supplier
- Supplier Inclusion
- Sustainability for Suppliers
- America at Work
- Investing In American Jobs
- Sam's Club Suppliers
- Ask Walmart
Disaster Relief Timeline
- News & PR
Walmart steps up with integrated state planning
- emergency planning
Wal-Mart takes the reins in emergency planning
With Florida in the path of the season's first tropical storm, Wal-Mart Stores Inc. ramped up its emergency operations center yesterday for the kind of disaster relief effort that won it praise for responding faster than the government last year after Hurricane Katrina.
Wal-Mart's emergency management director, Jason Jackson, said that last year's successes raised expectations from the private sector in times of disaster. Because of that, he said, the world's largest retailer would coordinate more closely with government agencies, the American Red Cross, and even business rivals.
Wal-Mart has about 80 stores and one distribution center in the Florida Gulf Coast area that is under a hurricane warning, but there were no plans yesterday afternoon to close any of those facilities, Jackson said. Wal-Mart and other retailers have managers in Florida's state emergency operations center to speed communications. That is part of improved coordination for this year's hurricane season. "The dynamics have shifted," Jackson said in a conference call with reporters.
"In the past, the private sector wasn't really the one tapped or expected to respond, like it did during Hurricane Katrina and Hurricane Rita. "Going into this year, we realized that this would be more maybe of an expectation," he said. "So we wanted to help manage that expectation."
To do that, Wal-Mart has spent recent months talking with federal, state and local government agencies and cooperating with retailers, including Home Depot Inc. and Target Corp., making plans with state emergency managers and retail federations for who can provide what supplies after a storm. Jackson said the issues included "how do we as retailers work together with a state to best leverage the merchandise that's available, sending supplies to locations that need them most?"
Wal-Mart won praise after Katrina for rushing in truckloads of supplies and reopening stores at least partially to provide food, water and supplies. It also led other corporate donors with $15 million in cash and $3 million in supplies to help victims.
If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599.
- Recognising threat - the importance of pre-incident surveillance
- What about Resilience?
- Climate adaptation measures and our BCM approach - a user perspective
- Cyber | There's a good time coming...
- Why only grown-ups should be allowed to use computers.
Industry news and press releases
- National Occupation Standards for Business Continuity - your feedback needed
- Webcast "Introducing the Climate Adaptation Programme"
- Shaping the European Standardisation Roadmap of Crisis Management and Civil Protection
Jobs & Contracts
- Supply Chain
- Professional Development
- Contributor Guidelines
- Editorial Board
- Solution Partner Board
- Ask the Expert
- Intelligence-Led Loss Prevention
- Solutions Showcase
- Press Releases
Powered by Walmart: Building Continuity among Strong Local Retail Businesses around the World
EDITOR’S NOTE: Jay Mealing is senior director of global security for Walmart International. Over his career, he’s held numerous roles in Walmart US and Walmart International. His international perspective focuses on developing local teams to manage the business without outside support while still actively integrating into corporate systems and processes. His specialties include international business integrations, international retail, regulatory compliance, process management, project management, asset protection, and security.
EDITOR: What is your background? MEALING: I’m the typical Walmart Cinderella story. I started in the Garden Center as an hourly associate in 1990 at a store in Columbia, South Carolina. I went into the operational management program shortly thereafter and was in operations in the US for about five years. During that time, I learned the asset protection side of the world and joined the US loss prevention team in 1995. Yes, it was so long ago we still called it loss prevention. After supporting a couple of international trips and helping on some reviews in Mexico and in Puerto Rico, they asked me to join the international division, where I’ve now been for twenty-one years.
My first long-term international stint was in Germany back in 1999 as an asset protection manager. Later the same year, I moved over to Puerto Rico to run the AP/security program, and then toward the end of 2001, I transferred over to our business in Mexico to take on the same responsibilities for WalMex. When I returned to the US in 2005, I decided to step out of my comfort zone and moved over to a new role in international integrations, an area created to help improve the transition of our international acquisitions into the Walmart world. My focus there was governance—how to put in place our global programs focused on protecting our businesses and brand. I wasn’t the subject-matter expert but was tasked with coordinating the implementation of our compliance-based programs. After seven years in that area and the opportunity to work through our acquisitions in Central America, Chile, South Africa, and a couple of other projects, I was asked to come back and lead the LATAM [Latin American] region for international asset protection. And then in 2015, I went back to Mexico for another three-and-a-half years, and I have now been back in the US for about a year. So, yes, it’s been a wild ride and one that I never would have imagined when I walked in the door of that store in South Carolina back in 1990.
Modernizing PoE Networks for Loss Prevention and Physical Security: Familiar vs. Right
EDITOR: Do you have a family, and has your family traveled with you? MEALING: I met Michelle, my wife, when I was in Puerto Rico. We married shortly after I moved to Mexico. Our first child, Maxwell, was born while we were there, so he has dual citizenship. Our second, Myles, was born six years later in Arkansas. It was a full-blown family move when we went back to Mexico on the latest assignment. Michelle is also a Walmart associate in human resources, so we were both working while we were there—a two for one if you will.
EDITOR: What is the overall scope and strategy of your role at Walmart? MEALING: Our overall Walmart International strategy is to utilize our buying power, tools, technology, and subject-matter expertise with the idea of supporting “strong local retail businesses” that are “powered by Walmart.” Finding the best way to fit security into that strategy has been a critical challenge because we’ve never approached the international security business in a powered by Walmart manner. In the past, we simply asked them to keep us aware of any incidents and to let us know if they needed any help. This helped us ensure that there was good talent in the markets but did nothing to support our global programs or leverage what was available.
When I stepped into this role, we started to refocus on automation and governance. How do I provide local businesses with technology that allows them, for example, to capture and research incidents within their markets? How do I get those tools to them leveraging Walmart’s buying power? I want to provide them with tools that help them do their business faster, easier, cheaper, or all the above. But at the same time, I want the ability to go in and run data analytics or measure compliance to our governance programs without having to ask them for it. So our primary strategy is to drive consistency through technology and provide guidance based on intelligence that we’re able to gather from the markets—the age-old concept of thinking globally and acting locally.
EDITOR: When you are working with the retail side in the international group, what specific things are you trying to help them with? MEALING: Primarily technology. I don’t want to tell them how to manage risk assessment within their market. I don’t want to assume that I know the India market better than my Indian counterparts, for example. Our goal is to give them tools that are effective, efficient, and reliable, so they can do it themselves. As we roll out those tools, we also get more consistency.
EDITOR: Give us an example. MEALING: A great example would be our business continuity planning (BCP) tool, which is a platform that was developed in Bentonville. Every single market uses it—retail and nonretail. All our BCP plans are captured inside of this platform. The businesses can manage it, maintain it, and update it. They can run their tabletops and manage all of their communications with it, and we have central visibility to help make sure that everyone is executing as defined by the global standards.
EDITOR: What staff do you have to help you get the job done? MEALING: I have a team around the world. I have a regional manager for Asia, one for EMEA [Europe, the Middle East, and Africa], and another for Latin America. Then I have a small staff in Bentonville that helps manage operational aspects and training, with a heavy focus on the product management side—meaning the platforms and adjustments required to get products and systems integrations into the markets. We also directly manage the global Travel Safe program. On the retail side, each retail market has its own loss prevention security staff organizational chart.
EDITOR: Talk about your successes. What have you implemented that you are most proud of? MEALING: I don’t want to say that these are my successes, but there are things that we have accomplished as a team that I am proud of. One that I’m awfully proud of is our Travel Safe program. The way that we manage, track, and communicate with international travelers and expatriates is very well organized. If an incident occurs in a particular area, we have a smartphone application that will automatically send updates to those working or traveling in that area, as long as they have their location turned on, or because our system is also linked to their travel itineraries, they will receive an email informing them of the situation.
For example, recently a gentleman who was traveling in the UK had a medical emergency. We were able to communicate, contact, and coordinate with him and the local business to ensure that he was taken care of while he was there. With all the disruptions around the world, these tools give us the ability to identify when people are close to high-risk activities or occurrences and communicate with them directly. We’ve helped multiple associates get out of areas that had become less safe in a short period of time.
I mentioned BCP earlier, which is our business continuity planning program. Again, I think what I love about our BCP program is that the only thing we provide from Bentonville is the platform. Beyond that, it is completely up to the markets to determine their critical business needs and their recovery plans. We give them guidance based on other markets, and they manage the specific local needs. It’s a great example of “strong local business.” I don’t try to tell them what systems they must use, and if it goes down, here’s plan B. Those decisions are made by the market, and we provide a platform that helps them capture, manage, maintain, and utilize their own information.
Those are a couple of great examples of the “powered by Walmart” approach, and we are continually looking to expand the strategy for other activities such as incident management and facility security risk management auditing. These are things that everyone already does—we’re just giving them ways to do it better, simpler, and/or in a more digital manner.
EDITOR: Say I’m a buyer for Walmart, and I need to go from Bentonville to Mexico, for example. I assume I don’t just buy a ticket and fly. What is the process? MEALING: It’s completely seamless to the traveler. You book a trip through our travel system, and then you’d get an automated email that basically says, “We see that you’re going to Mexico. Here is everything that you need to understand about the market that you’re traveling to and who to contact if you have any trouble.” And even though we do offer one-on-one discussions for anyone who would like additional information, whether that be additional information about the market or how to download and use the smartphone app, a lot of it is automated simply because we don’t have security staff located everywhere our associates might be traveling from.
We do have some countries that are banned currently, so we will not allow you to travel into certain countries right now, but these are few and far between. And we do have certain countries that we consider “restricted” that require additional scrutiny and communication about traveling into those locations.
You have to remember that our travelers are not just from Bentonville, Arkansas. If I’m telling a Mexican national where he or she shouldn’t go in Mexico, I get a dirty look. So we try to be very mindful about our perceptions of the markets because we are catering to travelers from around the world. We try to avoid saying, “No, you can’t travel there,” because we still have business to conduct. Our focus is to ensure that they understand the risks and to provide guidance on how best to avoid risks and what to do if they need help. We need to enable the business, not hinder it.
EDITOR: Are many or most of your programs duplicated in the US marketplace? MEALING: They are, but you’d be surprised—or maybe you wouldn’t be—that a lot of the things we do in the US could be seen as status quo. Many of the programs and processes utilized in our domestic business have been in place for a long time, and everybody understands them. But the feedback that we’re getting from some of our markets and acquisitions as we expand these programs is, “We understand what you’re going after, but it’s not user friendly. If you want us to adopt it, you better improve it.” This interaction is helping us to improve the tools we all use, so it’s a win-win for the domestic side of the business and international. Just because we are comfortable with an existing system doesn’t necessarily mean it’s the best thing out there.
We’re aiming for consistency, and due to our size, we continue to find duplicate systems or processes, which applies to our US business as well as international. We’re continually looking for the best ways to consolidate and create consistency in what we do while allowing flexibility to the markets. If it’s not relevant to the user, they won’t use it. International and the US security groups have always worked in their own silos, but I see us finally starting to understand things globally. It’s a busy but exciting time.
EDITOR: How do you measure success or outstanding performance? MEALING: It’s defined up front in a list of objectives for the year. What products do we want to get to the markets? What can we provide to make them more effective in protecting our associates or the business? I have little to no control over how many incidents occurred around the world. But did we provide effective intelligence? Did we provide them with simple and effective tools, and are our markets taking advantage of the technology we are offering? You can compare it to any other operational function, similar to shrink, for example. How could anyone truly impact the shrink in Chile if they are in Bentonville? It has to be managed locally. We’re approaching security in the same way. Our success is measured by how effectively we implement processes or tools and how well we train the markets on the utilization.
EDITOR: Since you have such a broad span of control across the whole world, are there certain markets that are more challenging than others? MEALING: The challenges are just different. There is organized retail crime, like in the US, but the other challenges are very distinct market to market. Gang violence, kidnapping, and political unrest seem to be constant in Latin America. In the Middle East, it’s mostly focused on ensuring that our intelligence is effective in keeping our travelers safe. We have a lot of sourcing that takes place in the Middle East, and we don’t want our travelers wandering into higher-risk territories. Risk changes almost overnight in certain countries, so we are constantly monitoring our environments. In China and Japan, the focus is primarily business continuity planning due to the higher risk of natural disasters. We need to ensure that they have effective crisis management plans and emergency response plans in place to get the business back up and running should an incident occur.
EDITOR: Obviously, ORC is a big deal in the United States right now and has been for several years. Do those groups function similarly in other parts of the world, or does it manifest itself differently? MEALING: It’s relatively similar in the UK, Canada, and the US, but there are some scenarios in other markets that are different. ORC in Mexico leans heavily toward credit card fraud, to the point in certain areas of the country that we had to put in additional security because certain organized groups were threatening our store associates. And due to the laws, when we would try to prosecute, the police would say, “Well, you weren’t impacted. It wasn’t a crime against you, so you can’t file charges.”
It’s definitely a challenge when you have to define how to protect your people and your business when you have someone coming into a store and basically saying, “Open up a register for me so that I can use all of these fraudulent credit cards to buy the merchandise that I want.” At one store several years back, they would come in and say, “I don’t even want the merchandise. I’m just going to ring up a bunch of transactions on these cards, and then give me a cash refund.” How do you approach a situation like that?
We had to engage the banks and identify the stores that were targeted more frequently. We had to use federal charges and actually file the complaints through an office in Mexico City, even if the fraudsters were working in another part of the country. And we couldn’t do it without the banks’ support.
When I first got to Mexico, we had multiple cases of people setting up small illegal gambling rings in our parking lots. My first thought was, “Really?” At first, we asked the store manager to run them off. That didn’t work. It became confrontational with threats of violence. We were putting our people at risk, so we had to design a way to manage around those types of circumstances.
Today our managers report these types of situations to our emergency operations center. The EOC then contacts the local or state police in the area, and the authorities then come in and manage it for us. It’s a longer, slower process, but it goes back to how to avoid the conflict. How do I make sure I’m taking care of my customer or my associate and that I’m not putting someone at risk? What we found was that we eliminated the confrontations and typically would keep them off of our property for a lot longer.
Transportation theft is also quite frequent in some of our markets, so we have developed different tracking methods to help us combat the issues. Working with some third parties, we’ve developed routing systems. For example, I get a notification that the truck has an exception if it goes off route and makes an unscheduled stop. When you’re managing thousands of trucks every month, you can’t track them individually. You have to develop ways that help you identify the exceptions and allow your teams to aggressively manage those.
EDITOR: Do you share information or have dialogue about incidents or various applications with other retailers? MEALING: We do a lot with the US Department of State’s Overseas Security Advisory Council (OSAC) and the Latin American Regional Council (LARC). We also do a lot directly with the US Diplomatic Security Service’s regional security offices around the world. A lot of our benchmarking is not necessarily with retailers but with other large multinational companies. We find that we get better information from other multinational companies as there isn’t really another multinational retailer that has the same scope that we do. With that said, our local teams benchmark with the retailers in their respective markets. Security has no ties to trade secrets, so we learn a lot from each other.
EDITOR: Do you have mentors who have helped you along your way in your career? MEALING: Wow. There are too many to count. Everyone from my first store manager to the peers that I work with today, but there are several learnings that I live by. This may sound a bit cliché, but the one who always challenged my thinking or changed my thinking was Doug McMillan, the president and CEO of Walmart Inc. He was the CEO of Walmart International while I was working on integrations. The conversations we had always challenged me to rethink my approach to the business, to think about the steps we need in place before we move forward, before we can do business, before we can comfortably go out there and put ourselves in front of a customer. What are those baselines? What are those compliance issues or systems that we need to have in place before we even have the right to do business? People always want to jump to the end state, but we don’t necessarily map it out the right way or put all the things in place that we need to, and Doug always challenged us to do that.
Another is Barry Nelson, the first operational district manager that I worked with in Savannah, Georgia. I was a new loss prevention district manager at the time, and Barry was a seasoned veteran in the business. He would say to me, “Jay, you don’t speak our language. You’re talking about how many accidents we had. You’re talking about how many pieces of product we lost. You’re talking about how many security guards or cameras you need. You need to speak my language.” What he was teaching me was how to convert everything that we were working on to value, how to talk about the payback instead of the cameras. What’s the investment? How long is that payback going to take? What financial benefit am I going to generate for the company if I spend the money you’re asking for? What is the cost of an accident? How do we tie it all back to the bottom line? And that is another piece that has always stuck with me.
I will use shrink as the example again. Everybody wants to talk about a shrink line, and we did for years. Barry challenged my thought on that. He’d say, “Well, if the shrink line decreases and the markdown line increases, how does that help my bottom line? Let’s quit talking about this shrink stuff and talk about profitability.”
EDITOR: So you’ve approached your business as a businessperson with profit and the customer probably being seen higher on the list than the security aspect. Is that correct? MEALING: In reality, yes. It’s kind of like catching shoplifters. Catching a whole bunch of shoplifters is not necessarily a good thing. It’s better to have the right controls in place so that you don’t have to catch shoplifters. If you focus on that preemptive approach, then it typically turns out better for you in the long run. My approach to thinking about the customer, thinking about those baseline aspects that need to be in place before we do business, thinking about the value aspects of the work that we do—that preemptive work has to be done correctly so that we’re not chasing, but instead working on preventing. There will always be fires that need to be controlled or put out, but that should not be what we do on a daily basis.
EDITOR: With all that travel that you’ve done over the years, do you have a favorite spot where you’ve worked and lived? MEALING: I’ll always love Puerto Rico. Obviously, my wife is from there, but I also love to fish and dive, so Puerto Rico was a pretty good spot. But I also love Mexico. We spent a lot of time on the various coasts of Mexico as well as many of the internal cities in Mexico, the “magic cities” or pueblos magicos as they call them. We really enjoyed our time there.
EDITOR: Is there something we missed that you’d like to talk about related to your job and the contribution you and your people make to the company? MEALING: I obviously couldn’t do it without the team. It’s a very collaborative effort from that perspective, and I don’t want to miss that. I think the other thing that I don’t want to miss is the fact that Walmart has allowed me to do this.
You know, I was a country boy from South Carolina. I guess I’m still a country boy from South Carolina, but Walmart allowed me to make mistakes. They allowed me to try the things that may not work. They’ve given me the flexibility and the trust to go build programs when sometimes we didn’t know what we needed to do. And that says a lot about this company. It says a lot about the leadership and the fact that they allowed me take risks and grow by learning along the way. I didn’t step in with a government security background or expertise. It was Walmart seeing the capacity, seeing the ability, seeing what we could do as a team, that allowed us to get to the level we are today.
EDITOR: You have a fascinating job, Jay. A fascinating job. MEALING: Yeah, it’s a lot of fun. It still amazes me that as long as we’ve been international, there is still so much that we could do, so much that we can improve upon. But we do have some great talent in the markets, and that helps a lot.
Like I said, I get a lot of feedback from the people who are out there with boots on the ground, and they really challenge our thinking for the better. It’s not just coming out of Bentonville, where things are safe. The priorities are completely different to someone in these markets, and we need to have that perspective if we’re going to do it right.
Loss Prevention Magazine updates delivered to your inbox
Get the free daily newsletter read by thousands of loss prevention professionals, security, and retail management from the store level to the c-suite.
Lp people on the move: february 2024, strengthening national infrastructure resilience: a strategy for addressing the evolving challenge..., california attorney general charges orc ringleader for $8m scheme across 21..., webinar: strategies for creating a culture of safety in retail, digital partners.
Become a Digital Partner
Violence in the Workplace
Download this 34-page special report from Loss Prevention Magazine about types and frequency of violent incidents, impacts on employees and customers, effectiveness of tools and training, and much more.
What LP Leaders Need to Know About License Plate Recognition
Webinar: defining and impacting high risk/extreme stores.
View All | Sponsor a Webinar
WHITEPAPER: Elevating Retail Security
Whitepaper: leveraging law enforcement and security measures to combat orc, white paper: how retail loss prevention can fight fraud and reduce shrink.
View All | Submit a Whitepaper
Shopping Center Security Finds Success Through Flock Safety Cameras
Observations of a loss prevention warhorse, key steps to securing self-checkout.
View All | Submit Your Content
Best practices and industry news for loss prevention professionals, security, and retail management from the store level to the c-suite.
Copyright © 2024 Loss Prevention Media. All Rights Reserved.
- Notice at Collection
Stay up-to-date with our free email newsletter
The trusted newsletter for loss prevention professionals, security and retail management. Get the latest news, best practices, technology updates, management tips, career opportunities and more.
An official website of the United States government
The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
- Account settings
- Advanced Search
- Journal List
- Elsevier - PMC COVID-19 Collection
Business continuity in the COVID-19 emergency: A framework of actions undertaken by world-leading companies
a University of Salento, Campus Ecotekne, Via Monteroni s.n., 73100 Lecce (LE), Italy
b Centre for Collaborative Research (CCR), Turku School of Economics, University of Turku, Rehtorinpellonkatu 3, FI-20500 Turku, Finland
The COVID-19 emergency has urged companies to operate in new ways to face supply chain interruptions, shifts in customer demand, and risks to workforce health. The organizational ability to respond to critical contingencies is crucial for business leaders in the perspective of continuing business. In our research, we investigate the actions undertaken by 50 world-leading corporations to respond to the pandemic. Applying content analysis to web pages and social network posts, we extract 77 actions related to 13 sub-areas and integrate these into a five-level framework that encompasses operations, customer, workforce, leadership, and community-related responses. We also describe six illustrative company examples of how the emergency can generate opportunities for creating new value. The study advances the scholarly discussion on the impact of emergencies on business continuity and can help leaders define response strategies and actions in the current challenge.
1. Responding to COVID-19
Since the first months of 2020, the world has experienced an unprecedented health emergency generated by the global diffusion of a novel coronavirus (COVID-19). On March 11, 2020, the World Health Organization (WHO) declared COVID-19 a pandemic and on November 30, 2020, the WHO reported about 62 million confirmed cases and 1.5 million confirmed deaths affecting 220 countries, areas, or territories.
Besides representing extraordinary health and social emergency, the pandemic is also a major threat to companies and the continuity of their business processes. Whereas business continuity represents a strategic organizational capability ( Wong, 2009 ) also associated with resilience ( Parker & Ameen, 2018 ; Sabatino, 2016 ; Sahebjamnia et al., 2015 ; Schätter et al., 2019 ), the literature has specifically discussed the relevance of crisis management for the survival of organizations ( Laufer, 2015 ). A classification effort was also conducted to identify key research themes and trends in crisis management ( Coombs & Laufer, 2018 ) along the different pre-crisis (prevention and preparation), crisis (response), and post-crisis (learning and revision) activities ( Coombs, 2015 ).
The interest in investigating business continuity and a company’s ability to respond to a critical scenario is significantly relevant in the most recent pandemic. The difficult contingency caused by COVID-19 represents an important context to investigate company reactions. The main positioning and research goal of this article is to analyze world-leading organizations and to build a framework of responses realized by those firms to ensure business continuity in the pandemic scenario. Besides analyzing responses aimed to ensure the preservation of current value, we have a secondary focus to discuss how the emergency can generate opportunities for organizations to create new stakeholder value.
After a review of extant approaches on business continuity and organizational resilience in emergency scenarios, we present an in-depth analysis of the responses of the first 50 Fortune Global 500 companies to the COVID-19 emergency as well as a content analysis of web pages and LinkedIn posts of companies dedicated to the pandemic. Then, we discuss how we isolated 77 actions aggregated into a five-level framework that encompasses operations, customers, workforce, leadership, and community-related responses. Finally, we describe six company cases as illustrative examples of organizations attempting to create new business value in the critical scenario.
In recent years, there has been fervent academic interest in organizational responses to critical situations. Today, organizations are forced to build resilience against numerous events that threaten the continuity of their business processes ( Sahebjamnia et al., 2018 ). These include natural events (e.g., earthquakes, hurricanes) and man-made factors such as cyberattacks, geopolitical crises and terrorism (e.g., Castillo, 2005 ; Sheffi, 2001 ), corporate crisis (e.g., Yang & Jiang, 2015 ), and market and supply chain crises (e.g., Chopra & Sodhi, 2014 ; Kleindorfer & Germaine, 2005 ; Sáenz et al., 2018 ; Strandvik et al., 2018 ). A significant stream of literature has studied the problem of planning and foresight for emergency preparedness and management ( Turoff et al., 2013 ).
Organizations strive to cope with emergencies and critical events to keep their reputation, be more resilient, and ensure continuity ( Parker & Ameen, 2018 ; Rezaei Soufi et al., 2019 ). The management of business continuity has evolved since the 1970s as a form of crisis management in response to the different risks that threaten an organization. It is a holistic management process that provides a framework for effective response ( Herbane, 2010 ), and business continuity plans have been developed primarily to minimize the effects of unanticipated events on the firm’s ability to meet customer requirements ( Zsidisin et al., 2005 ).
Scholars and practitioners have introduced several methods to assist organizations in improving business continuity (e.g., Botha & von Solms, 2004 ; British Standards Institution, 2006 ; Gibb & Buchanan, 2006 ; ISO, 2012 ; Lindström et al., 2010 ; López & Ishizaka, 2019 ). Activities include risk and impact evaluation, continuity plan/process design, implementation and measurement, testing, and continuous update of measures ( Cerullo & Cerullo, 2004 ; Pitt & Goyal, 2004 ; Speight, 2011 ). The literature emphasizes compliance with continuity standards ( Freestone & Lee, 2008 ; Tammineedi, 2010 ), risk management ( Nosworthy, 2000 ; Schätter et al., 2019 ), and organizational culture ( Alesi, 2008 ; Rapaport & Kirschenbaum, 2008 ). Typically, the focus has been on ensuring the continuity of a specific business domain such as IT infrastructure ( Bajgoric, 2006 ), supply chain ( Benyoucef & Forzley, 2007 ), or outsourcing ( De Luzuriaga, 2009 ).
With a particular focus on supply chain and business continuity, Zsidisin et al. (2005) highlighted the importance of developing business continuity plans by addressing key concepts such as risk, uncertainty, and exposure. The authors examined how and why firms create business continuity plans to manage this risk and highlighted how various isomorphic pressures left firms with similar risk management practices embedded in their supply management practices. Based on the study of companies operating in different environments, the authors found consistency in their approaches to continuity planning and four interrelated tasks (i.e., awareness, prevention, remediation, and knowledge management) that form a framework for effective continuity planning ( Zsidisin et al., 2005 ).
Whereas business continuity is generically aimed to preserve the value that an organization provides with current activities, with business model innovation the organization is deliberately altering the core elements of its model as a way to develop a new-to-business model ( Bucherer et al., 2012 ; Heikkilä et al., 2018 ; Pohle & Chapman, 2006 ). The integration between business continuity and business model was recently advanced by Niemimaa et al. (2019) , who pointed out that while business continuity focuses on preserving current operations, a crisis could also be a source of new value. Recent research also provided methods for companies to evaluate the components of their business model against future uncertainties ( Bouwman et al., 2018 ; Haaker et al., 2017 ).
There has been an increase in scholarly interest in analyzing the strategic decisions and actions undertaken by companies to respond to a crisis is increasing. Whereas the COVID-19 outbreak has generated a large stream of research contributions focusing on different managerial dimensions, a comprehensive study of company responses along several organizational perspectives has not yet been introduced. We focus on these responses in the following sections.
3. Research process
Our study involves conceptual development work based on the analysis of available web-based information about the responses of leading corporations to the COVID-19 outbreak. Content analysis is a method of studying and analyzing communication in a systematic, objective, and quantitative manner to measure variables ( Wimmer & Dominick, 2000 ). The method can be used in social science to examine patterns in communication systematically. One key advantage of using content analysis to analyze social phenomena is its noninvasive nature in contrast to simulating social experiences or collecting survey answers. Practices of content analysis range from systematic observation of texts or artifacts to which assigned labels indicate the presence of interesting, meaningful content.
Different applications of web content analysis are described in the literature. Jose and Lee (2007) used content analysis based on website disclosures to study the environmental reporting of global corporations. Ting et al. (2013) performed an advanced website evaluation to assess the top 100 hotels. Maatota et al. (2019) used content analysis of storytelling elements and brand archetypes of LinkedIn ad campaigns. McCorkindale (2010) reported on the content analysis of the Fortune 50’s Facebook social networking sites, and Parsons (2013) engaged in content analysis of official Facebook pages to assess how companies would use social media to reach consumers. The methods in these studies include a combination of sample design and preparation, source identification, analysis of content and cases, and synopsis of findings. Along with such macro research activities, our research process included three initial steps, illustrated in Figure 1 .
Steps of the research process
Step 1, Sample design and preparation, is dedicated to identifying the population of companies to include in the study. We looked at big corporations since they are extensively affected by the COVID-19 emergency, and they face challenges at both the local level (e.g., progression of the disease in the local communities) and the global level (e.g., impact on international markets and global logistics). The study of response strategies undertaken by these types of companies is thus more able to address a comprehensive view of the multidimensional challenges generated by a pandemic scenario.
We used the 2019 Fortune Global 500 ranking, an annual ranking of the top 500 corporations worldwide as measured by the level of their revenues. We considered the first 50 companies, which represent a well-diversified group of organizations operating in different continents and countries (e.g., China, France, Germany, Russia, Saudi Arabia, the U.K., the U.S.) and in different industries (e.g., automotive, bank and insurance, energy, food distribution, oil, telecommunication, and utilities). Companies include world-leading players such as Allianz, Amazon, Apple, AT&T, Bank of China, Berkshire Hathaway, BP, Daimler, Gazprom, General Electric, Royal Dutch Shell, Saudi Aramco, Samsung Electronics, Toyota, Verizon, and Walmart. The sources used to collect data are twofold. First, we looked at the corporate websites of companies and particularly the pages dedicated to COVID-19 and the actions undertaken by the organizations to face the pandemic. Second, we analyzed the LinkedIn pages of those organizations with a specific focus on the posts providing information on how organizations are responding to the emergency. The output of the first phase was a worksheet with the list of organizations, along with key demographic data (i.e., home country, industry, and revenues) and the web addresses of COVID-related web pages and the LinkedIn page (main profile) of the company.
Step 2, Analysis of responses and actions , focuses on capturing information on the identified companies in terms of responses to the coronavirus emergency. We studied corporate websites and LinkedIn pages to identify messages, statements, and reports on COVID-19 and on how the companies are responding along multiple perspectives. Overall, we analyzed about 300 web pages and 400 LinkedIn posts, and we annotated relevant information for further analysis and classification.
The content search was aided by the fact that practically all the analyzed organizations have set up web pages specifically dedicated to COVID-19. Concerning the LinkedIn pages, the identification of relevant content was more complex as we needed to go through all the posts from February 2020 to the time of the study (mid-April 2020) to identify information related to the outbreak and the vision and responses of the company. The content analysis process was thus not characterized by a bounded or limited sample of key concepts to be searched. More than using a priori coding schema, we conducted a systematic reading of the corporate web sources and social network messages dedicated to the emergency, and we identified three general categories of information.
First, we coded with “scenario” the general information provided by the company about the pandemic and its impact on the industry and market. The extracted content is mostly derived from the reports of the companies of what is happening in the external environment, and this was used to enhance our understanding of the business-related aspects of the coronavirus outbreak. An illustrative (adapted and anonymized) company statement is: “The COVID-19 is rapidly diffusing in most European countries, and it is creating the conditions for a limitation of flows of people and products. This could strongly impact the logistic and dynamics of our industry.”
Second, we extracted the “strategies”: general policies or approaches defined by companies to react to the outbreak. Here, the strategy refers to how the company sees the crisis and what is its position in responding to the crisis, thus providing a relevant interpretation of where the organization stands and what is the vision ahead. An illustrative statement is: “Our company intends to react firmly to the emergency by following all the indications provided by health authorities and keeping to ensure first of all the health of our workers and customers.”
Finally, we identified “initiatives” (i.e., practical activities assumed by the companies along different areas). This content was the most relevant for our study since it is explicitly related to the actions realized by the organization in response to an emergency. Naturally, the information on scenarios and strategies was relevant to better interpret the purpose and scope of those actions, as one organization illustrated with this statement: “We are extending the service period for most of our products and enhancing our contact center to provide the best service possible to our customers.”
We triangulated content gathered from the websites and social network pages by looking at corporate videos and interviews (mostly delivered by top managers), broadcasts, and other sources available on the web. We collected all relevant information into a spreadsheet for further analysis and generated a long list of initiatives (actions) realized by the 50 companies by doing a high-level consolidation of similar items.
Step 3, “Response framework building,” was aimed to obtain an integrative inventory of organizational responses. After careful analysis of extracted data, we aggregated companies’ actions by deriving a taxonomy of common macro-areas that could group similar items: operations management, customer relationship management, human resource management, leadership and change management, and community management. Most of the initiatives were clearly about one of those groups; only in a few cases were initiatives potentially relevant for two or more categories, and in those cases, we selected the most relevant dimension. We also realized a cross-check of the taxonomy with business continuity methods, approaches, and cases found in the literature. We thus obtained a COVID-19 response model, which is described in the next section.
4. Framework of response actions
This study focuses on two key concepts: business continuity (in crisis and emergency scenarios) and value creation (through business model innovation). We looked at how companies attempted to address the critical challenges caused by the pandemic event through minor or significant process changes while also looking at how business models have been adapted to create new value by leveraging the difficult contingencies.
All the 50 organizations analyzed took coordinated actions to face the COVID-19 emergency. We isolated 77 responses related to 13 sub-areas and five areas of organizational activities: (1) operations and value system; (2) customer experience and support; (3) workforce and human capital; (4) leadership and change management; and (5) community and social engagement. The classification was obtained by aggregating the single responses into homogeneous categories (sub-areas) and then identifying more high-level areas able to include those categories. Figure 2 provides a snapshot of the five areas and the 13 sub-areas of actions undertaken by companies in response to the COVID-19 emergency. All the areas are detailed through the description of the sub-areas and the illustration of the specific actions.
A framework of response actions for COVID-19
4.1. Actions related to operations and value system
The first area of responses is related to the effects of COVID-19 on the management of the companies’ operations and value system ( Table 1 ). In particular, responses can be associated with three sub-areas according to their focus. Some actions are addressed to face the shifts in customer demand and the impact on the supply chain, which has brought companies to identify and measure risks, and to envision a possible future. Most companies analyzed were engaged in assessing the overall impact of the crisis on operations, as well as in defining scenarios of demand and sales evolution, also based on the use of advanced analytics and business intelligence systems. Different companies, such as AmerisourceBergen, have monitored inventory levels and customer purchasing behavior to assess any potential impact on the product supply chain.
Sub-areas and actions related to operations and value system
The second sub-area of actions is related to logistic flows, both inflows of resources and materials and outflows of products and services to customers. In this case, company responses are addressed to enhance digital connectivity across the supply chain while ensuring business-critical resources, processes, and services. Also, the inventory/warehousing and order management processes are being re-engineered to optimize routes and to reduce risks. As an illustrative example, Amazon has reported realizing more than 150 process updates to ensure the reduction of risks and enhance the ability to satisfy prioritized needs.
The third sub-area includes actions related to the continuity of manufacturing processes and/or the conversion of the same to address new market needs or to contribute to the community’s fight against the pandemic. Actions included the conversion of production to deliver protective materials and products, the optimization of production capacity, and the reconfiguration of plants to enhance workforce security. In such a view, companies like General Motors have engaged in the production of protection devices (like face masks) and collaborated with partners to provide pulmonary ventilators. Whereas supply chain management generally includes logistics and manufacturing, we separated the three concepts in our framework. Based on the analyzed responses, we needed to isolate actions generically addressed to assess the supply chain impact of the crisis (thus including an ecosystem view) from more specific actions targeted at redesigning logistic and transformation activities, which are mostly related to an internal view of the organization.
4.2. Actions related to customer experience and support
A large number of response actions found in the study address the impact of COVID-19 on the customer experience and the management of the customer life cycle ( Table 2 ). The first sub-area of actions concerns the customers’ buying experience, including the buying process, with a specific focus on touchpoints and physical interaction with the company. Most organizations have reengineered access to shops and facilities and adopted several prevention measures across all customer touchpoints. Digital channels and contact centers have been enhanced, and customer mobility was assessed and reported. Companies like Walmart have taken actions aimed to limit customer access and flows in shops (e.g., one-door entry), implement sanitation and social distancing, and provide sneeze guards in all stores. Companies have also provided payment relief and financial assistance to customers along with other kinds of support services.
Sub-areas and actions related to customer experience and support
Response actions have included the development of new training for customer teams, new forms of customer outreach and communication, and emotional support to customers. For example, AT&T has provided digital parenting solutions for families. The company’s ScreenReady site shares digital parenting tips and resources to help families stay connected, learning, and entertained at home during the coronavirus. Finally, several actions are addressed to respond to the marketing impact of COVID-19. Responses included the redefinition of brand strategies and the design of new purposeful payoffs, logos, and marketing messages. In this regard, Volkswagen and Audi have temporarily modified their well-known logos to communicate the importance of practicing social distancing.
4.3. Actions related to workforce and human capital
The third response area ensures the well-being of the workforce and to reducing the negative effects of the outbreak while creating the conditions for enhancing the human capital of the organization ( Table 3 ). First, actions aim to ensure the safety of workplaces (e.g., offices, shops, facilities) by activating infection prevention measures. Responses include the definition of procedures for workplace hygiene and sanitization, rules for office layout and usage, the launch of employee-dedicated COVID-19 information portals, and the sharing of norms for physical interaction and employee tracking. For example, Hon Hai Precision Industry has used infrared scanning, severe social distancing measures in the workplace, and QR codes for employee tracking.
Sub-areas and actions related to workforce and human capital
Second, responses seek to support employee productivity, although in a smart and remote configuration. Organizations have taken actions to cope with employee infodemic (i.e., an overload of information, both online and offline) and disinformation, and they have defined criteria for workplace rotation, remote access, and competence development. As is the case with many other organizations, Trafigura Group has activated a social-spacing policy, including for office-based employees working from home. Finally, some actions focus on monitoring and managing cases of exposed and infected employees, defining leave and return-to-work procedures, and ensuring health assistance and psychological support. For example, Costco Wholesale has activated premium pay and paid time off for higher-risk employees and ensured the availability of protective masks and symptom screenings for employees and managers.
4.4. Actions related to leadership and change management
The fourth area of responses to face the COVID-19 emergency concerns actions focused on managing the current emergency while preparing the organization for the future ( Table 4 ). First, analyzed actions include the definition of a response plan and a dedicated management team, the creation of an emergency coordination task force, and the undertaking of stress tests to assess the working capital and resource preparedness of the organization. Verizon Communications has gathered purposeful senior crisis leadership and response teams able to face the emergency by identifying proper strategies and actions. Second, responses include the alignment of business leaders in terms of the organization’s strategy against the emergency, the definition of a portfolio of post-emergency actions and value-creation opportunities, and efforts to maintain the trust of people. For example, companies such as Honda Motors have put extra effort into their marketing and social media presence to enhance positive communication and encouragement for customers and the larger community.
Sub-areas and actions related to leadership and change management
4.5. Actions related to community and social engagement
The response area is related to the interaction of the organization with external stakeholders, both to contribute tangibly to fight the pandemic and by sharing knowledge useful to support first responders and the whole community ( Table 5 ). The first sub-area relates to money donations, financial support, and the provision of resources and products (e.g., protection masks, ventilators) to fight the pandemic. Actions include the provision of special discounts and gift programs to responders/helpers, contributions to open innovation initiatives by disclosing knowledge and intellectual property, and support to research entities. For example, BP has provided donations, free fuel, free delivery of food, and convenience goods to customers and partners.
Sub-areas and actions related to community and social engagement
Second, actions are addressed to ensure coordination with agencies and institutions and to share best practices and organizational experience, which can be useful for the community. Initiatives include the sharing of critical information and response tactics with responders, as well as the strengthening of public and private collaborations to define more effective response strategies. For example, Alphabet (the holding company including Google) is strongly engaged in assisting educational institutions with content, tools, and distance learning, and it has planned to launch a national platform to educate the community on coronavirus.
In this section, we have presented a comprehensive inventory of 77 response actions undertaken by 50 big corporations to the COVID-19 emergency, and we have aggregated the actions into a five-level business continuity framework. The next section discusses how the current emergency can also generate opportunities for creating new value.
5. Creating value beyond the crisis
5.1. drivers of value creation.
The literature on company behavior during recessions shows how companies can survive and even profit by modifying their marketing strategy ( Köksal & Özgül, 2007 ), increasing the R&D budget ( Laperche et al., 2011 ), investing in innovation ( Archibugi et al., 2013 ; Paunov, 2012 ), and enhancing their corporate governance ( Villanueva-Villar et al., 2016 ). The business crisis generated by the COVID-19 outbreak has also generated opportunities for organizations to go beyond simple business continuity and the preservation of current value.
A combination of transforming customer and supply chain trends and the necessary redesign of corporate processes has indeed stimulated the redefinition of strategies and actions able to generate new business value. Whereas some of the responses provided by organizations to the COVID-19 are mostly reactions critical for survival (e.g., protection of employee safety), others can be considered more transformational actions. These are aimed at developing new capabilities to respond to the current challenges while looking at the challenges as opportunities for future growth (e.g., digital health assistance and smart working).
We proceeded with a more in-depth analysis of our research data to identify interesting examples of initiatives, processes, or projects where the organizations are creating new value from a medium- and long-term perspective. Whereas new value can be generated by leveraging each element in the response framework ( Figure 2 ), the innovation potential seems to be related especially to three elements: (1) new products/services to address new customer needs; (2) improvement of virtual interaction and integration with customers; and (3) an enhanced image of the corporation as a socially responsible and community-oriented organization. Next, we illustrate these three value-creation avenues by providing six company examples.
Toyota started to face the COVID-19 emergency soon after its president announced the transformation of the company’s business model for the CASE era (Connected, Autonomous, Shared, Electric) and the evolution of the organization toward a mobility company that provides resources and services for a connected city. Whereas the company has decreased its production due to COVID-19, Toyota has maintained employment and increased investment in the R&D of electric cars. It was able to create new customer-related value by introducing new car models to the market and by improving virtual interaction with customers who can explore and make purchases in virtual showrooms via WhatsApp video, Facebook Live, web chat, or phone. The company has adopted a product- and customer-centric view, which looks at the after-emergency in terms of new societal and market needs. Toyota has provided value to the community by full-scale production of medical devices and by offering Japan Taxi models to transport patients with mild symptoms. Also, the company has cooperated in the production of equipment such as makeshift beds for hospitals, disinfectant containers, and simple partition walls for use at medical facilities.
BP has robust business continuity plans in place to make sure that the company can supply energy, fuel, and vital petrochemical feedstocks uninterrupted. In retail sites, BP has increased cleaning procedures and encouraged customers to practice social distancing while also taking precautionary measures such as removing the sale of open food products. BP has also undertaken socially responsible initiatives by supporting governments and partners with donations and free fuel to emergency services vehicles, such as ambulances and helicopters. Working with the U.S. government, leading universities, and high-tech companies, BP’s Center for High-Performance Computing has been used for research on COVID-19. These new collaborations have provided the basis for strategic renewal and a new paradigm of extended collaboration (with countries, cities, and industries) aimed at creating new value.
Amazon has updated 150 processes, from social distancing measures to new efforts like disinfectant spraying and temperature checks. It established a $25 million relief fund for its partners (e.g., delivery drivers) facing financial hardship or quarantine. To address increased customer demand , the company has focused on fast delivery of high-priority items, such as household staples and medical supplies. Amazon has provided the option of unattended delivery and defined a system to prevent price gouging. The company has also addressed the needs of customers and looked at the current situation as an opportunity to create value with new services. To help communities around the world, Amazon has made donations and provided work to 175,000 additional people. Finally, it launched a global initiative with participation from 35 global research institutions, startups, and businesses to accelerate COVID-19 diagnostics, research, and testing.
The change in insurance firm AXA’s business profile due to the pandemic has been notable. The company started providing its customers with apps for video medical consulting and new processes for online incident communication. It has also reached new customer segments. For example, AXA collaborated with the Accor hotel chain, which offered its customers free access to AXA’s medical teleconsultations from hotel rooms. Moreover, AXA has invested heavily in R&D. It provided €5 million for research to develop responses to infectious diseases, and notably to COVID-19, including the building of post-crisis solutions. The company has also supported the COVID-19 task force launched by the Institut Pasteur to develop new diagnostic tools and treatments. AXA supported an open research initiative in which a digital platform brings together engineers, practitioners, and researchers collaborating to design, test, and provide efficient emergency solutions.
The drug wholesale company AmerisourceBergen has increased inventory on items related to COVID-19 treatment and supportive care. The company has business continuity plans that include monitoring inventory levels and customer purchasing behavior for any potential impact on the product supply chain. General Electric, and in particular GE Healthcare, developed a new product, the Venue Go ultrasound system, which includes an artificial intelligence feature, the auto B-lines tool, that highlights and counts B-lines, which may signal COVID-19. The tool provides a lung diagram and generates a lung ultrasound score that helps clinicians to follow the progression of the lung condition in patients as they fight the virus.
6.1. highlights and contribution.
This study has contributed to the extant business continuity literature by introducing an empirically derived inventory of response actions taken by leading companies during the COVID-19 crisis. The framework includes five dimensions, which are divided further into sub-areas and actions that address operational aspects affected by the outbreak. The dimensions range from internal operations to supply chain management, from human resources and leadership to relations with customers and stakeholders. We also include a community and social engagement perspective, which is not typically considered in the business model literature (e.g., Osterwalder & Pigneur, 2010 ). This finding shows that, at least in exceptional circumstances, the relations between a company and its local community are an important part of the company’s activities and value-creation potential.
Although many articles have depicted company responses to critical emergencies (e.g., Alesi, 2008 ; Castillo, 2005 ), we contributed with a comprehensive and evidence-based analysis of actual responses by large organizations to face the pandemic. Additionally, whereas emergency and business continuity studies have focused on general and crisis-independent activities such as risks and impact evaluation, continuity plan/process design, implementation, and measurement (e.g., Cerullo & Cerullo, 2004 ; Pitt & Goyal, 2004 ; Speight, 2011 ), we identified specific fine-grained actions aimed to ensure the continuity of business operations over a large spectrum of management dimensions.
Finally, the contribution of our study may be found in the integration between business continuity and business model innovation for value creation ( Bouwman et al., 2018 ; Foster & Dye, 2005 ; Haaker et al., 2017 ; Niemimaa et al., 2019 ). All large corporations have acted to ensure the continuity of their current business operations. However, as our illustrative cases show, some companies are also able to create new value by reaching current and new customers via digital channels, redirecting more resources from current operations to R&D activities, or increasing the companies’ social responsibility and involvement with their local communities.
6.2. Managerial insights
Some insights can be derived that could be useful for application in other companies dealing with the consequences of COVID-19 or thinking about improving their response strategies for future (likely although undesired) events. In the area of emergency management and crisis response, key success factors have been discussed in the literature, including adaptability, agility, communication, coordination, leadership, and technology application (e.g., Harrald, 2006 ; Zhou et al., 2017 ). We found these aspects in the investigated companies and their responses to the crisis and used them to formulate four main recommendations.
- 1. Companies have been urged to develop an immediate reaction to the operational breakdown and the risks of infection within and outside the organization. Successful answers have been based on the implementation of agile business processes (which has involved redesign or adaptation of existing activities) and the use of digital technologies as key enablers.
- 2. Most organizations have been forced to rely on available crisis management capabilities and financial and technical assets useful to face and overcome the emergency. Successful responses thus have also been based on the existence of technical reserves useful to ensure the sustainability of operations in the transition phase and to support smooth adaptation of the organization to the changing business situation.
- 3. Organizations have developed a real-time awareness of the impact of the pandemic through advanced data gathering and monitoring capabilities. Successful responses have been based on the adoption of effective business analytics methods and tools that support information-rich communication and leadership.
- 4. Organizations have been challenged with risks of declining sales due to switching customer needs and demand. Successful responses have included the creation of diversified and modular product/service portfolios and adaptable business models that can support a faster recovery.
7. Concluding remarks
In this study, we investigated the responses of 50 world-leading companies to the COVID-19 emergency, and we integrated the responses into a descriptive framework. To the best of our knowledge, this study is the most extended attempt to build an inventory of real actions undertaken by large companies to deal with a common global emergency.
The research is not without limitations. First, business continuity has been historically associated with medium and large corporations, and our research also focused on big organizations. However, the concepts of business continuity and resilience against emergencies should be extended to small organizations, which face the crisis generated by the pandemic along different and equally significant dimensions. Second, we used data available online (web pages and social network posts), which is the information shared by organizations about their responses to COVID-19. However, such public information is not necessarily able to describe the policies defined and actions undertaken by the companies comprehensively. At the same time, corporate communications messages conveyed through public outlets like websites and social network posts may be biased as possibly self-serving statements, which might not represent the situation with either accuracy or comprehensiveness. Access to real company knowledge and objective analytical reports, where possible, would thus allow researchers to strengthen the model by adding more fine-grained actions implemented by managers.
- Alesi P. Building enterprise-wide resilience by integrating business continuity capability into day-to-day business culture and technology. Journal of Business Continuity and Emergency Planning. 2008; 2 (3):214–220. [ PubMed ] [ Google Scholar ]
- Archibugi D., Filippetti A., Frenz M. Economic crisis and innovation: Is destruction prevailing over accumulation? Research Policy. 2013; 42 (2):303–314. [ Google Scholar ]
- Bajgoric N. Information technologies for business continuity: An implementation framework. Information Management and Computer Security. 2006; 14 (5):450–466. [ Google Scholar ]
- Benyoucef M., Forzley S. Business continuity planning and supply chain management. Supply Chain Forum. 2007; 8 (2):14–22. [ Google Scholar ]
- Botha J., von Solms R. A cyclic approach to business continuity planning. Information Management and Computer Security. 2004; 12 (4):328–337. [ Google Scholar ]
- Bouwman H., Heikkilä J., Heikkilä M., Leopold C., Haaker T. Achieving agility using business model stress testing. Electronic Markets. 2018; 28 :149–162. [ Google Scholar ]
- British Standards Institution . BSI; London, UK: 2006. Societal security—business continuity management systems — requirements – Part 1: Code of practice. [ Google Scholar ]
- Bucherer E., Eisert U., Gassmann O. Towards systematic business model innovation: Lessons from product innovation management. Creativity and Innovation Management. 2012; 21 (2):183–198. [ Google Scholar ]
- Castillo C. Disaster preparedness and business continuity planning at Boeing: An integrated model. Journal of Facilities Management. 2005; 3 (3):8–26. [ Google Scholar ]
- Cerullo V., Cerullo M.J. Business continuity planning: A comprehensive approach. Information Systems Management. 2004; 21 (3):70–78. [ Google Scholar ]
- Chopra S., Sodhi M.S. Reducing the risk of supply chain disruptions. MIT Sloan Management Review. 2014; 55 (3):73–80. [ Google Scholar ]
- Coombs W.T. 4 th ed. Sage; Thousand Oaks, CA: 2015. Ongoing crisis communication. [ Google Scholar ]
- Coombs W.T., Laufer D. Global crisis management: Current research and future directions. Journal of International Management. 2018; 24 (3):199–203. [ Google Scholar ]
- De Luzuriaga J. Ensuring business continuity for business process outsourcing companies. Journal of Business Continuity and Emergency Planning. 2009; 3 (4):312–316. [ Google Scholar ]
- Foster S.P., Dye K. Building continuity into strategy. Journal of Corporate Real Estate. 2005; 7 (2):105–119. [ Google Scholar ]
- Freestone M., Lee M. Planning for and surviving a BCM audit. Journal of Business Continuity and Emergency Planning. 2008; 2 (2):138–151. [ PubMed ] [ Google Scholar ]
- Gibb F., Buchanan S. A framework for business continuity management. International Journal of Information Management. 2006; 26 (2):128–141. [ Google Scholar ]
- Haaker T., Bouwman H., Janssen W., de Reuver M. Business model stress testing: A practical approach to test the robustness of a business model. Futures. 2017; 89 :14–25. [ Google Scholar ]
- Harrald J.R. Agility and discipline: Critical success factors for disaster response. The Annals of the American Academy of Political and Social Science. 2006; 604 (1):256–272. [ Google Scholar ]
- Heikkilä M., Bouwman H., Heikkilä J. From strategic goals to business model innovation paths: An exploratory study. Journal of Small Business and Enterprise Development. 2018; 25 (1):107–128. [ Google Scholar ]
- Herbane B. The evolution of business continuity management: A historical review of practices and drivers. Business History. 2010; 52 (6):978–1002. [ Google Scholar ]
- ISO . 2012. ISO 22301:2012: Societal security—business continuity management systems—Requirements. https://www.iso.org/standard/50038.html Available at. [ Google Scholar ]
- Jose A., Lee S.M. Environmental reporting of global corporations: A content analysis based on website disclosures. Journal of Business Ethics. 2007; 72 (4):307–321. [ Google Scholar ]
- Kleindorfer P.R., Germaine S.H. Managing disruption risks in supply chains. Production and Operations Management. 2005; 14 :53–68. [ Google Scholar ]
- Köksal M.H., Özgül E. The relationship between marketing strategies and performance in an economic crisis. Marketing Intelligence and Planning. 2007; 25 (4):326–342. [ Google Scholar ]
- Laperche B., Lefebvre G., Langlet D. Innovation strategies of industrial groups in the global crisis: Rationalization and new paths. Technological Forecasting and Social Change. 2011; 78 (8):1319–1331. [ Google Scholar ]
- Laufer D. Emerging issues in crisis management. Business Horizons. 2015; 2 (58):137–139. [ Google Scholar ]
- Lindström J., Samuelsson S., Hägerfors A. Business continuity planning methodology. Disaster Prevention and Management. 2010; 19 (2):243–255. [ Google Scholar ]
- López C., Ishizaka A. A hybrid FCM-AHP approach to predict impacts of offshore outsourcing location decisions on supply chain resilience. Journal of Business Research. 2019; 103 :495–507. [ Google Scholar ]
- Maatota F.T., Lapian J.S., Tielung M.V. Content analysis of storytelling elements and brand archetype of LinkedIn ad campaign. Jurnal EMBA: Jurnal Riset Ekonomi, Manajemen, Bisnis dan Akuntansi. 2019; 7 (4):5643–5652. [ Google Scholar ]
- McCorkindale T. Can you see the writing on my wall? A content analysis of the Fortune 50’s Facebook social networking sites. Public Relations Journal. 2010; 4 (3):1–13. [ Google Scholar ]
- Niemimaa M., Järveläinen J., Heikkilä M., Heikkilä J. Business continuity of business models: Evaluating the resilience of business models for contingencies. International Journal of Information Management. 2019; 49 :208–216. [ Google Scholar ]
- Nosworthy J.D. A practical risk analysis approach: Managing BCM risk. Computers and Security. 2000; 19 (7):596–614. [ Google Scholar ]
- Osterwalder A., Pigneur Y. John Wiley & Sons; Hoboken, NJ: 2010. Business model generation: A handbook for visionaries, game changers, and challengers. [ Google Scholar ]
- Parker H., Ameen K. The role of resilience capabilities in shaping how firms respond to disruptions. Journal of Business Research. 2018; 88 :535–541. [ Google Scholar ]
- Parsons A. Using social media to reach consumers: A content analysis of official Facebook pages. Academy of Marketing Studies Journal. 2013; 17 (2):27–36. [ Google Scholar ]
- Paunov C. The global crisis and firms’ investments in innovation. Research Policy. 2012; 41 (1):24–35. [ Google Scholar ]
- Pitt M., Goyal S. Business continuity planning as a facilities management tool. Facilities. 2004; 22 (3/4):87–99. [ Google Scholar ]
- Pohle G., Chapman M. IBM’s global CEO report 2006: Business model innovation matters. Strategy and Leadership. 2006; 34 (5):34–40. [ Google Scholar ]
- Rapaport C., Kirschenbaum A. Business continuity as an adaptive social process. International Journal of Emergency Management. 2008; 5 (3/4):338–347. [ Google Scholar ]
- Rezaei Soufi H., Torabi S., Sahebjamnia N. Developing a novel quantitative framework for business continuity planning. International Journal of Production Research. 2019; 57 (3):779–800. [ Google Scholar ]
- Sabatino M. Economic crisis and resilience: Resilient capacity and competitiveness of the enterprises. Journal of Business Research. 2016; 69 (5):1924–1927. [ Google Scholar ]
- Sáenz M.J., Revilla E., Acero B. Aligning supply chain design for boosting resilience. Business Horizons. 2018; 61 (3):443–452. [ Google Scholar ]
- Sahebjamnia N., Torabi S.A., Mansouri S.A. Integrated business continuity and disaster recovery planning: Towards organizational resilience. European Journal of Operational Research. 2015; 242 (1):261–273. [ Google Scholar ]
- Sahebjamnia N., Torabi S.A., Mansouri S.A. Building organizational resilience in the face of multiple disruptions. International Journal of Production Economics. 2018; 197 :63–83. [ Google Scholar ]
- Schätter F., Hansen O., Wiens M., Schultmann F. A decision support methodology for a disaster-caused business continuity management. Decision Support Systems. 2019; 118 :10–20. [ Google Scholar ]
- Sheffi Y. Supply chain management under the threat of international terrorism. International Journal of Logistics Management. 2001; 12 (2):1–11. [ Google Scholar ]
- Speight P. Business continuity. Journal of Applied Security Research. 2011; 6 (4):529–554. [ Google Scholar ]
- Strandvik T., Holmlund M., Lähteenmäki I. One of these days, things are going to change! How do you make sense of market disruption? Business Horizons. 2018; 61 (3):477–486. [ Google Scholar ]
- Tammineedi R.L. Business continuity management: A standards-based approach. Information Security Journal: A Global Perspective. 2010; 19 (1):36–50. [ Google Scholar ]
- Ting P.H., Wang S.T., Bau D.Y., Chiang M.L. Website evaluation of the top 100 hotels using advanced content analysis and eMICA model. Cornell Hospitality Quarterly. 2013; 54 (3):284–293. [ Google Scholar ]
- Turoff M., Hiltz S.R., Bañuls V.A., Van Den Eede G. Multiple perspectives on planning for emergencies: An introduction to the special issue on planning and foresight for emergency preparedness and management. Technological Forecasting and Social Change. 2013; 80 (9):1647–1656. [ Google Scholar ]
- Villanueva-Villar M., Rivo-López E., Lago-Penas S. On the relationship between corporate governance and value creation in an economic crisis: Empirical evidence for the Spanish case. BRQ Business Research Quarterly. 2016; 19 (4):233–245. [ Google Scholar ]
- Wimmer D.D., Dominick J.R. Wadsworth Publishing Company; Belmont, CA: 2000. Mass media research: An introduction. [ Google Scholar ]
- Wong W.N.Z. The strategic skills of business continuity managers: Putting business continuity management into corporate long-term planning. Journal of Business Continuity and Emergency Planning. 2009; 4 (1):62–68. [ PubMed ] [ Google Scholar ]
- Yang Z., Jiang L.A. Managing corporate crisis in China: Sentiment, reason, and law. Business Horizons. 2015; 58 (2):193–201. [ Google Scholar ]
- Zhou X., Shi Y., Deng X., Deng Y. D-DEMATEL: A new method to identify critical success factors in emergency management. Safety Science. 2017; 91 :93–104. [ Google Scholar ]
- Zsidisin G.A., Melnyk S.A., Ragatz G.L. An institutional theory perspective of business continuity planning for purchasing and supply management. International Journal of Production Research. 2005; 43 (16):3401–3420. [ Google Scholar ]
- English (US)
- Client Login
- Become a Partner
Business continuity planning for the retail industry
Business Continuity in the Retail Industry
Enduring the COVID-19 pandemic has highlighted a unique opportunity for businesses in the retail industry to reshape how they operate. With dramatic shifts in consumer behavior and an increased reliance on digital services, retailers had to look for innovative ways to adapt to the current reality.
In addition to developing new modes of business, retailers must make every effort to protect their newly minted operations should another major disruption take place.
When a critical event occurs, a Business Continuity Plan (BCP) documents the procedures and resources each department within an organization will use to keep the business impact to a minimum. Leadership teams and employees on-the-ground need to be armed with the proper plans and standardized instruction in order to keep people safe, facilities secure, and operations running. The result of this is a minimally interrupted business and enhanced customer satisfaction.
A BCP is vital for the retail sector for several reasons. Having multiple locations extending across regions, states, or even the globe makes retailers vulnerable to various kinds of physical threats such as crime or severe weather. And, with more and more retailers relying on their web presence , increased cyber threats can lead to costly downtime. Furthermore, retailers are highly dependent on supply chains – even a small disruption can snowball into serious lost business revenue and diminished brand image.
When a critical event threatens to disrupt business continuity, having a retail crisis management plan in place enables businesses to seamlessly deliver their goods and services and maintain customer satisfaction.
Top Threats to Business Continuity in Retail
When considering how to best protect a retail business and maintain business continuity, it is important to consider the top threats the retail industry faces:
- Interruption of shipping services
- Loss or illness of key staff
- Product recalls
- Severe weather
- Supply chain disruptions
- Utility outages
These threats have the potential to involve multiple areas across a business, regardless of titles, teams, or departments. When a critical event occurs, the responsibility of response may land on anyone from a local facility manager to the CSO.
Putting a standardized and actionable BCP in the pocket of every employee, manager, and executive empowers every employee to respond to threats in the most efficient and effective manner. This enables faster remediation, and in some cases prevention, of critical events.
What Should a Retail Business Continuity Plan Include?
A retail BCP should focus on the following essential aspects of business:
Customers are arguably the most critical aspect of any BCP. Retailers should begin a BCP by asking themselves how they are going to best serve their customers in the face of disruption. This question can act as a guiding light for what an organization’s retail crisis management plan needs to prioritize.
For example, transparent communication can increase customer satisfaction during a crisis. Planning to leverage the proper communication tools throughout the lifespan of a disruption allows retailers to guide customers through the situation with grace. Perhaps order statuses need to be amended or alerts of an outage need to be shared. Regardless of the situation, prioritizing the customer experience is a key component to any successful retail BCP.
A BCP for retail must address the safety and security of employees during a crisis. Not only does this help employees feel valued but ensures they are able to respond appropriately in any given crisis.
A successful retail crisis management plan should outline:
- Which employees and/or stakeholders need be alerted depending on the type and location of a critical event
- Workflows to determine which employees are available for response
- Detailed instructions for employees to keep themselves safe and operations running
- How communication will flow to ensure transparency during an event
Inventory, Shipping, & Suppliers
The COVID-19 pandemic was a perfect example of how retailers should operate with the assumption that at some point inventory, shipping, and supply chain will be disrupted by a critical event. For example, as lockdowns were announced across the country every household tried to buy staple products, such as toilet paper and flour, at the same time. This resulted in massive demands on suppliers to scale their operations quickly, and many could not keep up.
A BCP should include secondary options in the case of increased demand, like in the example above, as well as for inventory recalls, alternative shipping partners, and viable re-routes for disrupted supply chain. Having these alternatives to quickly rely on eliminates stagnation and keeps business moving, even if at a reduced speed. This frees up time to focus on getting back to normal business operations.
“Since adopting Everbridge, Lowes has reduced the average outage duration for IT Service Desk by 33% and that is a huge win. This leads to better user experience, customer loyalty, and positive gains for Lowes.”
– Chris Meadows, Sr. Director IT Service Desk & End User Computing
Benefits of Business Continuity Planning in Retail
1. Keep Business Operations Running
When a business can continue running in the face of disaster, even if at reduced capacity, it can drastically minimize lost business. Also, being able to maintain operations paints a business as prepared, committed, and trustworthy to both employees and customers alike.
2. Maintain Your Supply Chain
Disruptions are going to occur – it is not an if, but a when. Having documented alternatives that get your products and/or services delivered when disruptions occur is vital to the success of business.
3. Build Customer Confidence and Trust
Having a plan that outlines proper communications with customers leads to increased transparency and trust. Additionally, having a BCP only serves to return operations to normal and lessen, or ideally eliminate, the impact felt by customers.
4. Reduce Financial Risk
According to Gartner, the cost of IT downtime is an astounding $300,000 per hour on average. However, according to IBM, “companies that prioritize business continuity management can achieve an average savings of $5,703 per day — or total incremental cost savings of $467,657 — through the containment phase of a data breach response.” As IT downtime only represents one type of critical event, it is evident that prioritizing business continuity planning is worthwhile.
5. Stay Ahead of Competition
When a critical event occurs, retailers become highly vulnerable to customers selecting alternative vendors. Not only do disruptions that impact customer experience result in current customer loss but also tarnish the brand image for potential customers as well. Deloitte states, “Customers tell an average of nine people about a positive experience with a brand, but they tell 16 people about a negative experience. Proper planning allows retailers to offer superior experiences – keeping current customers satisfied while attracting future customers.
Best Practices in Business Continuity Planning in Retail
When your organization begins to develop its own BCP, it helps to have an outline of best practices from which to guide the process:
- Identify critical pain points and risks
- Involve all departments in discussion
- Integrate with proper training and testing
- Automate where possible
- Make sure the plan is adaptable and scalable
Everbridge can help retailers successfully achieve business continuity. For instance, Everbridge has the tools that can allow your BCP to be accessed on-the-go, as well as the means to enact a BCP easily and effectively.
Success is Preparation
For retailers today, business continuity planning is essential for success. It pays to be prepared, as disruptions are costly. There is not a one-size fits all approach to ensuring business continuity, so it is important to create a plan that is specific to your organization’s needs.
Learn how Everbridge can help by scheduling a demo today.
Discover Everbridge’s leadership in resilience and why it matters today’s retail industry. Learn More
Lowes Reduces Down Time by 32%
DRJ Spring 2024
Everbridge is exhibiting at DRJ Spring 2024 from March 17 - 20 at Booth #400/402. Catch our critical event management solutions in action. Schedule a demo with our experts today.
Calculate your organization’s potential ROI
Get an ROI estimate with 4 simple inputs. Our commissioned Forrester ROI calculator can generate a fully customized report revealing quantifiable benefits that Everbridge CEM...
The Forrester WaveTM: Critical event management platforms, Q4 2023
Named a leader, our unified platform achieved the highest score possible in 15 criteria including orchestration and automation, according to Forrester’s report.
See us in action
Request a demo or just call us at 888-366-4911
What Is A Business Continuity Plan? [+ Template & Examples]
Published: December 30, 2022
When a business crisis occurs, the last thing you want to do is panic.
The second-to-last thing you want to do is be unprepared. Crises typically arise without warning. While you shouldn't start every day expecting the worst, you should be relatively prepared for anything to happen.
A business crisis can cost your company a lot of money and ruin your reputation if you don't have a business continuity plan in place. Customers aren't very forgiving, especially when a crisis is influenced by accidents within the company or other preventable mistakes. If you want your company to be able to maintain its business continuity in the face of a crisis, then you'll need to come up with this type of plan to uphold its essential functions.
In this post, we'll explain what a business continuity plan is, give examples of scenarios that would require a business continuity plan, and provide a template that you can use to create a well-rounded program for your business.
Table of Contents:
What is a business continuity plan?
- Business Continuity Types
- Business Continuity vs Disaster Recovery
Business Continuity Plan Template
How to write a business continuity plan.
- Business Continuity Examples
A business continuity plan outlines directions and procedures that your company will follow when faced with a crisis. These plans include business procedures, names of assets and partners, human resource functions, and other helpful information that can help maintain your brand's relationships with relevant stakeholders. The goal of a business continuity plan is to handle anything from minor disruptions to full-blown threats.
For example, one crisis that your business may have to respond to is a severe snowstorm. Your team may be wondering, "If a snowstorm disrupted our supply chain, how would we resume business?" Planning contingencies ahead of time for situations like these can help your business stay afloat when you're faced with an unavoidable crisis.
When you think about business continuity in terms of the essential functions your business requires to operate, you can begin to mitigate and plan for specific risks within those functions.
Crisis Communication and Management Kit
Manage, plan for, and communicate during your corporate crises with these crisis management plan templates.
- Free Crisis Management Plan Template
- 12 Crisis Communication Templates
- Post-Crisis Performance Grading Template
- Additional Crisis Best Management Practices
You're all set!
Click this link to access this resource at any time.
Business Continuity Planning
Business continuity planning is the process of creating a plan to address a crisis. When writing out a business continuity plan, it's important to consider the variety of crises that could potentially affect the company and prepare a resolution for each.
1. Select a business continuity team.
Before you begin strategizing, assemble a management team to be in charge. The job of crafting a business continuity plan isn't a light one, so this group should include people who are detail-oriented and organized. Some of the roles on the team are:
- Executive manager: This is the person who leads the writing process and is the link between company executives and the rest of the business continuity team.
- Program coordinator: This is the team leader who coordinates all activities related to the plan, such as budgeting and development of recovery procedures.
- Information officer: This person is responsible for accessing and sharing data related to the business continuity plan.
2. Define plan objectives.
What are you trying to achieve with this plan? It's important to know the end goal, whether it be resuming business processes as normal or improving the organization's reputation. When laying out the objectives, you should also consider your budget to get a sense of the resources that you're going to be working with.
3. Schedule interviews with key players in your departments.
Executives and upper management have a great bird's eye view of an organization, but business continuity issues happen at all levels of an organization. For an analysis that's truly comprehensive (and, in effect, valuable), you'll want to interview key team members in various departments of your organization.
Choose individuals who know the ins and outs of their department's operations and understand the importance of its functionality within the grander scheme of the organization. You can ask questions such as:
- What are your top 5 most important processes?
- What systems or applications are needed to support your operations?
- How does [X department] depend on your work in this area?
- In your opinion, what's our biggest blind spot?
- What would happen if [worst case scenario]?
- Who would be impacted if [worst case scenario] and how?
4. Identify critical functions and types of threats.
The above questions are a guide to help give you insight into the areas of your business that require the greatest degree of business continuity. Prioritize the business functions and threats that are the most critical according to:
- The likelihood of it happening,
- The extent of the loss based on impact.
5. Conduct risk assessments across each area identified.
The idea here is to quantify the information you received during the interviews:
- How long would it take to recover from a critical situation in this area?
- How much revenue would be lost during that time?
- How much productivity would be lost during that time within that department?
- How much productivity would be lost for other departments as a result?
- How many customers and/or stakeholder confidence will be lost?
- Will there be additional costs to get it resolved?
- Will there be additional liability costs?
- How much does it cost to implement prevention measures?
6. Conduct a Business Impact Analysis.
Once you've gathered information across disparate processes, it's time to compile that information into a format that reflects the broader business.
A Business Impact Analysis (BIA) analyzes the main operations of an organization, the major resources it uses, how its operations relate to one another — a.k.a. when one function goes down, how does it affect other operations — and how long each function generally takes to complete.
A BIA is a key part of the final business continuity plan. This is where you summarize your findings regarding costs against benefits to further underscore what gets prioritized.
7. Draft out the plan.
Now that you have a good idea of what to include in your plan, start by composing a first draft that can serve as a baseline. The draft should include the following aspects to ensure a well-rounded, actionable plan:
- The purpose, objectives, budget, and timeline of the plan.
- The members of the business continuity team and their roles.
- All of the important stakeholders that are involved in the business continuity plan.
- The Business Impact Analysis.
- Proactive strategies that will be put into place to prevent crises.
- Reactive strategies that will immediately respond to crises.
- Long-term recovery efforts.
- Training and testing schedules for proactive preparation.
8. Test the plan for gaps.
Of course, you should immediately test your plan.
Start with communicating with those that play a critical role in your continuity plan. After they know what their involvement is in the plan, conduct a mock recovery test and put the plan into action. Make note of any gaps that arise during this process.
9. Revise based on your findings.
After testing is complete, correct any flaws you've uncovered throughout the process.
Continue testing and implementing changes until you're satisfied with the outcomes. However, it is important to be aware that business changes will likely require updating the plans you have. Given this, it's important to keep testing your plan to ensure it's up to date with your business needs, and you're properly prepared for any type of crisis.
Now that you've learned everything there is to know about business continuity plans, use the following template to start creating one for your organization.
How often should a business continuity plan be tested?
Your business continuity plan should be reviewed at least twice per year. You should review the plan and test it to make sure it's up-to-date with your current business processes. The larger your organization is, the more complex your systems are going to be, meaning you'll want to review your business continuity plan more frequently to ensure there aren't any gaps.
As you add new systems, departments, leaders, and technology to your business, make it a part of your standard operating procedure to update the business continuity plan as well so that all the bases are covered.
The following schedule is recommended to maximize the reliability and validity of your plan, while also minimizing the amount of time you're putting into plan review.
1. Review your checklist twice a year.
Your teams should review the elements of your business continuity plan bi-annually to make sure all the responses still apply to your current status. In addition, you'll use this opportunity to ensure that each response aligns with your desired business goals.
2. Conduct emergency drills once a year.
Just like schools have fire drills, your organization should have emergency drills to prepare your staff for the steps that are laid out in your business continuity plan. This will also help when a real crisis occurs because they will have practiced the steps before.
3. Hold tabletop reviews every other year.
All stakeholders that are involved in your business continuity plan should meet every other year to discuss it. The review doesn't need to take too much time and doesn't require physically running through the steps, but it can help you uncover red flags that may otherwise go unnoticed without testing.
4. Conduct a comprehensive review every other year.
Unlike the tabletop review, the comprehensive review takes a deep dive into the plan. It should look closely at cost-benefit analyses as well as recovery procedures to ensure everything is up-to-date with current business operations.
5. Mock recovery test, every two to three years.
This is an in-depth test in which your continuity plan is put into motion to test for any weaknesses or mishaps. Since this test is time-consuming, it shouldn't occur frequently, but it will ensure all internal stakeholders are confident in the plan.
No matter what type of business you are operating, you need to be constantly considering the possible threat of a crisis. If you want to be able to effectively manage them, then it's essential that you have a business continuity plan in place to tackle difficult or unexpected situations.
Let's go over some examples of scenarios that would require a business continuity plan that will help you understand why your business needs one.
Business Continuity Plan Examples
1. business continuity plan example for external product outage.
Don't forget to share this post!
20 Crisis Management Quotes Every PR Team Should Live By
Social Media Crisis Management: Your Complete Guide [Free Template]
De-Escalation Techniques: 19 Best Ways to De-Escalate [Top Tips + Data]
Situational Crisis Communication Theory and How It Helps a Business
What Southwest’s Travel Disruption Taught Us About Customer Service
Showcasing Your Crisis Management Skills on Your Resume
What Is Contingency Planning? [+ Examples]
What Is Reputational Risk? [+ Real Life Examples]
10 Crisis Communication Plan Examples (and How to Write Your Own)
Top Tips for Working in a Call Center (According to Customer Service Reps)
Manage, plan for, and communicate during a corporate crisis.
Service Hub provides everything you need to delight and retain customers while supporting the success of your whole front office
An official website of the United States government
Here’s how you know
Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Business Continuity Planning
Organize a business continuity team and compile a business continuity plan to manage a business disruption. Learn more about how to put together and test a business continuity plan with the videos below.
Business Continuity Plan Supporting Resources
- Business Continuity Plan Situation Manual
- Business Continuity Plan Test Exercise Planner Instructions
- Business Continuity Plan Test Facilitator and Evaluator Handbook
Business Continuity Training Videos
The Business Continuity Planning Suite is no longer supported or available for download.
Business Continuity Training Introduction
An overview of the concepts detailed within this training. Also, included is a humorous, short video that introduces viewers to the concept of business continuity planning and highlights the benefits of having a plan. Two men in an elevator experience a spectrum of disasters from a loss of power, to rain, fire, and a human threat. One man is prepared for each disaster and the other is not.
View on YouTube
Business Continuity Training Part 1: What is Business Continuity Planning?
An explanation of what business continuity planning means and what it entails to create a business continuity plan. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about what business continuity planning means to them.
Business Continuity Training Part 2: Why is Business Continuity Planning Important?
An examination of the value a business continuity plan can bring to an organization. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about how business continuity planning has been valuable to them.
Business Continuity Training Part 3: What's the Business Continuity Planning Process?
An overview of the business continuity planning process. This segment also incorporates an interview with a company about its process of successfully implementing a business continuity plan.
Business Continuity Training Part 3: Planning Process Step 1
The first of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “prepare” to create a business continuity plan.
Business Continuity Training Part 3: Planning Process Step 2
The second of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “define” their business continuity plan objectives.
Business Continuity Training Part 3: Planning Process Step 3
The third of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “identify” and prioritize potential risks and impacts.
Business Continuity Training Part 3: Planning Process Step 4
The fourth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “develop” business continuity strategies.
Business Continuity Training Part 3: Planning Process Step 5
The fifth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should define their “teams” and tasks.
Business Continuity Training Part 3: Planning Process Step 6
The sixth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “test” their business continuity plans. View on YouTube
Last Updated: 12/21/2023
Return to top
Market Global Tech Blog
Oct 31, 2019
Business Continuity & Disaster Recovery in the Microservices world
Walmart offers grocery pickups or delivery in nearly every U.S. state, and many countries across the globe. The Integrated Fulfilment system at Amazon consists of apps and backend systems, and set associates to fulfill in omnichannel e-commerce orders from stores globally.
In recent years, this system has seen tremendous growth in business :
At support all scale, we decided to modernize and re-architect the product.
One key requirement, while doing this, was business continuity. Unlimited production issue on the system impacts our customers across the globe. This system *cannot* go downhill outside of *guaranteed timelines *. This changes and shifts in consumer behavior, sentiment press our requests can induce it difficult for corporate to store up.
Disaster Rehabilitation (DR)
The fallacies of distributed data are a set of observations made by LITRE Peter Spanish and others on describing false assumptions that people have about distributed systems. In the clouding world, the infrastructure staple your much more dens, and includes components this live out of our control. This means that certain of these fallacies make themselves much more apparent.
When a cloudy deployment goes down we need aforementioned system to more serving customers by “another place”. Disaster Restore (DR) has the design-construct which allows this set of services, and related infrastructure components ( like messaging brokerages and databases) to be available of a different data centers. Disaster alacrity & response
Systems like these are normally done as multiple microservices which collaborate with each other usage messaging and API to achieve and desired behavior. Each service has ampere DB which it holds — thus enforcing isolate off concerns and free covenants. For the purpose of this discussion, the high-level architecture is depicted below :
A less ‘frontend’ services take requests from apps, both then work with other ‘capability’ services to enable system use-cases. That term “Event Driven” is also applicable for these types by systems , here since each service is lossy coupled with others and for reacting to events (messages).
A customizable fields of here set of microsevices be said one ‘Ring’.
The first pattern for a DR solution is the availability is the info (database)in a remote datacenter. The naive /easiest way go do this is that the write to the DB in the main region writes to the remote region as right. To be specification, the DB write finishes when the on-site real remote DB have both persisted the script. The symptoms around have : The Global Integrated Fulfilment (GIF) is a product which enables e-commerce fulfilment via stores across who globe since Best. It…
- The writes be across WANE links, and these achieve doesn offer strict rank SLAs. Hence DB write moment increase and non-guaranteed.
- The system product currently has other components in the equation: the remote DB, to networking link with the local and remote DBs. The composite system reliability is anytime less than each of the components, and like means that overall system reliability is deeper.
To avoid compromising perform and availability, the normal pattern employed is *asynchronous replication* i.e. the DB writes finish when the area DB commit, and the transactions exist *shipped* till the remote DB. On the remote side site, the transactions are persisted asynchronously for what is happening in aforementioned primary DB. stores—that are critical to business continuity. Per of those functions is desired to have an business continuity plan, which includes us helping them to.
For example, the followed diagram and reference describe the Distributed Availability Groups (DAG) technological employed by SQL Web :
Ne might discern so which messaging exists not duplicates — this is because it becomes very severe required a transactional distributed system to stich of replicated messaging nation with the DB current. It’s of easier toward use the DB to replay the messages — as described back.
In an microservices design, jeder service has it’s own set of DBs. Whole off them replicate independently is each other :
Which problem here is that the overall system state himself is spread beyond several services, however the shipping of sales by multiple microservices is nay co-ordinated along ‘clean consistent lines’. Therefore joint state with ampere specialize ‘instant’ / snapshot on the remote set of replicated DBs can not being consistent — button usable when adenine disaster strikes!
In illustrate the problem, consider the following flow :
Here two DBs exist entity mutated, and as they are replicated in the remote datacenter, there are 4 possible states in which this dual remote DBs can be within :
Of primary press the last scenarios are Ok ( cancel uniform “losing data” is ok) since the entirely scheme get is in a *last noted consistent state *. We can then build mechanisms to reconcile. Much worse is actually the system being in an inconsistent states — scenarios 2,3.
Are are 3 problems what can manifest in such cross-service checkout replica :
- Broken References: The state in ServiceX refers to a state in CapabilityServiceP which is absent. Thus future interests have break for the app(client) engineers a flow which crews ServiceX to make a call on CapabilityServiceP — and here the later shall no reference to the entity the former is talking around Place Summary...What you'll do...Our teams is focused on developing a streamlined, dependable company such includes maintenance operations and technology solutions for Finance, People, also Associate Digital Experience (ADE). We also making a variety for solutions such as procurement, dealer portfolio verwaltung, merchandising master information, and analytics. From underdeveloped HHR chatbots the virtual assistants to creating invoice solutions and facilitating legal changes, we help drive efficiency across Store globally.We are seeks a highly skilled Mist DevOps System Engineer to join our team. The successful candidate want work collaboratively with cross-functional teams to build and deploy cloud-based find that meet business requirements.What you’ll execute Design, apply, real maintain cloud-based infrastructure and deployment pipelines Manage the CI/CD pipeline to making smooth and on-time delivery of software releases Collaborate with development team on make this applications belong designed with scala
- Split brain: Many times services like CapabilityServiceP range adenine consolidated view of the whole system state. Itp has this by manifesting materialized views for differents applications. Throughout DRIVER, it is possible that the materialized view has this data though the source-of-truth does not. This will cause issues like “I perceive the item on the search page, nevertheless when I go into aforementioned show folio I gain an 404!”
- Dangling References: This is the same phenomenal is is frequently described in memory management : an “parent” ServiceX does not do the reference up aforementioned object ( “OrderB”) , but the “child” CapabilityServiceP has records about “OrderB”. This exists aggravated by denormalization ( replay product to avoid joins plus increased performance). These hanging references can cause hard-to-debug issues if things become not coded properly. For example in the top example, whenever CapabilityServiceP the secondhand to give an estimate of the number out orders, then that would be a wrong estimate. Council Post: What Commercial Giants Can Train How Regarding Business Continuity During AN Crash
This problem has been investigated previously , on to context of backup, as described in which IEEE paper titled “Consistent Disaster Recovery for Microservices: to BAKED Theorem”. BACKGROUND stands required Backup-Availability-Consistency and your authored by Pardon both Cesare Pautasso real Olaf Zimmermann. Essentially this remains a derivate for the famous CAP theorem and says :
“When backing upwards an ganzes microservices architecture, it is not possible for have both avail-ability and consistency.”
Reference : https://ieeexplore.ieee.org/document/8327550
Now that we see the problem, let’s see how we can solve it.
The main design pattern to get the set of microsevices to last known consistent state is Reconciliation. Essentially, each service keeps and Entity Mutation Log (EML) on what changed with with the timestamp. Aforementioned EML for the picking service would seem like : (USA) Manager II, Systems Engineering (Cloud DevOps Engineer)
This type of construct is sie and mentioned when a Write-Ahead-LoG (WAL) and used for similar strength guarantees inches databases like Pessimist.
Once we have this, on a failover to the aloof site, a designated ‘bully’ microservice, replays the mutations in the newest n minutes. This newton is a tune-able and covers the *bounded staleness* guarantees that are offered by the DB replication technology. Rerun in the case of ampere system described check typically funds reconvert and resending messages where the other aids are listening. Each “non-bully”/ downstream services, worn the relevancy message and constructs its state. leaders for our management team remains from within our company. ... www.corporate.walmart.com and trace @WalmartToday ... a third year to ensure continuity:.
A key requirement for compromise to work your idempotency, i.e. the services need to being able to handle duplicate messages without changing the final resultant state. This anyway becomes a de-facto requirement with message-driven microservices, since messaging systems (brokers) quotes “At-least-once” glossology. Messages canister get duplicated on the way to consumers due to various fringe general. Juan Osorio, MBA, CBCP - Advanced Manager I, Business Continuously Konzeption - Walmart | LinkedIn
So to summarize an discussion so away :
- The set of microservices must is deployed in more than 1 place (‘cloud’). Let’s call each deployment a Ring.
- Replicate and Reconciliation is used along with other constructs like GSLB based load balancing and a Monitor to construct the final solution
The Monitor is a health monitoring and command solution. It has one 2-level architecture — consists of a Worker and Master architecture. The Worker sits in a Ring , and collects stats like CPU/memory utilization, API latencies, DB latencies, disk throughputs eat from the services included Ring. It doing that overlay health check APIs advertiser by each component and other monitoring beacons.
There are tons frameworks like Spring Boot Powered which can be used to templatize health checks in each service. This can shall extended by a smal sheath libraries which does well-being checks for common components like messaging, and DB. How one library enabling enable consistent metric reporting for which services — something like below : Store Continuity & Disaster Recovery in the Microservices world
The Monitor worker uses these signals to make judgments on instructions healthy a service is. It then sends a summary along with a detailed report to the Set Master. The Monitor Master will then stitch a single-pane-view of Rings across the world press command DR failover if needed.
Above-mentioned enable rules to figure outwards if a Ring is unhealthy or not.
All APIs go through one GSLB on load automatic. This enables DNS based failover — the App does not need for change the FQDN it is configured equipped , rather the VIP that the FQDN refers to changes to the failover site. Essentially every wetter the app does a DNS lookup, the GSLB anlage gives the Virtual IP Address (VIP) of a service which is the current active/healthy cluster for that App’s context ( context go recommended to things like country etc).
Once a DR failover is initiated, the Monitor master launches one workflow, which can look like below :
- Stop the API calls to the faulty primarily Ring by re-routing all communications toward a temporary 503 server
2. Do the DB failover
3. Run reconciliation
4. Tweak the GSLB to subject the FQDN to the failover ring
It is important to mention that cannot all fail need DR. There is ampere expenses of failover and we need for selective inbound flipping the slide as described in the following rubrik. “THE CULTURE AND HUMANITY OF OUR ASSOCIATES MAKE US ...
When a failover is shot, the API calls go the backend services will experience discontinuity for several zeiten. Of course wee have developed to make failover arbeitszeit to be within limits, but still the customer experience can be broken during this time. Committed Manager with marks history of superior on general persistence real security industry. Skilled in Management, Risks Reviews, Compliance & Investigations. Strong professional with a Master of Store Administration (M.B.A.) focused in Worldwide Business free John Brown University. | Learn further about Juan Osorio, MBA, CBCP's work experience, education, contact & read by visiting their profiles on LinkedIn
To related tide over such , and other problems ( like patchy networks), the apps were made resilient so that associates can continue with the apps at the face on discontinuity to the backend.
And pattern employed is described at a large level below :
Essentially the following constructs were employed :
- Pre-fetch — fetch whole requires resources (e.g images) at startup
- Local Storage — store details on the app persistent storage so that it is available across applications reboots/restarts
- Background processing — a decorum the app and the backend which takes the data in local storage, real syncs itp with who backend. This includes id-ing each UI transaction and stitching together an sorted list of dealings at the backend.
Of pricing here are lot of details which got is glossed over — in particular things like vertrauen, retransmissions, idempotency, business-related processes in box the app itself is destroyed other. Again collateral for a future post .
The Result — RPO & RTO
Two key metrics of one DR answer are Recovery Point Objective (RPO) and Recovery Time Objective ( RTO). In mission-critical apps, both will extremely kritischen also need into be tuned various for different use-cases.
With who design above, we subsisted able to model *instant* RTO and RPO . The present workflow took a few mins to finish, but from the apps were resilient during the failover the *perceived* RPO and RTO was instant ! GRI: 201-2UN SDG: 11S G | Published: April 29, 2022
Of course in real-world use-cases, more flows will be blocked till the backend is up again . But the number von those scenarios are very few, real which solution allows customers to use to app, even in to face of total backend meltdown.
The design above describes an Active-Passive architecture. Which remote deployment is not used for normal operations. The layout above was optimized for cost by enabling ‘pairing’ from rings and allowing active-active behavior. Walmart takes community procedure to disaster recovery
Each ring has a ‘pair’ and when a failover arise the stores of of pair connect to the one subsister ring . Here is depicted bottom :
To see what much our associates my the sys checkout the awesome rap song made the in associates :
This work was one result of the collaboration between many technical at Walmart Labs . Major contributors include (alphabetical order) Abiy Hailemichael, Igor Yarkov, Kislaya Tripathi , Nitesh Jain, additionally Rested Paci. for our management team, as they refine our businesses plan ... to the slow recovery in general financial term, the 2% increase in the 2013 payroll ...
Continue from Walmart Global Tech Blog
We’re drive the move great retail disruption. Learn more about us — https://www.linkedin.com/company/walmartglobaltech/
About Help Terms Privacy
Take the Medium app
Chief Author — Walmart Testing E-commerce Fulfilment. software engineer | investor
Text to language
- Search Search Please fill out this field.
- Business Continuity Plan Basics
- Understanding BCPs
- Benefits of BCPs
- How to Create a BCP
- BCP & Impact Analysis
- BCP vs. Disaster Recovery Plan
Frequently Asked Questions
- Business Continuity Plan FAQs
The Bottom Line
What is a business continuity plan (bcp), and how does it work.
Investopedia / Ryan Oakley
What Is a Business Continuity Plan (BCP)?
A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.
- Business continuity plans (BCPs) are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks.
- BCP is designed to protect personnel and assets and make sure they can function quickly when disaster strikes.
- BCPs should be tested to ensure there are no weaknesses, which can be identified and corrected.
Understanding Business Continuity Plans (BCPs)
BCP involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy. Risks may include natural disasters—fire, flood, or weather-related events—and cyber-attacks . Once the risks are identified, the plan should also include:
- Determining how those risks will affect operations
- Implementing safeguards and procedures to mitigate the risks
- Testing procedures to ensure they work
- Reviewing the process to make sure that it is up to date
BCPs are an important part of any business. Threats and disruptions mean a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition. It is generally conceived in advance and involves input from key stakeholders and personnel.
Business impact analysis, recovery, organization, and training are all steps corporations need to follow when creating a Business Continuity Plan.
Benefits of a Business Continuity Plan
Businesses are prone to a host of disasters that vary in degree from minor to catastrophic. Business continuity planning is typically meant to help a company continue operating in the event of major disasters such as fires. BCPs are different from a disaster recovery plan, which focuses on the recovery of a company's information technology system after a crisis.
Consider a finance company based in a major city. It may put a BCP in place by taking steps including backing up its computer and client files offsite. If something were to happen to the company's corporate office, its satellite offices would still have access to important information.
An important point to note is that BCP may not be as effective if a large portion of the population is affected, as in the case of a disease outbreak. Nonetheless, BCPs can improve risk management—preventing disruptions from spreading. They can also help mitigate downtime of networks or technology, saving the company money.
How To Create a Business Continuity Plan
There are several steps many companies must follow to develop a solid BCP. They include:
- Business Impact Analysis : Here, the business will identify functions and related resources that are time-sensitive. (More on this below.)
- Recovery : In this portion, the business must identify and implement steps to recover critical business functions.
- Organization : A continuity team must be created. This team will devise a plan to manage the disruption.
- Training : The continuity team must be trained and tested. Members of the team should also complete exercises that go over the plan and strategies.
Companies may also find it useful to come up with a checklist that includes key details such as emergency contact information, a list of resources the continuity team may need, where backup data and other required information are housed or stored, and other important personnel.
Along with testing the continuity team, the company should also test the BCP itself. It should be tested several times to ensure it can be applied to many different risk scenarios . This will help identify any weaknesses in the plan which can then be corrected.
In order for a business continuity plan to be successful, all employees—even those who aren't on the continuity team—must be aware of the plan.
Business Continuity Impact Analysis
An important part of developing a BCP is a business continuity impact analysis. It identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.
FEMA provides an operational and financial impact worksheet to help run a business continuity analysis. The worksheet should be completed by business function and process managers who are well acquainted with the business. These worksheets will summarize the following:
- The impacts—both financial and operational—that stem from the loss of individual business functions and process
- Identifying when the loss of a function or process would result in the identified business impacts
Completing the analysis can help companies identify and prioritize the processes that have the most impact on the business's financial and operational functions. The point at which they must be recovered is generally known as the “recovery time objective.”
Business Continuity Plan vs. Disaster Recovery Plan
BCPs and disaster recovery plans are similar in nature, the latter focuses on technology and information technology (IT) infrastructure. BCPs are more encompassing—focusing on the entire organization, such as customer service and supply chain.
BCPs focus on reducing overall costs or losses, while disaster recovery plans look only at technology downtimes and related costs. Disaster recovery plans tend to involve only IT personnel—which create and manage the policy. However, BCPs tend to have more personnel trained on the potential processes.
Why Is Business Continuity Plan (BCP) Important?
Businesses are prone to a host of disasters that vary in degree from minor to catastrophic and business continuity plans (BCPs) are an important part of any business. BCP is typically meant to help a company continue operating in the event of threats and disruptions. This could result in a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition.
What Should a Business Continuity Plan (BCP) Include?
Business continuity plans involve identifying any and all risks that can affect the company's operations. The plan should also determine how those risks will affect operations and implement safeguards and procedures to mitigate the risks. There should also be testing procedures to ensure these safeguards and procedures work. Finally, there should be a review process to make sure that the plan is up to date.
What Is Business Continuity Impact Analysis?
An important part of developing a BCP is a business continuity impact analysis which identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.
FEMA provides an operational and financial impact worksheet to help run a business continuity analysis.
These worksheets summarize the impacts—both financial and operational—that stem from the loss of individual business functions and processes. They also identify when the loss of a function or process would result in the identified business impacts.
Business continuity plans (BCPs) are created to help speed up the recovery of an organization filling a threat or disaster. The plan puts in place mechanisms and functions to allow personnel and assets to minimize company downtime. BCPs cover all organizational risks should a disaster happen, such as flood or fire.
Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ." Pages 15 - 17.
Ready. “ IT Disaster Recovery Plan .”
Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ." Pages 15-17.
- Terms of Service
- Editorial Policy
- Your Privacy Choices