Disaster Recovery Journal Fall 2025

Mistake 5: Ignoring Crisis Communication When disruption occurs, communication can make or break your response. Lack of clear messaging leads to confusion, mis information, and panic (internally and externally). Common communication failures: n No defined spokesperson or approval process. n Outdated contact information for employees and stakeholders. n No pre-approved templates for common scenarios. Example: A major retailer experienced a data breach but had no plan for informing customers. Confused shoppers learned about the breach from news outlets rather than the company, which fueled negative media coverage and damaged long-term trust. How to fix it: n Create a communication plan. Include: u Key contacts and backup contacts. u Pre-approved templates for email, SMS, social media, and press releases. u Roles for drafting, approving, and delivering messages. n Test your channels. Make sure emergency notifications actually reach employees. n Train spokespersons. Prepare leadership for media inquiries. Mistake 6: Not Testing the Plan An untested plan is an assumption. Real-world incidents rarely go as scripted, and without testing, you’ll only discover weak nesses during an actual crisis. When it’s too late. Why testing matters: n Validates assumptions about recovery times and processes. n Familiarizes employees with their roles. n Builds confidence in the organization’s ability to respond. Example: A company assumed employees could work from home during a building outage. During testing, they discovered remote desk tops couldn’t handle peak load. Fortunately, the issue was fixed before a real event occurred, thanks to the testing. How to start testing: n Begin with tabletop exercises. Walk through a scenario as a team, discussing roles and actions. n Test high-risk processes. For example, fail over a critical application to a backup environment. n Keep it realistic but manageable. Start small and build complexity over time. Mistake 7: Forgetting Third-Party Dependencies Organizations increasingly rely on vendors for critical ser vices such as cloud hosting, payroll, supply chain, and logistics. However, they often overlook how these dependencies can affect their overall resilience.

Why this matters: n If a critical vendor fails, your business suffers even if your internal systems are fine. n Regulators often require vendor risk assessments. Example: A manufacturing firm relied on a single supplier for a criti cal component but never assessed that risk. When the supplier experienced a fire at its facility, shipments were delayed by sev eral weeks. Production slowed to a crawl, customer orders were backlogged, and the company faced costly penalties for missed delivery commitments. How to address it: n Identify critical vendors. Who do you rely on for essential operations? n Review vendor plans. Do they have BC measures in place? n Develop alternatives. Secondary suppliers, backup hosting providers, or manual workarounds. Mistake 8: Thinking It’s ‘One and Done’ Business continuity is not a one-time project; it’s an ongoing process. As organizations evolve and risks change, plans must be kept current. The risk of neglect: n Contact lists become outdated. n New systems and processes aren’t included in the plan. n Employees forget their roles. How to maintain momentum: n Review and update annually. Or after major organizational changes. n Conduct refresher training. Keep awareness high. n Measure and report progress. Show leadership how your program is improving resilience year over year. Conclusion Mistakes in business continuity planning are common, but most can be avoided with the right approach. By engaging the right people, simplifying your strategy, and committing to continuous improvement, you will create a plan that does not just look good on paper but performs when it matters most. Start small, focus on the essentials, and build from there. Business continuity is not just about surviving the next disrup tion; it is about thriving through uncertainty. v Carlo Kelejian, CBCP, MBCI, is managing director at Continuity Innovations. Kelejian is a seasoned professional with more than 25 years of experi ence in business continuity, crisis management, and disaster recovery. He holds a master’s degree in business continuity management from Norwich University. Kelejian ‘s experience in planning spans diverse sectors, includ ing financial services, manufacturing, education, healthcare, government, and more.

DISASTER RECOVERY JOURNAL | FALL 2025 35