Did You Know 2022

Did You Know That Having a Business Continuity Plan is Essential For Your Pharmacy?

Authored by David Carroll and Tim Patterson

Every small business should have a plan that prepares for the unexpected. Fires, floods, storms, cyber-attacks, pandemics and other disruptions present significant challenges for businesses and present tests to their resilience.

Business continuity planning is essential for growing and sustaining a good business. When thinking about your business continuity, consider that it won’t just be about the immediate damage but the flow-on impact of dealing with longer-term effects and repercussions.  

A Business Continuity Plan should outline strategies for keeping your business operational despite emergencies such as extreme weather events, illness, power outages, pandemics, cyber-attacks, and other crimes.  

Assessing Risks 

To determine risks that could impact your pharmacy, it helps to perform a risk assessment. This can be as simple as creating a list of scenarios that are likely based on your local area, past disasters, and other common threats. To assist with the process, we have created a list of some critical risks we have identified for our customers: 

Business Risk description

Actions that could be taken to manage the risk

 Risk to building, e.g., fire, flooding


Compliance with fire & building regulations

Smoke alarms, sprinklers.

Data security

Ensure all systems have anti-virus, firewalls, strong passwords, whitelisting, and access control

Have an onsite and offsite backup

Network and data encryption

Document incident response procedure which will be triggered in the event of loss or a suspected attack

Machinery failure -Robot, Webster Pak

Follow recommended servicing and maintenance schedules

Keep stock of parts

Have a contract with emergency 24/7 repair services

Train employees on safe use, maintenance, and basic repair

Natural disaster

Identify natural hazards

Measure vulnerability to natural hazards

Connect to early warning systems if required

Use forecasts to measure the proximity of risk, e.g., use weather forecast

Create plans for responding to natural disasters

Insure against losses where possible

Technology breakdown, e.g., dispense master/server failure

Build in redundancy and data backups

Implement Cloud backup

Have UPS, power, and hardware spares

Invest in monitoring and early warning systems

Theft – of pharmacy goods, restricted medications

Invest in security hardware and personnel

Invest in cyber security, encryption, VPN etc.

Retail style alarms on products

Strict access control, badges, scanners, search etc.

Flow on Effects
The other point to consider is that some disasters can impact more than a single risk area. For example, flooding in your pharmacy will destroy your pharmacy computers, and you will lose your patient data and their historical records. As highlighted at the beginning of this article, this will cause flow-on effects, requiring you to collect data from your customers again.

Templates for Your BCP
Once you have identified the key risks, you should use them to create a business continuity plan. We recommend leveraging the resources provided by the state or national government as they provide a good starting point in the form of a template such as this one from Business.gov.au or this one from the Small Business Commissioner.

The Criticality of IT Systems and Pharmacy Data
In most disaster scenarios, your pharmacy data and IT systems will be vital to getting back up and running. Corum recommends that you ensure a detailed plan for your IT systems:
• How to get new or replacement computers.
• Ensure you have a documented and tested the process for restoring from backup.
• Plan with your dispense vendor the process for getting your dispensing up and running, including printing and scanning.
• Your passwords, certificate passphrases and other key login information should be stored in a password manager that keeps the information securely in the cloud. Remember that your systems need to have NASH PKI certificates installed to access services such as PRODA and PBS online claiming. If you have lost them, or don’t know the passphrase, your recovery efforts will be further delayed while you wait for replacement certificates and passphrases from Services Australia.

If you are worried about the security of your pharmacy systems and want to know you implement strong backup in your pharmacy and protect yourself from ransomware, speak to your Corum Customer Success Manager or contact us on 1300 669 865.