Did You Know That Having a Business Continuity Plan is Essential For Your Pharmacy?
Authored by David Carroll and Tim Patterson
Every small business should have a plan that prepares for the unexpected. Fires, floods, storms, cyber-attacks, pandemics and other disruptions present significant challenges for businesses and present tests to their resilience.
Business continuity planning is essential for growing and sustaining a good business. When thinking about your business continuity, consider that it won’t just be about the immediate damage but the flow-on impact of dealing with longer-term effects and repercussions.
A Business Continuity Plan should outline strategies for keeping your business operational despite emergencies such as extreme weather events, illness, power outages, pandemics, cyber-attacks, and other crimes.
Assessing Risks
To determine risks that could impact your pharmacy, it helps to perform a risk assessment. This can be as simple as creating a list of scenarios that are likely based on your local area, past disasters, and other common threats. To assist with the process, we have created a list of some critical risks we have identified for our customers:
Business Risk description | Actions that could be taken to manage the risk |
Risk to building, e.g., fire, flooding | Insurance |
Compliance with fire & building regulations | |
Smoke alarms, sprinklers. | |
Data security | Ensure all systems have anti-virus, firewalls, strong passwords, whitelisting, and access control |
Have an onsite and offsite backup | |
Network and data encryption | |
Document incident response procedure which will be triggered in the event of loss or a suspected attack | |
Machinery failure -Robot, Webster Pak | Follow recommended servicing and maintenance schedules |
Keep stock of parts | |
Have a contract with emergency 24/7 repair services | |
Train employees on safe use, maintenance, and basic repair | |
Natural disaster | Identify natural hazards |
Measure vulnerability to natural hazards | |
Connect to early warning systems if required | |
Use forecasts to measure the proximity of risk, e.g., use weather forecast | |
Create plans for responding to natural disasters | |
Insure against losses where possible | |
Technology breakdown, e.g., dispense master/server failure | Build in redundancy and data backups |
Implement Cloud backup | |
Have UPS, power, and hardware spares | |
Invest in monitoring and early warning systems | |
Theft – of pharmacy goods, restricted medications | Invest in security hardware and personnel |
Invest in cyber security, encryption, VPN etc. | |
Retail style alarms on products | |
Strict access control, badges, scanners, search etc. |
Flow on Effects
The other point to consider is that some disasters can impact more than a single risk area. For example, flooding in your pharmacy will destroy your pharmacy computers, and you will lose your patient data and their historical records. As highlighted at the beginning of this article, this will cause flow-on effects, requiring you to collect data from your customers again.
Templates for Your BCP
Once you have identified the key risks, you should use them to create a business continuity plan. We recommend leveraging the resources provided by the state or national government as they provide a good starting point in the form of a template such as this one from Business.gov.au or this one from the Small Business Commissioner.
The Criticality of IT Systems and Pharmacy Data
In most disaster scenarios, your pharmacy data and IT systems will be vital to getting back up and running. Corum recommends that you ensure a detailed plan for your IT systems:
• How to get new or replacement computers.
• Ensure you have a documented and tested the process for restoring from backup.
• Plan with your dispense vendor the process for getting your dispensing up and running, including printing and scanning.
• Your passwords, certificate passphrases and other key login information should be stored in a password manager that keeps the information securely in the cloud. Remember that your systems need to have NASH PKI certificates installed to access services such as PRODA and PBS online claiming. If you have lost them, or don’t know the passphrase, your recovery efforts will be further delayed while you wait for replacement certificates and passphrases from Services Australia.
If you are worried about the security of your pharmacy systems and want to know you implement strong backup in your pharmacy and protect yourself from ransomware, speak to your Corum Customer Success Manager or contact us on 1300 669 865.