Prepare Your Business

Take action to prepare your business.

Whether you run a public, private, community, or nonprofit organization, your business and the employees who work there face a variety of hazards that are important to prepare for.

Hazards a business can face

Natural weather hazards like floods, extreme cold, snow storms, and tornadoes.

Health hazards such as widespread and serious illnesses.

Human-caused hazards such as accidents and acts of violence.

Technology‑related hazards include power outages, equipment failures, IT system disruptions, and even cybersecurity breaches.

It is important to prepare for anyone of these hazards if they do ever occur for your business. Below will be some of the ways you can prepare for these hazards.

Creating a Plan For Your Business:

To ensure your company is prepared for any hazards or disasters that may occur, the first step is to create a comprehensive emergency plan. This plan should outline how your business and its employees will respond, stay safe, and maintain essential operations during and after an emergency. Effective preparedness planning should address every critical need that may arise, including communication strategies, IT recovery procedures, and overall business continuity efforts.

Steps to Prepare Your Business

Discuss Questions Below With Your Workers

To begin creating a workplace emergency plan, start by discussing these questions below as a group. Identifying the answers will help everyone understand key preparedness needs and ensure your team has a uniform plan to follow if an emergency arises.

1. How will you receive emergency alerts and warnings?
2. What is the shelter plan?
3. What is the evacuation route?
4. What is my business communication plan?
5. Does your business have an emergency preparedness kit? Does it need to be updated? (Yes—if any items are expired, damaged, or no longer working, it’s time to update your kit.)
6. What should be done before, during, and after an emergency?

Business Impact Analysis (BIA)

A Business Impact Analysis (BIA) is the process of determining the potential impacts that could result from the interruption of time‑sensitive or critical business operations. It helps predict the consequences of disruptions to essential functions, gathers the information needed to develop effective recovery strategies, and uses loss scenarios—typically identified during a risk assessment—to guide investments in prevention and mitigation.

Business Disruption Scenarios

Businesses need to identify the risks that could affect them and understand how long those impacts may last. The scenarios below are just a few examples of the many events that can disrupt your operations.

1. Physical damage to a building

2. Equipment, system, or machinery failure

3. Limited or no access to a facility

4. Supply chain interruptions, including supplier failure or transportation delays

5. Utility outages (power, water, etc.)

6. Damage, loss, or corruption of IT systems, data, or communications

Potential Impacts

A BIA should outline the operational and financial effects of a disruption, such as:

1. Lost or delayed sales and income

2. Increased expenses (overtime, outsourcing, expedited shipping)

3. Regulatory fines or contractual penalties

4. Customer dissatisfaction or loss

5. Delays to new business initiatives

Timing and Duration

The impact of a disruption depends heavily on when it occurs and how long it lasts. For example, damage before a peak sales season or a prolonged power outage can significantly increase losses. Short disruptions may be manageable, but longer ones—especially for high‑demand products—can be far more damaging.

Conducting the BIA

Use a BIA questionnaire to gather input from managers and staff who understand key business functions. This process should identify the potential impacts if their processes are interrupted, as well as the critical operations and resources needed to maintain essential services.

BIA Report

The final report should document the potential impacts of disrupted functions, estimate financial consequences where possible, and compare these costs to potential recovery strategies. It should also prioritize the order in which business functions are restored, focusing first on those with the greatest operational and financial importance.

A risk assessment is the process of identifying potential hazards and analyzing what could happen if they occur. Because each hazard can lead to multiple possible scenarios, it’s important to evaluate a wide range of threats. As you work through the assessment, look for vulnerabilities—such as weaknesses in building construction, process systems, security, protection systems, or loss‑prevention programs—that could make your business more susceptible to damage.

These vulnerabilities directly influence the severity of impacts; for example, a building without a fire sprinkler system may be completely destroyed by fire, while one with a properly designed and maintained system may experience only limited damage. When the assessment reveals the potential for significant impacts, investing in mitigation should become a priority, as mitigation strategies can greatly reduce the consequences of future hazards.

Click here to head to ready.gov’s risk assessment tool to allow you to determine which hazards and risks are most likely to cause significant injuries and harm.

Not all disasters can be prevented, but many mitigation strategies can reduce the damage your business may face. Preparing in advance—by researching fire prevention regulations and national standards, consulting with your insurance agent or broker, and ensuring your facility meets current building and life‑safety codes—can make recovery faster and less costly. It’s also important to safeguard both physical and digital assets.

Identify which equipment is essential to your operations and where replacement parts would come from if it were damaged. Consider site‑selection factors such as flood zones, storm surge areas, earthquake risks, or proximity to hazardous facilities. Additional steps include installing uninterruptible power supplies (UPS), providing emergency generators for critical equipment, developing a business continuity plan, planning for disruptions to basic services, and protecting your data by maintaining secure backup copies stored in a safe location.

Insurance also plays a key role in financial mitigation. Reviewing your policies helps ensure your coverage aligns with the risks your business may face, including property damage, equipment loss, or operational interruptions. Flood insurance may be available through the National Flood Insurance Program for facilities in flood zones, while earthquake, terrorism, and pollution coverage can often be added separately.

Business interruption insurance can reimburse lost profits and certain ongoing expenses during a shutdown, and contingent business interruption coverage can help offset losses caused by supplier failures. Additional endorsements may cover extra expenses, such as expedited delivery of replacement equipment after an insured loss.

Once you and your employees have established a plan for alerting staff during an emergency, it is essential to practice and carry out that plan for a variety of potential situations.

Conducting drills for events such as power outages, tornadoes, or snowstorms can help everyone feel more confident and prepared to respond effectively. Employees should clearly understand what to do when instructed to evacuate or shelter in place, and they should have access to the necessary resources—such as an emergency supply kit—for both scenarios.

Regular practice ensures that you and your employees are better equipped to handle an emergency when it occurs.

Resources:

Here is a list of resources you can use to help guide you in your decision making when facing hazards.

Natural Hazards:

Protect your property from severe wind – (FEMA)

Protecting Workers from Heat Illness – Occupational Safety and Health Administration (OSHA)

Human-Caused Intentional Acts:

Workplace violence-issues in response (Federal Bureau of Investigation)

Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings – (FEMA)

Pr imer for Design of Commercial Buildings to Mitigate Terrorist Attacks – (FEMA)

Site and Urban Design for Security: Guidance against Potential Terrorist Attacks – (FEMA)

Inc remental Protection for Existing Commercial Buildings from Terrorists Attack: Providing Protection to People and Buildings – (FEMA)

Guidance for Filtration and Air-Cleaning Systems to Protect Building Environments from Airborne Chemical, Biological, or Radiological Attacks – (U.S. Centers for Disease Control and Prevention)

Technological Hazards:

Risk Assessment Portal, guidance and guidelines – U.S. Environmental Protection Agency

Computer Security Resource Center – National Institute of Standards and Technology (NIST), Computer Security Division Special Publications.

Information Security Handbook: A Guide for Managers – (NIST, SP 800-100)

Guide for Conducting Risk Assessments – (NIST 800-30)

An Introduction to Information Security – (NIST 800-12)

*Credit: Portions of the information on this page are adapted from FEMA and Ready.gov resources. Their materials were used as foundational guidance and adapted to provide Onondaga County–specific preparedness information.