Business Continuity Plans
What they are and why you need one
Principal Consultant, Steve Armitage, explains the importance of having a business continuity plan and how it can help you prepare for when things go wrong!
As the old saying goes, “if you fail to plan, you plan to fail”. So do you know what to do when things go wrong? Do you have a plan in place? Is your business resilient enough to survive a major disruption?
Resilient businesses can respond quickly and effectively to a sudden disruption: bad weather, cyber-attack, a major power cut, maybe a global pandemic hits… Resilient businesses have specific plans in place, so that if / when things go wrong, you know what to do.
Such plans are called Business Continuity Plans.
What is a business continuity plan?
A Business Continuity Plan (BCP) is typically a document that outlines how an organisation will continue operating during an unplanned disruption. It contains contingencies for business processes, assets, human resources and business partners – every aspect of the business that might be affected.
BCP’s are a key output of Business Continuity Management, which, according to the Business Continuity Institute is “a key management discipline that builds and improves organisational resilience. An effective business continuity programme is essential for any organisation that seeks to develop and enhance organisational resilience.“.
In other words, business continuity planning ensures the continuation of your business during and following a critical incident that disrupts your normal operations. It is the proactive process of understanding company weaknesses and threats in times of crisis AND, importantly, how to address them.
It means making decisions now (or soon) in a timely and considered manner, rather than on-the-fly during a disruption under the stress and pressure of the event itself.
A typical Business Continuity Plan contains key contacts, step by step procedures, checklists and policy information. It should answer such questions as who will be affected, what issues must be addressed immediately and how the disruption will be managed. Organisations also need to conduct regular testing to ensure the BCP will actually achieve its objectives.
Why do you need a business continuity plan?
A Business Continuity Plan positions your organisation to survive serious disruption. It eliminates confusion and provides a clear blueprint for what everyone should do.
An effective plan enables businesses to react quickly and efficiently in the face of unpredictable events.
Business continuity includes different levels of response. Not everything is mission-critical, so it’s important to lay out what is most vital to keep running, and what could stand to come back online at later times.
It’s crucial to be honest about recovery time objectives (the period of time following an incident within which a product, service or activity must be resumed, or resources must be recovered) and recovery point objectives (the point to which information used by an activity must be restored to enable the activity to operate on resumption).
Not sure how to do a business continuity plan?
Follow these four steps to improve your organisation’s resilience and be ready and better prepared for the next disruption.
1. Plan
Establish a policy:
- Set the boundaries.
- Explain the ‘why’.
- Define guiding principles and roles and responsibilities.
Define programme scope and establish governance:
- To manage the work to initially to implement and subsequently maintain and continually improve the business continuity plans.
Conduct business impact analysis:
- Prioritse products and services, and the process and activities to deliver them.
- Which are / are not the time critical?
- How does the impact vary over time?
- What resources would be needed to maintain at a tolerable level?
Risk and threat assessment:
- Decide which functions are essential. It may not be practical, or affordable, to ensure everything and everyone is up and running during a critical incident.
- Identify unacceptable levels of risk and single points of failure.
Develop plans:
- Design business continuity solutions that enable your organisation to respond to a disruption and continue to perform prioritised activities.
- Get approval and funding to implement the solutions.
- Develop business continuity plans for prioritised processes and activities.
- Plans will be used in high pressure stressful situations so need to be:
- Clear & action orientated
- Adaptable
- Concise
- Relevant
2. Do
Implement response structure:
- Ensure your organisation has a clearly documented and well understood mechanism for responding to a critical incident / disruption.
- Individuals and teams responsible for response activities.
- Roles and responsibilities of those individuals and teams.
- Documented procedures for those Individuals and teams.
- Communication protocols to enable accurate and timely information to reach those who need it both inside and outside the organisation (e.g., customers, suppliers)
Training and awareness:
- Communicate about business continuity to raise awareness and encourage buy-in.
- Ensure the required competencies and skills are in place.
Establish exercise programme:
- A scheduled series of events, not a one-time activity.
- Start simple increasing complexity and challenge over time.
3. Check
Plan testing:
- Define the objectives of the test / exercise.
- Create a schedule.
- Determine the resources required for the test / exercise.
Exercise / test the plans:
- Prepare for the exercise / test and tell participants what is expected of them – in advance or at the start of the test.
- Don’t disclose anything that could adversely affect the intended aim of the exercise / test.
- Run the exercise / test.
- Debrief after the exercise / test and discuss any lessons learnt.
Evaluate the policy, programme and plan(s):
- Are they still appropriate and effective? This can be self-assessed or audited.
- Do they continue to align with organisational objectives?
- Assess key suppliers’ business continuity plans.
4. Act
Maintain the business continuity plan(s):
- Keep plans up to date with:
- organisational changes
- product & service changes
- process changes
- A real disruption event may provide lessons learnt.
Implement lessons learned from exercises:
- Update with lessons learnt in both business continuity plans and exercise / test plans.
Still unsure? Think you need a professional opinion? That’s what we’re here for! 2PM Services can help you plan for the worst! Reach out to our team today.