Business Continuity – 6 steps to success!
What is Business Continuity?
Business Continuity aims to provides detailed steps to take before, during and after an event to maintain the financial viability of an organization in the event of a disaster.
Due to such global events like the 9/11 attacks, Global Financial Crisis and more recently the terrorist attacks across Europe and the UK – a shift has occurred where businesses are becoming more proactive to potential disruptions than in the past.
The best way to do this is to develop a Business Continuity Plan (BCP) or Business Continuity Management Plan, which sounds like a monumental task – however if you break it down into the following six steps; it’ll be a lot easier and result in a highly resilient business!
1. Business Commitment and Risk Identification
One critical component of any project or plan is the buy in from senior management. Without this; most plans are not likely to progress to implementation.
For a starting point, it’s important to have all key stakeholders on board and to do this it’s best to meet with them.
In preparation for the meeting; you should detail the current plans and procedures that are already in place. Highlight all of the following:
- resourcing required
- any known gaps
- overall effectiveness.
A risk appetite statement provides a directive to management and staff about organisational tolerance during an outage. Quicker response times generally come at a cost so the organisation needs to understand the costs and benefits of its desired tolerance to an outage.
2. Perform a Risk Assessment
A detailed risk assessment across the organisation and its functions will highlight existing areas of weakness and identify plausible disruption scenarios. Typically a disruption occurs because of:
- Unexpected loss of data and IT resources
- Loss of physical environment (natural or man made disaster)
- Key personnel no longer being available
- Loss of equipment (theft, damage, failure)
3. Conduct a Business Impact Analysis (BIA)
A Business Impact Analysis (a.k.a Business Continuity Analysis) is the more critical step when working on any Business Continuity Plan (BCP). The BIA should be designed to capture operational and financial impacts, technological reliance and resource requirements across key business areas during a disruption. This step should identify any operations which are time-sensitive and identify any contingency resources and plans.
This will also include the Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
More on Business Impact Analysis is provided by the folks over at TechTarget: http://searchstorage.techtarget.com/definition/business-impact-analysis
4. Develop your Business Continuity Plan (BCP)
The BIA forms the basis of the overall BCP. A robust BCP should include the organisational plan and response to the following four stages;
Emergency Response procedures
This should outline anything around the safety of staff and security of any key organizational assets. This is usually worked around the first 5 minutes after the incident and no business directive. An example of this is the building evacuation process.
Crisis Management Response
This stage involves identifying the disaster/crisis and what the response should be from a business perspective. The BCP should contain:
- Crisis Management Team
- Roles and Responsibilities of the team members
- Processes and criteria to perform impact analysis
This outlines the processes to undertake to recover mission critical systems and services to a point where they’re operational. As a result, this may not mean pre-disaster operational but making sure that they’re available. Examples of this are running a system within a fail over environment located in another facility the business owns or even in the cloud.
It’s a good idea to list additional sites/facilities and key personnel. is documented clearly and a checklist should be provided to make sure nothing is missed during stressful times.
This section is generally very broad as returning to normal operation will vary from incident to incident. As a result; just basics on what needs to be performed and which roles are taken by team members to ensure business is returned to normal in an efficient manner.
5. Implement your BCP and train staff
At this point, your Business Continuity Plan (Business Continuity Management Plan) can be implemented across the business. The BCP should be viewed as a live document which is reviewed, updated and improved upon over time.
It is good practice to train staff so that they are aware of the BCP plan, what their roles and responsibilities are and who to contact should the need arise. Consequently; training will help to build staff capability and confidence to enable a smooth transition from crisis mode to business recovery and ultimately to the business resumption phase.
6. BCP Test Scenarios
Just like anything in life; practice helps to educate and familiarise with anything we do. A good example of this is the annual fire evacuation most buildings hold – while they always seem to come at the most inconvenient time; it’s effective in teaching staff what to do in an emergency situation.
This is no different for a BCP – to test Business Continuity on an annual basis (at a minimum) will help make sure your staff know what to do in a disaster and won’t panic. It also helps identify any possible oversights, weakness or areas for improvement moving forward.
Still have some questions around successful business continuity strategies? Feel free to contact us with an obligation free enquiry.
You can find more information about what TestMyBackups can provide around the BCP space.
A good Business Continuity Plan template to use is provided by the Queensland Government (Australia)