What is a Business Continuity Plan?
A Business Continuity Plan (BCP) is usually a set of processes. The processes are to be undertaken to ensure business services and processes can continue through a disaster or major emergency. Consequently; the purpose of a BCP is add resilience to the business.
Businesses need to to look into all potential threats; and therefore create a Business Continuity Plan against these should they eventuate in the future.
Business Continuity Plan basic overview
At a very top view level; a business continuity plan should include the following:
1. Threat discovery and analysis.
2. Comprehensive list of business mission critical tasks and services.
3. Contact information of key stakeholders and management.
4. A detailed outline of where and what employees should do in the event of a disaster.
5. Backup and recovery strategy information.
As with all successful plans; there must also be collaboration between different departments. With everyone agreeing on the plan. Even the most thorough BCP may not work effectively; especially if the team isn’t all pulling in the same direction.
Another important thing is that a BCP is a living document; meaning it’s constantly under review and refinement. The best way to make sure that the plan is effective for your business is to test it regularly also.
Business Continuity Plan detailed overview
As we’ve mentioned in the basic area; there are certain steps and processes that should be included in a BCP. We go into these sections in greater detail below.
Threat Discovery and Analysis (Risk Assessment)
There isn’t any point in attempting to devise a plan; especially if you’re unsure as to what the main outcome is that’s to be achieved. A risk assessment will provide this when devising a Business Continuity plan.
The main aim of this is to identify plausible situations that the business could encounter; and determine if they’d disrupt normal day to day business.
Such risks that could be identified include:
- Corporate sabotage
- Faulty equipment
- Natural disasters
- Man made situations (bomb threats, deleted data, etc).
Mission Critical Tasks and Processes
As part of the Business Impact Analysis; a need to identify and list technological reliance and resource requirements across areas of the business that are impacted during a disruption. This step should identify any services and operations which are time-sensitive and identify any contingency resources and plans.
Contact Information of key personnel
In any critical situation; who to contact and who needs to know about this in the business? The list may include:
- internal staff; and potentially their next of kin
- emergency services
- contacts that are external to the business
Contact lists are very diverse and individual. As a result; the list of contacts will vary from business to business and event to event.
Processes for company employees to follow
As a business the main priority should be to ensure the safety of all employees; at all times. This includes times where normal business operation doesn’t occur.
It’s important for a BCP to include information for all employees and visitors to be aware of in times of disaster or threat. Detailed evacuation procedures, crisis management response tasks and finally, resuming and running mission critical services again (recovery process).
In the event of panic; it’s best to have your staff prepared and trained effectively on these processes. As a result; they’ll work off instinct if and when the time comes.
Testing your Business Continuity Plan
In most environments; it’s rare that a situation will cause a complete disruption of your business on a regular basis. As a result; it’s critical to regularly run your team and employees through a disaster situation.
The benefits that come out of performing regular tests of your BCP are as follows:
- Identify weaknesses in the overall plan itself.
- Determining if the key people managing the disaster situation are the right people.
- Train staff effectively on their roles and responsibilities.