Developing an Inclusive Business Continuity Strategy – A Framework for a Successful Business Continuity Plan
Now that we’ve examined some of the reasons you should establish a business continuity plan (BCP), let’s consider the best way to go about creating one.
What information should a BCP contain?
There are certain pieces of information every business continuity plan should feature regardless of the size of organisation it’s applicable to and the sector of operation.
The scope should list everything and anything (and everyone) that the plan incorporates and makes reference to. This includes relevant employees, business departments, hardware, resources, systems and infrastructure that could be affected in the event of a crisis.
The plan leaders
The plan should make clear which individuals are responsible for actioning its component parts.
Contingency systems and backups
The plan should name any substitute systems and hardware intended to take over in the event of main system failures. It should also feature instructions relating to data restoration, listing the backup solutions in operation and guidance on how to recover data.
External support providers
Vendors and service providers may be required to provide assistance in the event of certain crises. Details of third-party support providers should be clearly listed with up-to-date contact information given for each.
Now that you’ve considered the scope of your plan, its main actors and the fallback solutions and services to be invoked, it’s time to start setting up the policy documents that will help to realise your business continuity strategy.
There are many ways to go about this, but to help you make headway here’s a helpful 5 stage process for developing a business continuity plan that covers all bases.
1) Conduct a Business Impact Analysis (BIA)
A business impact analysis is an exercise that determines how a business’s process are likely to be affected by disruption. Data derived from the BIA will prove invaluable to the development of your continuity plan by focussing attention on processes and systems that are both highly vulnerable and operationally critical.
Use the BIA to gain insight into vulnerabilities across your business, and identify weaknesses in the likes of:
- Customer experience channels. Web portals and any other communication channels your customers use to keep in touch with your business and access its services.
- Key data storage locations (both on and off-site)
- Enterprise software. Any software system critical to your business functions. These might include CRMs, asset-tracking software, inventory management tools and accounting platforms.
- Workplace utilities. Broadband, gas, electricity and water.
Once completed, the business impact assessment will highlight the processes, systems, infrastructure, utilities and departments most integral to the basic functioning of your business. The exercise will also shine a light on dependencies, highlighting the ways in which different processes interact and influence one another. Armed with a wealth of new data, you’ve be able to prioritise areas of your business for particular focus in your continuity strategy arrangements – those which are both extremely important and likely to be badly affected by disruption.
2) Create a list of contingency systems and backups
Utilising the data gathered from the BIA, start exploring contingency systems and backups, prioritising your most business-critical systems and infrastructure. Consider alternative arrangements for communicating with clients should your phone system fail, choose and execute a data backup solution for mission-critical data stores (backing up to at least 3 locations for optimum protection) and explore options for enabling home-working in case your office cannot be used in the event of flood damage or a power outage. You should also create a list of hardware suppliers that stock the equipment that you use, to allow replacements to be acquired swiftly in the event of failure. Explore options that are workable and represent a tolerable cost-benefit ratio.
Once you have nominated contingency and backup systems, record the details of all the third-party providers that you may need to contact.
3) Start writing your Business Continuity Plan
Thus far you’ve identified the most vulnerable and critical elements of your business and assigned contingency/backup services to minimise the impact a crisis might have on each of them. Now you can begin the process of formulating your business continuity plan. Most plans feature individual sets of documents, with each relating to a specific business department. Each set should feature the 4 key pieces of information we’ve discussed and should present step-by-step guidance on how to restore business functions and minimise further damage in the face of a disruptive event.
Make clear which contingency/backup services are to be executed, and give detailed advice on the actioning of each. Include key decision makers by name, consider relocation plans (in the event that your office cannot be used) and detail the process for replacing inoperable equipment. Your plan should leave no room for doubt and should ensure that all relevant staff members understand where their responsibilities lie in executing it.
4) Introduce your Business Continuity Plan
A BCP only really comes into effect when disruption strikes, but it’s important to acquaint your team with your plan to ensure they understand their individual roles within it. Give your employees free access to the plan that’s relevant to their respective job roles, emphasize the objectives of the plan and its role in maintaining the company’s resilience in the face of a crisis. Follow-up with the plan’s decision makers, ensuring they have understood the elements of the plan that apply to them, and seek assurances that they feel confident in carrying out their responsibilities independently if necessary.
5) Ensure your plan is effective with regular testing
Depending on your continuity plan’s complexity, it may be beneficial to conduct training exercises to keep the plan fresh in the minds of your employees. If your plan is relatively straightforward however, this may not be necessary.
Nominate training leaders in each business department, and encourage the use of questionnaires and simulated emergencies to test crisis-readiness. Use the results of these exercises to identify employees who might benefit from further support or training in relation to their role within the BCP.
While the guidance above is by no means exhaustive, we hope it has proved useful in helping you consider some of the components your business continuity plan should contain and the form it might take. By instituting an effective business continuity plan you can rest easy knowing your business has the procedures and resources in place to sail through the most disruptive events with minimal service interruption and little-to-no long-term damage.
The Right IT support for you
Our team of experts have one goal in mind; we want to bear the burden of your IT support for you. We thrive on engaging with our clients to create positive relationships centred around the shared desire to help your organisation succeed. We are here to help your business remain secure and to assist in its prolonged success and growth. Please don’t hesitate to get in contact with us if you are interested in seeing what we can do for you.