The key to successful Business Continuity Management (BCM) is understanding what potential threats or risks could derail your organisation, the impact they would have and what would need to be done should they occur to ensure that your daily operations aren’t affected or could recover quickly. The most critical component of your BCM plan is developing a Business Continuity Plan (BCP). A BCP captures all the information an organisation needs to keep its business running in light of an incident or crisis and provides direction for recovery afterwards, so operations can be as close to “business as usual” as soon as possible.
As discussed in our last blog, once your organisation has done the first two key components of business continuity management (BCM) — putting together a BCM team and undertaking a Business Impact Analysis (BIA) which assesses the processes critical to your organisation, the threats and risks inherent in your operations and the potential impacts disruptive events may have — you are then ready to build your business continuity plan.
Research shows that 90% of businesses without a plan will fail after a disaster (source: Touche Ross 2017).
Your organisation should allocate a generous amount of time and effort on the planning process and follow these 5 steps to get your plan in good shape.
At this point, you know what threats could negatively affect your organisation via your BIA and the impact they could potentially have, so now it’s time to create a plan of action should the threat occur. Make a list of what actions your organisation would need to take to become operational again. For example, a potential threat could be a building fire. If there was a fire, actions that would need to happen include employee evacuation, office relocation, potentially switching to a backup network, if necessary, and replacing infrastructure or equipment.
2. Identify who will be in charge of what needs to be done.
When disaster strikes, it’s unlikely that someone or a team of people will jump into action and take care of what needs to be done unless they have been assigned to do so in advance. For each action that has been mapped out, designate someone from your organisation to handle the task and make sure they are fully aware of and prepared for the responsibility.
3. Outline what resources are needed to put the plan into action.
In the event of an emergency, your organisation won’t have time to waste to pull together the information or physical resources needed to execute your outlined actions. This is why part of your plan should be thinking through what assets or items you’ll need to fall back on. In the case of the building fire, for example, you’ll want all employee contact information easily accessible, backup processes in place for locating key business documents like separately stored copies of invoices, bank details and insurance policies, and to have a potential alternative location for your business.
4. Deciding on a timeline to action the plan.Again when faced with high-stake problems, people generally don’t act calmly or think clearly, so to avoid added chaos, it’s helpful to create a timeline or sequence for when the outlined actions need to take place. For example, if there is a data breach, after the breach has been stopped, does your organisation first assess the damage or does it notify those that may have been affected? In the moment, companies often think it’s best to alert customers when in reality it’s generally better and less costly to gather the facts first, albeit in a timely matter, before publicising the breach (Source: The Ponemon Institute). By ordering the sequence of actions in your plan, you will ensure your organisation responds rationally instead of reacting haphazardly.
5. Prioritising each action.
Similar to setting a timeline for your actions, you also want to rank your set responses as either low, medium or high priority. Many actions will be taking place simultaneously while responding to an incident or crisis, so designating priorities will ensure the most crucial tasks are taken care of first.
Unfortunately, you can’t predict every kind of incident that could threaten your business, but by following these 5 steps, you can develop a plan that covers a range of incidents and sets you up to recover from unfortunate circumstances as quickly and seamlessly as possible. If you’re looking for tools to help in creating and executing your business continuity plan, software like RiskWare’s Business Continuity Module is there to help.
To learn more about how RiskWare is making the world a little less risky, visit us at RiskWare.com.au.