Business Continuity helps any organisation cope with major disruption by providing the structure through which it can recover its critical processes as quickly as it requires them, to service its stakeholders and customers.

Research shows that 80% of businesses suffering disruption without a business continuity plan fail within 18 months. Therefore there is no ‘typical’ business need because every organisation needs to be able to survive disruption or disaster.

Here are some examples of critical business issues addressed by a business continuity plan:

• Natural disasters such as flood or snow, especially with increasingly extreme weather – a 2010 report showed 93% of organisations were affected by snow.
• Unprecedented disasters, such as the Icelandic volcano or the banking crisis.
• Supply chain failure – 74% of organisations admit supply chain problems.
• IT and other data failures, suffered by 40% of businesses every year.
• Man-made disasters, including terrorism, insurgency, civil disobedience.
• Pandemics, such as swine flu and other potentially lethal viruses

Business Continuity is based on the global standard, BS25999, which recommends Plan, Do, Check, Act as a useful way of thinking about the process as follows:

1.      PLAN: Agree and establish busi­ness con­tinu­ity policy and object­ives, con­trols, pro­cesses and pro­ced­ures

2.      DO: Analyse needs and implement strategy

3.      CHECK: Monitor and review per­form­ance against object­ives and policy

4.      ACT: Take pre­vent­at­ive and cor­rect­ive action to ensure con­tinu­ous improvement

1. Estab­lish a Business Continuity [PLAN]

Be clear about your busi­ness con­tinu­ity requirements in terms of object­ives and scope – identify appro­pri­ate resources, and make someone account­able for it.

Train­ing is essential for those involved in Business Continuity to ensure capability in a recov­ery or incid­ent.

2. Design, implement and Operate the plan [DO]

a)      Carry out a Business Impact Assessment, which analyses your critical processes, and inherent vulnerabilities

b)      Undertake a risk assessment process to decide how to address those risks

c)      Decide how to react to those risks, by choosing one of four options

d)     Identify the point ‘from’ which (RPO) and ‘to’ which (RTO) the critical process has to be restored

e)      Define a strategy which meets both the RPO and RTO requirements

f)       Identify appropriate teams and responsibilities

g)      Rehearse the initial plan

3. Monitor and Review the BCMS [CHECK]

The plan must be mon­it­ored and reviewed regularly to ensure it remains useful.

a)      Internally, if the organ­isa­tion already has an internal audit func­tion

b)      Man­age­ment Review – an annual exer­cise involving review of internal and external audit activ­ity, resources and other inputs and outputs

c)      Externally, using an objective review of the plan

4. Main­tain and Improve the BCMS [ACT]

BS25999 recommends that organ­isa­tions con­tinu­ally improve the general effective­ness of their plan, with a mixture of both pre­vent­at­ive and cor­rect­ive actions.

These are iden­ti­fied by a range of activ­it­ies such as audits, event ana­lysis, or man­age­ment reviews. The results are then acted upon.

Our Capabilities

ibd provides access to specialist and professionally qualified advisors with specific Business Continuity expertise and real-life experience of invoking plans following disaster or disruption.

We cover any sector specialism a company might require, for example from computer software to healthcare, utilities to FMCG markets.