Business Continuity helps any organisation cope with major disruption by providing the structure through which it can recover its critical processes as quickly as it requires them, to service its stakeholders and customers.
Research shows that 80% of businesses suffering disruption without a business continuity plan fail within 18 months. Therefore there is no ‘typical’ business need because every organisation needs to be able to survive disruption or disaster.
Here are some examples of critical business issues addressed by a business continuity plan:
- Natural disasters such as flood or snow, especially with increasingly extreme weather – a 2010 report showed 93% of organisations were affected by snow.
- Unprecedented disasters, such as the Icelandic volcano or the banking crisis.
- Supply chain failure – 74% of organisations admit supply chain problems.
- IT and other data failures, suffered by 40% of businesses every year.
- Man-made disasters, including terrorism, insurgency, civil disobedience.
- Pandemics, such as swine flu and other potentially lethal viruses
Business Continuity is based on the global standard, BS25999, which recommends Plan, Do, Check, Act as a useful way of thinking about the process as follows:
1. PLAN: Agree and establish business continuity policy and objectives, controls, processes and procedures
2. DO: Analyse needs and implement strategy
3. CHECK: Monitor and review performance against objectives and policy
4. ACT: Take preventative and corrective action to ensure continuous improvement
1. Establish a Business Continuity [PLAN]
Be clear about your business continuity requirements in terms of objectives and scope – identify appropriate resources, and make someone accountable for it.
Training is essential for those involved in Business Continuity to ensure capability in a recovery or incident.
2. Design, implement and Operate the plan [DO]
a) Carry out a Business Impact Assessment, which analyses your critical processes, and inherent vulnerabilities
b) Undertake a risk assessment process to decide how to address those risks
c) Decide how to react to those risks, by choosing one of four options
d) Identify the point ‘from’ which (RPO) and ‘to’ which (RTO) the critical process has to be restored
e) Define a strategy which meets both the RPO and RTO requirements
f) Identify appropriate teams and responsibilities
g) Rehearse the initial plan
3. Monitor and Review the BCMS [CHECK]
The plan must be monitored and reviewed regularly to ensure it remains useful.
a) Internally, if the organisation already has an internal audit function
b) Management Review – an annual exercise involving review of internal and external audit activity, resources and other inputs and outputs
c) Externally, using an objective review of the plan
4. Maintain and Improve the BCMS [ACT]
BS25999 recommends that organisations continually improve the general effectiveness of their plan, with a mixture of both preventative and corrective actions.
These are identified by a range of activities such as audits, event analysis, or management reviews. The results are then acted upon.
ibd provides access to specialist and professionally qualified advisors with specific Business Continuity expertise and real-life experience of invoking plans following disaster or disruption.
We cover any sector specialism a company might require, for example from computer software to healthcare, utilities to FMCG markets.