The decision to develop a Business Continuity Plan is a matter of choice for some organisations and a regulatory or contractual requirement for others.
In either case, it is a decision to develop and document a set of strategies and resources designed to prevent, minimise or manage business disruption and protect reputation. The disruption might be anything from a temporary breakdown of telephony to a major weather event with attendant damage and complete cessation of operations.
The strategies might range from diversion of telephony to complete relocation of an organisation to another site and how we communicate with staff, customers and the media. In extreme circumstances the strategies may determine whether and how quickly an organisation can recover from a catastrophic event. For many businesses, the floods of 2007 were just such an event.
On a day to day basis, organisations work when people utilise resources. If resources are damaged or inaccessible, there is an immediate impact on operations which may affect staff, customers, reputation and, of course, the bottom line. So we look to counter disruptive incidents by having well planned contingency arrangements. By developing and documenting we create a plan which guides our people on how to manage a crisis and avoid being overtaken by events.
The size and complexity of the plan will reflect the requirements and the complexity of the organisation but it should not be a weighty tome. If it is to guide people in emergency situations, it must be accessible and understandable. The objective may only be to plan against a few key events, perhaps recovery from IT failures or denial of access situations. At best, it will equip members of a management team to respond to a crisis with confidence, fully aware of the issues they need to address and properly resourced to protect their organisation’s capabilities and reputation.
Since its purpose is to protect operational capability, it is easy to see why others may impose it as a contractual obligation. Lenders and insurers have a vested interest in protecting their exposure and key customers wish to ensure continuity of supply. Directors have a statutory obligation to consider the interests of stakeholders and regulated firms increasingly find that contingency planning is in the rule book.
The task of building a plan will be helped by following a structured process which drives thought about the key issues and offers solutions to the problems identified. For some this may call for external consultants to coordinate the planning process, especially if accreditation is sought under BS 25999, the British Standard for Continuity Management. For others, particularly those in the SME sector, well-chosen software can provide that structure, save time and expense and deliver much of the benefit of consultancy.
Whatever your chosen method, your decision to create a Business Continuity Plan should be taken to protect and benefit your own organisation. The protection it provides to internal and external stakeholders is a natural outcome.
If you are unsure whether or when to start developing your own plan, keep these few points in mind:
- Demonstrating resilience gives confidence to staff, customers and suppliers.
- It is better to commission a plan in your own time than to wait for someone else to set the deadline.
- Business Continuity Plans are not just for big organisations. They just need bigger plans.
- The survival rate of firms that do not plan for catastrophic events is estimated to be only 20%
- Few firms which suffer a catastrophic IT failure survive beyond 1 year.
- When you are faced with a crisis, it is too late to make advance plans.
Complete our enquiry form and we will contact you with full details of our online service.