Keeping the Lights On with Business Continuity Planning
What is Business Continuity Planning?
Business Continuity Planning is about anticipating the crises and interruptions that could affect your business, and planning for them.
Knowing what to do in the event of something happening is extremely important for all businesses as failing to recover quickly from a situation can seriously impact the short and long term success of your business.
A Business Continuity Plan lists a series of contingencies that enable key business activities to continue to function in the most difficult circumstances, such as when a vital computer system fails.
The plan sets out clear roles and responsibilities so employees know what to do in the event of a situation occurring.
Why is having a Business Continuity Plan important?
Having a business continuity plan in place means that your business knows what to do in the event of a situation occurring.
If something happens to your business you have a plan that you can turn to which will help your business recover quickly and effectively.
A business continuity plan provides commercial benefits too as companies with business continuity plans are more attractive to do business with. For example, large businesses that rely on the outsourced services of third parties will prefer to work with suppliers who have a Business Continuity Plan in place.
Many businesses adopt a traditional approach to Business Continuity Planning…
Many businesses adopt the more traditional approach in the event of a disruption or disaster, and that traditional approach is to PANIC!
Disruption or disaster comes in many forms – adverse weather, industrial action, vandalism, technical faults, data loss to name a few – and businesses that aren’t prepared and don’t have a plan to turn to will panic and react to the situation, making decisions on the fly.
This can make a bad situation worse and it can lengthen the time it takes for your business to recover.
There are 4 steps to Business Continuity Planning
Creating a business continuity plan is a pretty straightforward affair and it can be broken down in to four simple tasks.
- Knowing your business is about identifying the components which are critical to the day to day operation of your business. This typically includes a combination of people, facilities and IT systems.
- Assess the risks to these components and rate them in terms of likelihood of occurring and the impact they’d have on your business. This is about asking and answering those dreaded “What if…” questions.
- Document a plan which details these key components, the risks posed to them, and the action that you will take to mitigate these risks. It is important for the plan to be understood by those involved in executing it as these people will need to know what their responsibilities are should the plan be put in to action.
- Test your plan to ensure that it works as expected and adapt it if it doesn’t. In addition, review the plan to ensure that it reflects your current business critical components.
It is also important to determine a recovery time objective (RTO) for each component in the plan as this will influence the measures you take to protect them.The RTO is the amount of time that your business can function without a business critical component before it really becomes business critical.
For example, a business that can only tolerate two minutes of email downtime before it becomes business critical will have a different plan for protecting their email platform that a business that can cope for two days.
For example, 12 months ago your website might not have been a business critical component and therefore omitted from your plan. However, today your website might be a key revenue generator for your business and therefore a critical component. If your plan hasn’t been updated to reflect this change then you won’t be prepared in the event that something happens to the availability of your website.
Having an untested, out-of-date plan will be ineffective in the event of a disaster and will give you a false sense of security.