Business Continuity Planning & Management

 

5 Key Things to Consider During Business Continuity Planning

  1. Know your business  To be meaningful, your plan must be tailored to your specific needs and circumstances. Start by identifying your mission critical activities – those activities that are at the core of what you do. Then assess the likely impact that an incident would have on each aspect of your organisation. Lastly, understand your recovery time needs – how long could you survive without these activities? Therein lies what you ought to plan for.
     
  2. Understand your options – To be useful, recovery options have to be commercially fit for your organisation, and commensurate with likely disruption. Start by identifying your recovery options based on the most likely incident scenarios that are relevant to you. Then analyse the cost-benefit of each option. Select only those options that balance cost with the level of disruption you’re willing and able to tolerate. 
     
  3. Achilles heel – Every organisation is different in terms of size, location, premises, structure, people, customers, and suppliers - plans must reflect this. A robust plan is one that’s bespoke to your risks. As advisors, we often see clients target their plans on only those incidents that have a direct, often physical, impact on the organisation (think loss of premises due to earthquake, fire, or flood). However, more often than not, it’s a dependency on third parties that proves to be the Achilles heel.
     
  4. Find balance - To be effective, your plan should be holistic. Continuity planning isn’t just about IT resilience and recovery. Recovering your systems and data swiftly after an incident is usually critical, but it shouldn’t come at the cost of other considerations. For example, having your systems and data recovered within minutes of an earthquake is little consolation if your people have nowhere to work from. Be sure to balance crisis management, continuity arrangements, communication and PR, disaster recovery, and IT recovery equally.
     
  5. Test, train, and maintain – Like most things in life, you won’t truly know if your plan works unless it’s tested. Be sure to test your plan periodically to ensure it’s sufficient and fit-for-purpose. Similarly, your plan is only as good as the people delivering it – allocate clear responsibilities and train your people on what to do. Organisations change – so should your plan. Periodic reviews are the best way to ensure that your plan is fit-for-purpose and up-to-date.
     

This is a topic that we’re really passionate about – we’ve seen far too many businesses struggle to recover after a significant event. Given its importance, perhaps it’s one that deserves at least some airtime at your next board meeting?

If you have any questions, please don’t hesitate to contact Tarunesh.