 |
What do you mean by business
continuity planning? |
 |
A plan, or strategy, to ensure that
the necessary steps are taken to identify the impact of any
potential incident, followed by implementation of an appropriate
plan of action - thus ensuring the continued well being of your
business. (Elements might include a contingency planning programme;
a disaster recovery programme; and a business recovery programme). |
|
What is a contingency programme? |
|
This is a plan that should be implemented
and followed - company wide - if an emergency or disaster takes
place which can potentially disrupt or destroy the smooth running
of normal business activities. The purpose of the plan is to
maintain, or restore when affected, everyday, ordinary operational
capabilities. |
|
What is a disaster recovery programme? |
|
This is a pre-determined plan which
is targeted at the process of returning a business to normal
operations, initially at minimum survival levels and, as quickly
as possible thereafter, to pre-incident levels of performance. |
|
What is a business recovery programme? |
|
This is part of the overall disaster
recovery plan and includes key elements such as recovery teams,
and recovery site(s) aimed at keeping the recovery window as
short as possible. The recovery window is the time scale within
which time sensitive functions or elements of the business must
be restored, usually determined by a business impact analysis. |
|
What is a business impact analysis? |
|
This is an analysis of the impact
upon a business of losing various areas of capability/resource.
It is usually carried out at management level, calling in relevant
expertise within the business as required. It assesses and measures
the initial effect of losing resources as well as the cumulative
impact of escalating financial losses. These data provide management
with the wherewithal to make decisions on risk mitigation and
continuity planning. |
|
What is risk mitigation? |
|
This involves, firstly, the identification
and evaluation of operational risks that particularly affect
the ability of the business to function and, secondly, the implementation
of preventative measures that can avoid or diminish the risk
assessed by the first exercise. |
|
How do I develop an effective strategy? |
|
| 1. |
It should be lead at the most senior management
level and implemented as an integrated part of the organisation's
structure |
| 2. |
It must cross all departmental boundaries
and be an integral part of each |
| 3. |
It should reflect the working practices
of both the whole and the individual components - and
be capable of adapting to changing circumstances |
| 4. |
It must take into account not only solutions
to immediate problems, but also anticipate future demands
both within and outwith the business |
| 5. |
It must be properly funded both in terms
of finance and human resource. Use the best of what you
have and make it cost effective |
| 6. |
Develop a culture throughout your organisation
that is more aware, and better, at managing risk |
| 7. |
Once developed, do not take your eye off
the ball but continue regular testing and evolution
|
|
|
What sort of things should I consider
as part of my plan? |
|
| 1. |
Identify the scope of the plan and define
what is a disaster |
| 2. |
Decide on the escalation process including
alert, invocation and stand down procedures |
| 3. |
Identify business continuity team and their
alternates, as well as their sub teams and alternates
( e.g. media team) |
| 4. |
Identify and prioritise tasks, actions
and functions to be undertaken to ensure recovery |
| 5. |
Assign roles and responsibilities for all
individuals |
| 6. |
Identify alternative locations; establish
contact details for internal and external resources; determine
vital records and materials and how to access them |
| 7. |
Research resource requirements and decide
how they will be provided and in what time-scale
|
| 8. |
Establish reporting procedures and provide
an audit trail for later analysis (there may be later
inquiries, claims and compliance /regulatory implications)
|
| 9. |
Ensure that confidentiality is maintained
and that all copies of the plan are the latest version |
|
|
Can you tell me some typical areas I
should consider? |
|
| 1. |
Damage assessment and salvage |
| 2. |
IT recovery |
| 3. |
Telecommunications and data communications
recovery |
| 4. |
Premises restoration/relocation |
| 5. |
Procurement |
| 6. |
Media management, corporate communications,
public relations and marketing |
| 7. |
Operational and production recovery teams
|
| 8. |
Business unit and departmental recovery
teams |
| 9. |
Support and co-ordination teams (personnel,
transport and logistics, administration and welfare support,
finance and insurance) |
| 10. |
Alternates; without some key members, or
their alternates, the plan may fail |
|
|
Where can I go for professional help? |
|
There are a number of companies
and consultants operating in the business continuity field.
For further information, please contact The Business Continuity
Institute at http://www.thebci.org |
