Business Continuity Plans have been beneficial to companies throughout history. Most recently, with the Coronavirus pandemic, these plans have become increasingly necessary and actually required by some customers. Many people think of only the Information Technology (IT) department’s plan to keep the computers going when they hear business continuity. Although IT resiliency is planned separately, the Business Continuity Plan encompasses critical services, information, assets, and core business.
A Business Continuity Plan aims to ensure that there is minimal disruption to business operations during a major incident. In addition, it assists departments in reinstating normal services as quickly as possible. The goal is to be prepared so that the company can manage and bounce back quickly after an interruption.
Official standards exist that can be followed for the creation and management of a plan but may not be fitting for all companies. The depth and complexity of a plan depend on the size and complexity of the company. No matter what industry you are in, there are basic topics to cover in a Business Continuity Plan. I give you 5 of those topics here.
No company plan addressing major risks can work without the support of upper management. Management must be committed to taking all necessary action to identify potential issues that can impact the businesses’ normal operations. Additionally, communicate and train employees on what the plan is. With a goal of continuous improvement, assess the plan content regularly with drills and simulations.
Identify key people, and their alternates, that are assigned tasks within the plan. Keep the list up to date and ensure that those identified are aware of their responsibilities.
The overall plan reflects the issues faced and actions put into place to ensure that recovery time is kept to a minimum and the business is operating normally again. To identify potential impacts, focus on issues that are likely to occur. In addition to infrastructure and IT, include an assessment of key employees. What would happen if one key employee is suddenly lost, or a larger group of employees is suddenly kept away from work?
This is when a risk matrix comes in handy. A risk matrix helps to prioritize the most serious impact issues. Analyze the threats based on probability and impact. After mitigation measures are considered, score the risk based on the highest impact rating and the highest probability rating for each threat.
It is a good measure to establish business continuity objectives. As with any other objectives, ensure they are SMART (i.e., Specific, Measurable, Attainable, Relevant, and Time-Based). Designate employees who are responsible for meeting the objectives along with targeted completion dates and status updates.
Ensure that the necessary resources are available and employees are competent to manage their assigned tasks. Anyone impacted by the loss of normal business operations needs to be aware of your plan. Many clients require their providers to have a Business Continuity Plan in place before they are hired.
Make plans for who will contact employee next of kin and who will contact clients during an event. After the impact assessment is complete and risks are prioritized, describe the methods of obtaining critical services. It may be necessary to move to alternate locations to prioritize the recovery plan.
Perform drills and simulations on a set, regular basis to test the content of the plan. Address changes faced through an internal audit process. Assemble a management team to ensure priorities are addressed and all aspects are covered. To ensure improvement, address and correct all non-conformances.
I’ve given you the basic topics to cover in a Business Continuity Plan. If you would like a template that guides you through for a custom plan, contact us for a quote. CMS specializes in customer care and satisfaction and promises to give the best service all while making everything affordable for any size business.