Business continuity plans should be regularly reviewed and updated. Changes to your business, including the introduction of new IT systems, new services or products, relocation or expansion, can all impact on whether your current business continuity plans will stand up if an incident occurs.
Here we outline five steps that can improve your business continuity strategy and ensure it’s fit for purpose.
1. Review your business continuity plans regularly
Probably the most important way you can improve your business continuity strategy is to review documentation regularly. Ideally reviews should be carried out at least quarterly, and always after any significant changes to the business. It may not be necessary to review all areas of the plan in detail if there are no factors to suggest they need updating; however areas of the business like IT that see continual development must be prioritised.
Also bear in mind the relationships between different areas of the business and how changes to one, may have consequences in other areas too.
2. Deal with generic threats
Business continuity plans fall down when they are too specific and the processes documented relate to a precise threat. The problem with this is that your plans will only work if the threat plays out as documented and the chances of that happening are very slim. Instead your plans should deal with more generic threats such as lack of power, buildings being unusable, or IT systems being unavailable.
Although the specific threat – for example an IT outage – may need to be addressed in a specific way, for business continuity purposes the aim is to get the business operational again as quickly as possible. Managing the specific threat is where disaster recovery comes in: identifying the causes of the incident, assessing the impact, recovering systems and dealing with the fall out of that incident.
Another thing to consider is whether an incident may involve more than one threat. Your business continuity plans need explore all possible scenarios, not just one or two.
3. Address how threats affect all areas of the business
Similarly, many companies focus on the impact of threats on specific departments such as IT, finance, HQ etc., and ignore other areas. A more holistic approach is needed, exploring how threats impact on other areas such as customer services, sales, remote teams etc.
Your business continuity plans should not be confined to just your internal organisation – third party providers, your supply chains, your customers, should all be considered. In the event of an incident your business continuity plans need to be aligned with these key stakeholders. There may also be opportunities to work together and put reciprocal arrangements in place such as offering support and resources in the event of an incident.
4. Make sure plans are accessible
A business continuity plan is worthless if you can’t access it in an emergency. Storing it on a computer that has crashed as a result of an incident, defeats the object of having one. Keeping it in a desk drawer when the building is out of bounds is equally as pointless. A simple way to improve the effectiveness of your business continuity plans is to ensure that they are backed up appropriately. Secure cloud storage is a potential solution as this can be accessed offsite and from alternative devises, should your company’s be jeopardised.
5. Test your plans regularly
To really highlight where improvements can be made, test your plans. Then you will quickly realise that a business continuity plan stored in a desk drawer is no good if you have a building fire. Or that your building continuity processes are useless if a key person is on holiday when an incident strikes.
Bruce Penson, Managing Director, Pro Drive IT.