There is a popular saying that is often attributed to Benjamin Franklin: “Failing to plan is planning to fail.” This adage goes to the crux of the reason behind business continuity management.
Business continuity is about planning for potential future crises, emergencies or incidents. It will ensure your organisation can continue to operate in these circumstances. Given this, there is some overlap with emergency management (which addresses the immediate aftermath), crisis management (which is primarily characterised by incidents with serious reputational consequences), and ICT disaster recovery (which gets the critical ICT systems back online). We’ll delve more into those in a future blog post.
Common issues we’ve encountered in business continuity
Firstly, it can be easy to mix up important business functions with time-critical ones. Strategic planning is a classic example where it’s essential for the success of any organisation, but not time-critical to deal with after an incident.
Secondly, some people don’t always see the value in developing a Business Continuity Plan (BCP) because it’s “common sense” and “we’ll figure it out if something happens.” There is some validity behind this. A BCP is not rocket science and that it is possible to figure out what to do after an incident or event happens.
But having a BCP in place will save time and minimise the risk of missing something. If your financial systems are down, nobody wants to run around trying to figure out what the backup processes are when you’ve got staff who need to be paid. It’s much easier to identify what these are ahead of time and make sure they’re written down in a place that is easily accessible: aka a BCP!
How to improve your BCP
Given the importance of BCPs, the following list provides some suggested ways to improve them based on our experience of common flaws:
As mentioned above, we recommend running a scenario-based workshop each year on your BCP. There are lots of options for your workshop and you’d pick a different approach depending on your organisation’s level of business continuity maturity.
For example: if your organisation is very mature in business continuity management and you have a higher risk for potential incidents, you may wish to run an end-to-end exercise in real time. However, if this is the first time you’re running an exercise, you’d be better off going with a tabletop discussion. If your response team is not familiar with the BCP, then a “plan walkthrough”, which is where the team is divided into groups to discuss specific issues, may be more useful.
Some considerations for your BCP exercise include:
But most importantly, as part of the exercise, acknowledge that your BCP is a planning and reference document. It isn’t going to cover every potential scenario and if there is an incident, you will need to be adaptable. However, having one will maximise the possibility that you’ll be able to keep your essential functions running during an incident.
How we can help you
At Callida, we have extensive experience with undertaking Business Impact Analyses, building Business Continuity Plans and running scenario-based exercises of Business Continuity Plans with multiple organisations including with the federal and ACT governments. We can help your organisation strengthen its business continuity so that you minimise the risk of being caught off guard during an incident.
Get in contact with us to discuss how we can help you:
(02) 6162 3339
The real risk when it comes to automation of upstream process is not doing it.Read more
Callida © 2019 all rights reserved