How to write a business continuity plan: the easy way
Earthquake. Virus. Cyber attack. The threat of disruption looms over organisations more than ever, thanks to the increasing use of technology in business processes, consumer expectations and the rapid rise in cyber crime.
Organisations’ top priorities tend to be their technologies – and for good reason. Network connections, online systems, phone lines, network drives, servers and business applications are all vulnerable to a range of disruptions and can cause huge headaches if they are compromised.
But business continuity planning isn’t just about recovering IT functions. It’s primarily concerned with critical activities that, if disrupted, could immediately jeopardise your productivity or the availability of your services.
However, restoring your IT may take some time, so you should have a plan on how to manage in the meantime. Such temporary solutions may well be lo-fi, such as completing processes with pen and paper.
Why is a business continuity plan important?
Customers must still be able to use your services, employees must be able to continue doing their job and you can’t allow yourself to face a huge backlog of work as delays continue.
But business continuity isn’t only about short-term goals. The cyber security landscape has become increasingly volatile in recent years, with cyber crime continuing to spiral and organisations’ reliance on technology leading to vast numbers of accidental and deliberate data breaches.
Business continuity is especially important for OES (operators of essential services) and DSPs (digital service providers), as the delays could either be widespread or cause major headaches.
DSPs within the Regulations’ scope are explicitly required to put business continuity measures in place. Although the same isn’t true of OES, they should still consider implementing a BCP as a means of providing a more reliable service.
What Is a Business Continuity Plan (BCP)?
Containing a serialized checklist of risk-mitigating actions to take, business continuity planning addresses both natural and human disasters that can strike, ultimately bringing operations to a halt. Such disaster scenarios include:
The goal of a BCP is to mitigate the damage and reinstate operations before any of the above scenarios become existential business threats. Even small-seeming events like a severe storm damaging physical building infrastructure can trigger consequences affecting other core business domains. For example, consider the effects of a tornado that destroys the only third-party warehousing service you use to store your inventory, or a ransomware attack holding hostage your customers’ payment and account information.
Expert Disaster Preparation Checklist
Business continuity and disaster planning aren’t just about your buildings and cloud backup — it’s about people and their families. Based on a document by Mike Semel of Semel Consulting, this disaster checklist helps you prepare for the human needs of your staff and their families, including food, shelter, and other comforts.
- Take the continuity management planning process seriously.
- Interview key people in the organization who have successfully managed disruptive incidents.
- Get approval from leadership early on and seek their ongoing championship of continuity preparedness.
- Be flexible when it comes to who you involve, what resources you need, and how you achieve the most effective plan.
- Keep the plan as simple and targeted as possible to make it easy to understand.
- Limit the plan to practical disaster response actions.
- Base the plan on the most up-to-date, accurate information available.
- Plan for the worst-case scenario and broadly cover many types of potential disruptive situations.
- Consider the minimum amount of information or resources you need to keep your business running in a disaster.
- Use the data you gather in your BIA and risk analysis to make the planning process more straightforward.
- Share the plan and make sure employees have a chance to review it or ask questions.
- Make the document available in hard copy for easy access, or add it to a shared platform.
- Continually test, review, and maintain your plan to keep it up to date.
- Keep the BCP current with organizational and regulatory changes and updates.