5 Major Areas of Business Continuity Planning

Business continuity planning can be a major part of a business depending on what kind of business it is. While all businesses should consider it, some business rely on it for their very survival. For example companies like Microsoft, Google and Apple have systems that need to remain online continuously. They also have certain levels of customer service that have to be available continuously, therefore business continuity for them is a part of the business. Below are 10 considerations every business continuity plan should encompass.

1. Assess Risks and Impacts

Every organization faces risks of some sort. For instance, every organization has a risk of inclement or severe weather affecting them. Torrential rains, extreme heat or cold and large snowfall amounts can have a serious impact to just about every business. As a part of BCP planning organizations need to take the time to identify all of the risks they face and document them. This list should be revisited at least annually in every organization so new risks can be identified and old risks can be mitigated or removed. Should a risk become a reality, the organizations should assess the impact certain materialized risks will have. For instance if there is heavy snow, then the office may be closed and employees will have to work from home if possible and if their job function allows them to.

2. Determine Responses and Resources

Once a risk materializes there will need to be certain responses from key team members. For instance if snow is predicted then someone will need to be charged with monitoring and assessing road conditions and then making the call on whether or not the office is closed. The accounting department will need to be aware of the types of billing and timesheet entries that are allowed for the weather and being out of the office. A manager may need to activate an on-call listing. In addition to the many responses that may occur to a materialized risk, it is important that the necessary resources be available to those who need it to implement BCP directives. Resources could include items like laptops, internet air cards, temporary office locations, phones and vendors to assist.

3. Define Duties and Priorities

When a risk materializes it is important for everyone to know what their roles and responsibilities are while the issue is occurring. In the case of a system outage of some sort, the different members of the IT team need to be fully aware of what their role is in restoring the system. Some members should be tasked with communications to management and others, some should be tasked with addressing the issue, and others should be tasked with reaching out to vendors for support if necessary. When everyone knows their roles things are not chaotic and confusing, which they can sometimes be when disasters occur. Another are of BCP involves prioritization. If there are multiple systems affected by an outage of some sort then a determination needs to be made about which systems to restore first, second, third, etc. There can also be management level prioritization decisions to consider like which departments are brought back online first, second, third, etc. Unless discussed and agreed upon prior to an outage, correctly prioritizing restoration efforts can be tough.

4. Establish Contacts and Communications

Communications can be the most important part of a business continuity planning. It’s often overlooked, but when an outage occurs, if communications are not well thought through and executed then it could make for a very frustrating experience. Decision like who gets called and when, intervals on when updates should occur and how communications will occur are all very important items to discuss before an outage. In the case of system outages one good communications strategy is to open up conference-bridge which allows all players to call in and provide updates.

5. Perform Testing and Maintenance

Lastly, testing and maintenance of the BCP plan and its components are essential for success. There are two levels of testing that can occur. One is called table-top exercises which involves all team members sitting around a table and verbally expressing what will occur in a given scenario. The next level is to actually perform tests by intentionally taking systems down and going through the steps outlined in the BCP to restore them. After such tests lessons learned and corrective actions should be discussed and acted upon to improve the plan. Such tests should happen at least annually in an organization.

.

References

Linton, I. (2017, November 21). The 10 Key Components of a Business Continuity Plan. Retrieved from https://yourbusiness.azcentral.com/10-key-components-business-continuity-plan-3433.html

Lichtner, S. (2015, March 24). Four Key Components of Business Continuity. Retrieved from http://nexightgroup.com/four-key-components-of-business-continuity/