In the previous article we looked at some of the benefits of establishing a thorough, well-considered business continuity plan. Now let’s consider the best way to go about creating one.
What details should a BCP include?
No matter the industry you occupy, or the conditions your business operates under, all well-conceived continuity plans should feature the following information:
The Scope of the plan
Details of the employees, systems, business departments, hardware and supplies likely to be affected by the crises the plan makes provisions for.
The decision makers
The plan should make clear which individuals are responsible for coordinating various aspects of the crisis response.
Failover systems and backup recovery solutions.
Your plan should outline in detail, any failover systems that will be called upon in the event of infrastructure failure. There should also be a detailed data recovery plan, outlining the backup solutions that will be required for data restoration.
Third-party support
Lastly, your plan should include contact details for third-party vendors or service providers who might be required to provide assistance.
Once you’ve gathered the essential information you can start assembling your BCP using the following 5 step process.
Step 1 – Perform a Business impact analysis (BIA) to identify vulnerabilities and highlight dependencies.
A business impact analysis is a process designed to predict the likely outcome of disruption to business processes, and provides data that can be used to steer the creation of your business continuity plan.
A BIA offers detailed insights into latent vulnerabilities in departments and processes, with the analysis covering the likes of the following domains:
- The customer experience (channels and service points that customers interact with)
- Business-critical data siloes, including cloud-hosted data as well as on-premise systems and storage.
- Inventory management systems, asset tracking software, CRM software and transport/logistics management tools.
- Utilities – electricity, broadband, water.
The results of your business impact analysis can be used to determine which processes, departments, systems and utilities are most vital to the basic operation of your business. The analysis can also highlight dependencies that exist, so that you’re able to prioritise backup and failover systems for the most critical components of your business architecture.
Step 2 – Use the BIA findings to examine backup, failover and replacement options.
Using the data generated in step 1, explore backup services, identify sufficient failover systems and create a shortlist of best-fit suppliers for replacement equipment. Consider how you’d communicate with clients if your phone system went down. Think about how you’d recover business-critical data, ensuring it’s backed up to at least 3 locations. And consider alternative working arrangements that could be implemented if your office lost power. This is the stage at which you should select and record the details of any third-party organisations you intend to call upon in the event of a crisis.
Step 3 – Draw up your business continuity plan.
So far you’ve identified the areas of greatest risk, examined the functions most critical to your operation, and you’ve drawn up a list of the backup solutions designed to mitigate any crisis you might face. Now it’s time to put pen to paper, and flesh out the details of your business continuity plan. This should be a series of documents outlining the step-by-step actions that are to be taken in the event of an emergency, with each document pertaining to a specific domain of your business.
Specify which backup solutions will be used, which failover systems implemented, and give step-by-step instructions on the operation of each. Identify decision-makers, craft a business relocation plan, and outline the course of action to be taken to replace faulty or damaged equipment. Your BCP should leave no stone unturned, and for the most business-critical functions it should provide instructions for reinstation in minute detail.
Step 4 – Roll out your Business Continuity Plan
Obviously, your BCP only comes into action when a disruptive emergency strikes. This step of the process is simply about familiarising your team with your recovery plan, and the individual roles of each team member in its implementation. You should tailor a plan to each business department, explain the importance of the plan and what it seeks to achieve. Then ensure that everyone understands their roles and responsibilities – particularly those individuals you’ve identified as key decision makers. Familiarise key personnel to the degree that they feel confident enough to execute their responsibilities independent of higher instruction.
Step 5 – Implement a BCP testing regime.
This step is dependent on the complexity of your plan – a plan light in scope may not require regular testing, and your team may be confident in their ability to do what’s required if an emergency were to strike.
Complex BCPs should be stress-tested on a regular basis. Select BCP training leaders and conduct faux emergencies to test readiness using response questionnaires. Use findings from tests to identify areas where further training may be necessary.
Conclusion
The process outlined above may seem arduous, but once you have your continuity plan constructed you can rest assured in the knowledge that disruptive events won’t grind your business to a halt and or significantly impair its operability.
Why choose JMV solutions?
Since 2012, JMV Solutions has provided IT Support for a wide range of small and medium sized businesses throughout Devon and Cornwall. From our base in Newton Abbott, we serve businesses in Exeter, Torquay, Plymouth and beyond. Our company is formed of a personable, friendly and expert team of IT and Security experts that have your best interests at heart. We protect your business, your valuable data, and help sustain your compliance requirements against a rapidly growing cyber threat. Contact us today to learn more.