2. Business Continuity Planning A requirement in todays
volatile environment! If a disaster hit your business today: Would
you know what to do and be able to systematically manage the
crisis? Would you be able to continue operating your business
effectively? Would you be able to continue generating income Do you
have a Business Continuity Plan? 22008-2015 Copyright Cyberspace
Virtual Services | www.virtualservices.com.au
3. Disasters and consequences From an earthquake to a stolen
laptop, every business is at risk and the need to manage risk has
nothing to do with the size of your business. A major disruption
can be external or internal, i.e.: Natural disasters: earthquake,
flood or tornado Local event: a major power outage Personal /
internal event: computer failure, illness, burglary These types of
disruptions are beyond your control and the crisis they can create
must be addressed before disasters occur A Gartner research found
that 50% of all businesses fail after experiencing a major
disruption. 32008-2015 Copyright Cyberspace Virtual Services |
www.virtualservices.com.au
4. Dont think you need a Business Continuity Plan? Studies
reveal that small businesses, particularly sole proprietors, are
less able to survive a disaster, because many do not have a
Business Continuity Plan. Ask yourself: What would happen to your
business if: You are taken ill Your office is burnt down Your
computer dies on you A key staff member leaves at short notice You
lose your access to the Internet and email messages Do you have
procedures in place to enable you to: Continue your business with a
minimum of delay Minimise impact on the quality of the delivery of
your services or products Minimise loss of income 42008-2015
Copyright Cyberspace Virtual Services |
www.virtualservices.com.au
5. Business Continuity Management BCM requires a comprehensive
understanding of your business and all of its processes Your
business processes should be documented in your Operations Manual
Without formal documentation, how could anyone fill in for you
effectively and efficiently in your absence, whether youre on
holiday or away due to illness, whether short or long-term? How
else can you be consistent in operating your business? Have you got
a Business Continuity Plan? 2008-2015 Copyright Cyberspace Virtual
Services | www.virtualservices.com.au 5 Business Continuity
Management is the act of anticipating incidents which will affect
critical functions and processes for the organisation and ensuring
that it responds to any incident in a planned and rehearsed manner
. Business Continuity Institute the professional body for Business
Continuity Management
6. What is a Business Continuity Plan? A formal and
comprehensive Business Continuity Plan (BCP) is an essential part
of Business Continuity Management (BCM). Part of business
continuity planning is the assessment of the likely risks that can
occur, and the measure of their impact on your business BCM is the
ongoing process of creating, testing, and maintaining the
procedures to be followed in the event of a disaster Disaster may
sound too heavy a word for some of the events just mentioned, but
to the average small business owner, those would be a disaster
because of the extent of their impact unless they have a BCP in
place 2008-2015 Copyright Cyberspace Virtual Services |
www.virtualservices.com.au 6
7. Benefits of having Business Continuity Plan With a Business
Continuity Plan: Your loss of business income will be lessened Your
business will stay viable and profitable in the long term Your
stress levels will be drastically reduced 72008-2015 Copyright
Cyberspace Virtual Services | www.virtualservices.com.au
8. Basics of a Business Continuity Plan The cost of Business
Continuity Planning is not insignificant It should be reviewed as
the cost associated with the survival of the business It should be
considered as a form of insurance insurance against failure of your
organisation Your planning should be developed from the following
perspectives: 1. Prevention: what can be done to prevent the crisis
from occurring in the first place 2. Detection: what can be done to
ensure timely detection of the crisis 3. Correction: what can be
done to respond to and recover from the crisis Addressing all three
perspectives will provide the basis to develop a Business
Continuity Plan that is integrated, economically sound and
comprehensive. 82008-2015 Copyright Cyberspace Virtual Services |
www.virtualservices.com.au
9. Risk analysis List the risks Identify critical processes and
functions of your business Identify key internal and external
dependencies these processes and function rely upon List
corresponding impact of those risks on your business Identify
external influences that may impact upon these critical processes
and functions Prioritise Calculate risks to prioritise mitigation
using a simple grid calculation provided further in this
presentation 92008-2015 Copyright Cyberspace Virtual Services |
www.virtualservices.com.au
10. Risk assessment summary What are your resources and what
are the risks to these resources? Typical business risks include:
Input risks small and large Supplier failure, email, fax,
telephone, postal mail and courier Your unavailability Illness or
family commitments Output risks (the reverse of input risks) Loss
of customers due to lack of service, products delivery, etc. Other
risks Human error: natural and technological 2008-2015 Copyright
Cyberspace Virtual Services | www.virtualservices.com.au 10
11. Prioritising risks Using the grid provided on the following
slide, assess: Probability determining the likelihood of an event
impacting a business process Use a rating of 1 for low, 2 for
medium and 3 for high very likely, keeping in mind that some events
may be seasonal, thereby changing their rating with the season
Impact quantifying the probability of the risk occurring Use a
rating of 1 for low or unlikely, 2 for medium and 3 for high very
likely. Impact involves a further analytical measurement process
including: Loss of income (for one hour, one day, a week, a month)
Cost of replacing lost income Damage to reputation Any penalties
that may be incurred as a result of not completing or delivering
work on time (overdue by one hour, one day, a week, a month)
Increased insurance premium(s) Cost of organising business
succession, if a choice This is an essential part of compiling your
BCP. There is no sense in spending time and/or money on preparing
for something that may never happen, or even if it did, would have
no, or negligible impact on any of your business resources. So what
you need is a method of calculating the priority of the risks you
have identified; in other words, deduce the cost effectiveness of
dealing with each risk. 112008-2015 Copyright Cyberspace Virtual
Services | www.virtualservices.com.au
12. Calculating risk to prioritise mitigation Calculating the
values to be applied when determining priorities dont forget cost
effectiveness! I N S T R U C T I O N S If the probability of losing
your ISP connection is low (1), and the impact would be high (3),
mark (1x3=3) in the matrix for this item If the probability of an
earthquake is high (3) and the impact high (3), mark (3x3=9) in the
matrix for this item Mitigation for the earthquake would rate
higher in priority than for the loss of the ISP connection Apply
this process to each of the risks you have identified Having made
these calculations you can now prioritise your mitigation You might
also need to anticipate subsequent contingencies, such as securing
the premises to prevent looting after damage to the building. High
3 6 9 Medium 2 4 6 Low 1 2 3 Low Medium High IMPACT PROBABILITY
SOURCE: This example is derived from A Guide the Perplexed Business
Ownerpublished by Ennovate Inc. 122008-2015 Copyright Cyberspace
Virtual Services | www.virtualservices.com.au
13. Risk mitigation Mitigation strategies typically focus on:
Recovery Continuity Delayed recovery Hours Days Weeks Cost
effectiveness To mitigate something is to moderate its severity so,
starting from your number 9 priorities write in the relevant
mitigation activity; in other words what strategy or strategies
would you employ when or if, each of these events occur. For
example, make complementary arrangements with another business in a
different locale so that in the event of a local power failure you
can conduct your current work at their premises if need be. The
strategies devised should ensure the continuity, or timely recovery
of business activities whilst maintaining economic prudence. This
can be achieved by using multiple strategies, each addressing the
different priorities identified in the Business Impact Analysis.
For example, some activities cannot and must not stop and require a
strategy that ensures their continuity. Such activities would
include airline reservation systems, patient care systems, etc.
Other activities can sustain interruptions measured in hours, days
or even weeks. Strategies are accessible to meet the needs of all
such requirements. 132008-2015 Copyright Cyberspace Virtual
Services | www.virtualservices.com.au
14. Formalising your Business Continuity Plan Now is the time
to put things together. Youve listed the risks Youve listed the
impact of these risks Youve listed the probabilities of their
occurrence Youve prioritised them Youve devised strategies to
mitigate these risks Add to this fledgling plan responsibilities,
emergency telephone numbers and contact numbers If you have
documented your business, you will have a lot of material already.
If you havent then now is the time to do it When you have written
the first version of your plan, test it to make sure you know what
to do should the real thing happen; testing provides concrete proof
of the viability of your Business Continuity Plan and will probably
lead to revision of some of your strategies. Better to find out now
than when it actually happens Remember - This planning is a form of
insurance - insurance against failure of your business. Revisit and
test this plan at least every 6 months, but keep the content
current business drivers change and technology changes The ultimate
objective of Business Continuity Planning is to identify, analyse,
evaluate, treat, and monitor and review risks; the plan should
achieve an optimum balance between Exposure to Risk and its
Treatment (Cost of Risk Control, Risk Retention and/or Risk
Transfer / Insurance). In short, assurance as to the availability
and continuity of your business processes. All responsible business
owners have fire insurance. Most of them never have the need to use
it but they carry it anyway. The same philosophy is true with a
business continuity management plan. If you do not have one, stop
and visualise how you would act and feel during the first five
minutes after a disaster strikes your business. Ask someone who has
experienced it, to describe how they felt when their hard drive
crashed and they had no backup. and dont forget to keep at least
one copy of your BCP off-site! Compile the plan Test the plan
Revise the plan Revisit the plan 142008-2015 Copyright Cyberspace
Virtual Services | www.virtualservices.com.au
15. Business Continuity Plan If you have any questions, please
contact Terence Kierans at: [email protected] with
Business Continuity Plan in the subject line. 2008-2015 Copyright
Cyberspace Virtual Services | www.virtualservices.com.au 15