Embed Size (px)
Citation preview
Introduction to Business Continuity
Top tips for your organisation
Legal and Democratic Services – Resilience Team
Introduction
What is Business Continuity?
The capability of the organisation to continue delivery of products or services at acceptable predefined levels following a disruptive incident. (Source: ISO 22301:2012)
• There are a number of stages to consider when looking at your organisations business continuity arrangements.
• These can best be described using the cycle - Plan > Do > Check > Act
Plan – developing policy and process
Do – conduct impact assessments and developing plans
Check – conduct tests and exercises
Act – review and revise plans and process
Business Continuity Process
Source: Takouba Security
“Hope for the best, plan for the worst”
Lee Childs
Top Tips for Organisations
Business Continuity Planning
• Business Continuity is about building and improving resilience in your organisation.
• It is about identifying your services or products and the activities that support them. Once you have this information, you can develop plans and approaches that will help you to recover and continue delivering, quickly and effectively, following any type of disruption. It gives you a solid framework to lean on in times of crisis and provides stability and security.
• In fact, embedding Business Continuity into your organisation is proven to bring business benefits. Having a Business Continuity Plan can give you the edge over your competitors. It shows your commitment to deliver no matter what happens.
• Put yourself in your customer’s/commissioners shoes :- Do you sign the contract with the business that has a Business Continuity Plan? Or the one that doesn’t?
Ensure you back up your data • Do you have the latest version of your files backed up,
away from your office?
• For smaller organisations, buy a portable hard drive, back it up at the end of each working day and keep it off site. Or you could store data in the cloud or subscribe to online web based systems.
• Whichever option you choose ensure that they are encrypted and stored securely and meet your data protection obligations.
• Don’t forget to test that you can load the data back on to servers/PC’s.
• Have extra copies and make sure that storage is secure, waterproof and fire resistant. Remember that fire proof safes are only fire proof to a point.
• Alternatively try scanning these documents to create electronic copies - ensure that this information is kept securely.
Ensure that important paper documents are protected
Have a staff contact list accessible at all times
• This will ensure that all staff could be contacted and
warned to stay away from the office within a few
minutes of an emergency being declared (keep the
list up to date).
• Ensure that this information is kept securely and
always get permission from individuals to hold their
information for this purpose.
Be aware of your insurance policies
• Be aware of what your insurance policies cover and what
they don’t. Keep a back up copy away from the office so
that you can access it easily. Insurance is not likely to pay
out quickly enough to stop major impact to your business
– it is not enough on its own so having a recovery plan is
invaluable.
• Also, a robust Business Continuity Plan will demonstrate
your commitment to managing risks and your insurer may
consider this when calculating how much your insurance
premium will be.
Have an inventory of all equipment, assets and products
• This is important as it gives you an overview and it makes
it easier for you to work out your losses after an incident
and provides some evidence if you need to claim against
your insurance.
• This is especially important for IT systems and equipment.
Having a list of staff that have laptops and mobile phones
will let you know who could work effectively from home
where possible, if required.
Have an emergency pack
• You could include your Business Continuity Plan, key
telephone numbers, stationery, spare keys, cash, credit
card, first aid kit, torch.
• Keep it offsite. Keeping it onsite may result in a dangerous
delay in evacuation, or with it being left in an inaccessible
building.
• Ensure it is kept somewhere secure as it may contain
contact details for staff, customer or suppliers.
Make arrangements for a temporary base
• You may not be able to operate out of your existing premises for
weeks or even months, depending on the type of disaster.
Remember any site must comply with health and safety rules.
• Contracted seats within a recovery centre are an option, but are
expensive.
• Consider a mutual aid agreement with another business or
organisation.
• Does your business or organisation have other offices that you
could work from?
Create a Business Continuity Plan
• In the plan try to identify:
The most important functions to your organisation. These will be the ones that will have the most impact if
they stop. The point at which the loss becomes critical is the time the function needs to be back up and
running. Note how many people you will need to deliver this function and where they will work if you cannot
access your main building, and at what time.
If you have any single points of failure – staff with specific skills, or valuable equipment – note this down and
mitigate through training, the purchase of spare equipment, or the name of a reputable supplier.
Write down the actions you would take, from the time an incident occurs, and who would be responsible for
carrying these out. Think about things like who would deal with the media in the event of a major incident.
• This is a basic Business Continuity Plan, which should cover most incidents (there are lots of template examples on the internet)
Tell staff about the plan
• It is important that all staff are aware of what is in the plan and what to do in the case of an emergency or incident.
• In a similar way as with a fire drill, it is vital to rehearse contingency processes. Talking through your plan at a team meeting is also valuable and may highlight improvements that can be made to the plan.
• Following an incident it is also worth talking to staff about what went well and if there are things that could be improved.
Final thoughts
It is important to say that the aim of this presentation is to give an overview of business continuity and some of the things for organisations to consider.
Ultimately it will be down to individual organisations to assess what is right for them and what they feel is appropriate to put in place.
Useful sources of guidance/information
Business Continuity Institute (BCI) – Set up in 1994 the BCI is a leading institute for business continuity and resilience professionals. Provides training, information and guidance on Business Continuity Management. www.thebci.org
Essex Resilience Forum (ERF) - a partnership of organisations who respond to emergencies and provide information and advice to families, business and communities. www.essexprepared.co.uk/prepare-your-business
Gov.UK – various guidance and information on Business Continuity including a comprehensive Business Continuity Management Toolkit GOV.UK Business Continuity Management Toolkit
Federation of Self Employed & Small Businesses (FSB) – providing information and guidance for members and non-members on Business Continuity www.fsb.org.uk/benefits/support/business-continuity
