Planning for the worst case can help your business succeed

Why a business continuity plan is vital to your future

We operate in an uncertain world and it’s important when making plans for the future of your business, that you also plan for how the business could recover if a potentially catastrophic event occurs.  We’re all planning for business success, but you not only need to look at the positive side of business planning, but also anticipate the worst case scenario and how your business would continue should a catastrophe happen. It’s not uncommon for the terms disaster recovery and business continuity to be used interchangeably, but understanding that there are differences between them both can help you future-proof your organisation and take you from being reactive to proactive.

Most businesses have a disaster recovery (DR) plan in place to help them if a business disaster strikes. These are typically reactive and detail how a business will bring critical systems back online in case of a serious event, whether it is a breach, virus or natural disaster.

What is business continuity?

In a nutshell, business continuity planning (BCP) covers a set of processes and systems to help mitigate the myriad of threats a business could encounter. A well developed and managed BCP should enable your organisation to remain operational throughout a disaster, incorporating both the immediate response, which is your disaster recovery, and then moving forward, the BCP element will pick up your operations and aim to carry on the business as quickly and easily as possible.

Stages

When creating your BCP,  there’s a number of defined stages:

  1. Inventory

Identify and document processes and systems that your business will need to keep running, such as equipment; documentation; supplier information; key contact information; data backups and backup documents. These will be needed to execute the plan.

  1. Analysis

Perform a business impact analysis (BIA) to identify critical and non-critical business activities and functions. Define what is acceptable in terms of data loss and disruption.  Set levels of acceptable recovery times for each business activity and function. Every organisation will have tolerance levels for their various business departments and functions.

Carry out a threat analysis to identify threats to your business. Some threats will have low impact and possibly slower recovery times. Common threats to most businesses are: fire, flood, theft, cyber attack, terrorism etc.  Each will have their own challenges and recovery procedures.

The final element of the plan is to identify impact scenarios. These will vary and impact businesses differently. Some simple examples could be the need for data processing supplies or medical supplies. Remember, this isn’t just an IT challenge for businesses but a broader business-based assessment and risk analysis.

Solution design

On completion of your threat and impact analysis, you will need to map out a practical solution that can be implemented by the business when a critical threat occurs.

Look out for my next blog which will explain how to design an effective business continuity solution.

And for advice on best practice to develop a BCP, contact us