The overall aim for implementing a business continuity system inline with ISO 22301, is to have the ability to effectively respond to threats such as natural disasters or data breaches. This is now even more prevalent during these uncertain times, due to the ongoing effects of Covid-19.
Here Jenny Kilburn gives her Top Ten Tips for getting one in place:
- There is no set time frame to create a business continuity plan, it can differ for every business, based upon their identified risks.
- Things to consider when thinking about one are: Key business processes, such as production, sales, marketing, accounting, Key resources, such as staff, data, IT equipment and telephone lines, Threats to the company such as natural disasters, internet attacks, loss of key personnel or infrastructure failure, and the Impacts these threats may have such as loss of sales, fall in customer satisfaction and so on.
- Having good business contacts will help you to find useful people that you can list in your continuity plan. Examples of these are business professionals who could give you access to resources or provide vital information should you need it.
- Good local knowledge can help you to determine a suitable contingency location to run your business from or how to get emergency resources. You should also have a list of people who could work from a home office should the contingency location not accommodate all of the staff.
- Reliable staff that you can involve in the contingency plan are vital. This will make the process much quicker and the plan can get finalised much more efficiently. We call this an Incident Management Team.
- When thinking about your plan, you need to make sure it is fully effective should you need it months or years down the line. Think long-term as well as short-term.
- Businesses should develop a detailed risk assessment covering all aspects of the business to include suppliers, infrastructure, client relationships, system failures etc.
- It is important to test the plan to ensure it is effective when it becomes necessary to use it. There’s little point having a plan that has not been tested!
- The analysis of the business along with the risk assessment forms your plan and this should be made available to Incident Management Team. Training should be provided to the remaining personnel on what to do/who to contact in the event of an incident.
- Enlist the services of a consultant such as ourselves to give you further advice and help you to get this robust system in place to help you address any unforeseeable threats you might encounter.