Business Continuity : Building a Resilient Organization

The continuity of an organization or business, relies on how well such an entity is prepared for, and is able to adapt to crisis.

Continuity planning is about setting out a framework of how you, your staff and your business will react when faced with a crisis that will potentially stop or interrupt the business operations. Business continuity is closely linked to disaster recovery and business resilience. International standards on business continuity such as ISO 3200 – Business Continuity Management and Organizational Resilience Standard published by the American National Standards Institute offers comprehensive guidance to business on these areas.

The above standards takes an enterprise wide view of risk management, enabling an organization to develop a comprehensive strategy to prevent when possible, prepare for, mitigate, respond to, and recover from a disruptive incident.

It is often not possible or necessary for most of the business to fully develop their business continuity plan to comply with the above mentioned standards. However, it is a good starting point and as the business matures, it can move towards compliance.

Creating a business continuity plan is by no means a simple task. These steps aim to help by explaining the key things to consider.

1. Understand what needs to be done to keep your business running

Briefly describe the critical process of your business. These critical processes of the business are those that need to continue to keep the business running.

For example, if you manufacture products it’s likely to be your production services and if you’re a website designer it’s likely to be your IT infrastructure and if you’re a retailer it’s your stock.

The ability to identify and quantify which critical business processes that, when not functional, may damage a company’s reputation or its ability to operate, is the most critical part in making a business continuity plan. For each critical process of the business, also identify the dependencies on other functions; such as the IT dependencies, the key positions, skills and knowledge needed and the time requirement for recovery for each function.

2. Understand your insurances

Make a list of all your insurance policies and ensure that each provides adequate cover for the business risks.

3. Determine your key resources

Once the critical functions are determined, list the key staff, systems and resources needed to perform these critical functions.

4. Create a contact list of key staff, clients and suppliers

Make a list of employees that your business cannot do without. Tell others where these lists are kept in the event that you are incapacitated. It may also be worth including details of service providers in the list.

5. Separate tasks into groups

Prioritize each task that needs to be undertaken in the event of a crisis or disaster. This can be completed in a checklist format that includes who is responsible for managing and completing each task.

6. Assign responsibilities

Each staff member should be given a role or responsibility to undertake following a crisis. Everyone should be informed on who is doing what and who needs to work with whom.

After careful consideration of the above elements, it is time to formulate the Business Continuity Plan.

The PPRR Framework

A very important and helpful part of writing the business continuity plan is documenting all the steps of the Prevention, Preparedness, Response, Recovery Framework (PPRR Framework). The PPRR Framework is a comprehensive approach to risk management which can be used to put plans in place to minimize losses in the event of a disruptive event. The business continuity plan can be documented around these elements.

PPRR steps include:

AA008 Business Continuity - Building a Resilient Organization (1)

Prevention - Risk Management Planning

The process of identifying risk, assessing risk and developing mitigation strategies to manage risk is known as risk management. Conduct a risk analysis which includes all the possible risk events that may impede the operations of your business and then go out to develop mitigation or preventative elements to these risk events.

Preparedness - Business Impact Analysis

In the Business Impact Analysis a business identifies and prioritizes the key elements of a business that may be adversely affected by any disruptions. It ensures that steps are taken before an incident to ensure effective response and recovery.

Response - Incident Response Planning

The response element outlines immediate actions to be taken in response to an incident, in terms of containment, control and minimizing impacts.

Recovery - Recovery Planning

The recovery element outlines the actions to be taken to recover from an incident in order to minimize disruptions and recovery times.

Depending on the size of the business, all the above elements can be incorporated into one Business Continuity Plan or can be prepared separately as different plans.

To ensure that the plan will work and is up to date with your current business operations, you need to test the plan from time to time. Also, the plan and other important documents should be kept safe and secure. Ensure that key staff and business partners are informed of the location of these documents.