Upload
matilda-morgan
View
214
Download
0
Embed Size (px)
Citation preview
Expecting the UnexpectedBy Shaun
Lindfield
Nearly 1 in 5 businesses suffer a major disruption every year. Yours could be next. With no recovery
plan, you have less chance of survival. (Business Continuity Institute, 2003)
“An holistic management process that identifies potential threats to an organisation and the impacts to business operations that those threats, if realised, might cause, and which provides a framework for building organisational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities”. (Business Continuity Institute, 2001)
Business continuity management can be best described as: -
Business Continuity Management
Why Implement BCM?BCM?
It protects the business
For legal reasons, such as: -
- Civil Contingencies Act 2004
- Companies Act 2006
Other bodies, such as: - Professional Bodies, Insurance Companies etc
How Do I Implement BCM?BCM?
Use BS25999-1 which is the Business Continuity Management Code of Practice
Speak to your insurance company, they might have a BCM guidance/template
Use specific BCM/Disaster Recovery Company to help.
Key Features of BCM1.
Analyse your business
2.Assess the risks
3.Develop your strategy
4.Develop your Plan
5.Rehearse your plan
Analyse your business
Buildings
Timescales
Systems and Processes
People
Partnerships
Suppliers
Customers
Where is your business vulnerable?
However well you understand your business, it will help to talk to other people
Analyse your business
- You need the fullest picture of complex interactions inside your organisation and between you, your customers and suppliers
- You can include expert knowledge about every part of your business.
- You can find out if any part of your business have plans or procedures to deal with a major incident.
- Gives you a chance to promote the BCM and get people involved.
- You will need a senior manager to own the BCM and be a “Champion”
Analyse your business
Who Should I Speak to and why?
The board and Senior Management Team
Department Manager
Facilities Managers
Anyone Else?
Assess the risks
There are two aspects to every risk to your business: -
- How likely is it to happen?
- What effect will it have on your business?
Business Continuity Management can help you balance them
There are three ways to provide an assessment of the risk: -
- Ask what if? questions
- Ask what is the worst case scenario
- Ask what functions and people are essential, and when
Assess the risksAsk what if? questions
What are useful what if questions?
Don’t forget people issues e.g. who is responsible for recording who is injured, missing etc.
How will you communicate after the incident?
What is the worst case scenario?
If your plan enables you to cope with a worst case scenario, it will also help you deal more easily with lower impact incidents.
Your worst case scenario will reflect what would be worst for your business. Generally the worst case will be something that completely stops you carrying out your business.
What functions and people are essential, and when?
To make an effective business continuity plan you need details of who needs to do what, when and where in the immediate aftermath of an incident.
Assess the risks
A function/time matrix is useful to show how quickly functions need to be up and running after a major incident.
Business Function
A
B
C
D
Timescale 1 Hour 1 Day 1 Week 1 Month Indefinite
Example function/time matrix
Develop your strategy
Check that the board and senior management agree with your analysis of the business risks and which people and tasks are essential.
This will give you an understanding of the appetite for risk within your organisation and allow you to choose one of the proven strategies: -
- Accept the risks
- Attempt to reduce the risks
Are you committed to reducing risk or do you prefer to take risks and have a comeback plan?
Develop your planContinuity plans should and will look different for different businesses. However most good continuity plans will share some important features, including: -
- Responsibilities
- Checklists
- Instructions for 1st hour after an incident.
- List of thought ideas for after the 1st hour.
- Document review regulatory
- Plan for the worst case scenario
Remember a good plan will be simple without being simplistic. You need to be able to react quickly without reading to much detail.
Develop your plan
Include information from outside your business such as: -
- Emergency Planning Officer
- Emergency Services
- Neighbouring Businesses
- Utility Companies
- Suppliers & Customers
- Your Insurance Company
Use the consultation as a PR tool; you take BCM seriously have commitment from all levels of staff and want to get back to business in the quickest possible time.
Rehearse your plan
Sometimes you only discover any weaknesses when you put a plan into action. Rehearsal can help confirm your plan is connected and robust if you ever needed it.
Possible ways to rehearse your plan: -
- Paper-based exercises
- Telephone Cascading
- Full rehearsal
Example from PDC
The last time we used our BCM Plan at PDC was when the electricity supply was wiped out due to the Fire at Nelson Stanley's scrap yard.
- No production, damaging reputation, damaging profits
- Potential damage to machinery causing more production problems
- Safety concerns
To ensure that the incident had as minimal impact as possible the following occurred: -
- Follow the 1st hour list
- Plan for the rest of the day/following days
- Inform staff, suppliers and customers where relevant.
Remember – In an uncertain world, you owe it yourself to be an organisation that is confident of being ‘back
in business’ in the quickest possible time. (Business Continuity Institute, 2003)