How quickly, and painlessly can you manage to get back to ‘Business as Usual’ in the event of a fire, flood or other natural disaster, or any other major interruption?
This depends on how effectively you can devise, and put into action, your own Business Continuity Management or Disaster Recovery Plan.
Business Continuity Management can best be defined as: ‘A holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.’(Business Continuity Institute, 2001.)
Building-in business continuity, making it part of the way that you run your business, rather than having to ‘firefight’ any emergency, helps you to prepare to offer ‘Business as Usual’ Standards in the quickest possible time. Plan Business Continuity Management, so that your staff, customers and suppliers are reassured that you have an effective policy and practice for managing the unexpected, which helps build confidence in your business
If you don’t currently have a Business Continuity Plan – Ask yourself and your team some ‘What If..?’ and ‘Where Are…’ Questions. – Some useful ones are:
- Insurance Policies – Where are the companies Insurance Policies kept? – Would you be able to access them if the office is out of action? Is there the ability to access Electronic Versions, if so, how do you do this and who has login details? Do you or the appropriate staff know how to access the Policies or what your Policy Details are (Number, provider, number to call in an emergency)?
- Data Backups – What is being backed up – Audit to make sure all the relevant data is being backed up and that one important file isn’t being missed. How is the Companies Data Backed up? All backups should have an “Off-Site” element, whether this is someone physically taking a disk / tape off-site each evening or your backing up to a third-party service (Cloud Backup). Do you Test the backups Regularly? What good is a Backup if the data cannot be restored?!
- Key Hardware – What is the impact to the business if there are not available? Are there any PC’s which run Essential processes in the Company (i.e. the machine in the corner that runs the Order Processing system etc) Are they backed up? Can they easily be restored? Could you live without them whilst a new machine is purchased, software installed etc…
- Software – Following on from the above, do you have access to the Software and licences needed for key machines and applications if they needed to be replaced or reinstalled?
- What if Our Customers could not contact us, or Our Telephones went down? – If you have an on-site phone system or old style PBX, are you able to easily redirect company calls? Would a cloud based phone or E-Mail Service be a better fit?
- Key Contacts – Make sure that your contact list of mobile phone numbers and home phone numbers is up to date in case you’re unable to reach people via email and need to urgently communicate something.
- Remote Working – Is the Company able to function if access to the main site is not available? Now is a good time to review the list of people who can work remotely. If your office needs to be closed for 2+ weeks, make sure that everyone who needs remote access has it.
- Engage Staff – We’d recommend having a discussion with your staff and departments to make sure that your plans are complete. How essential is the department’s work to the running of the business? (Ask them to be objective. This question is about practicalities, not profile).
What equipment, IT and other systems does the department need to be able to function?
Who else inside or outside the business, does the department need to be able to carry out their work?
- Personal Devices – If your employees don’t have laptops but may be expected to work from home, now is the time to consider getting them company-issued laptops. Be careful not to compromise security by letting employees use personal computers that bypass your company cybersecurity measures.
- Documentation – Agree how often, when and how you will check your plan to make sure it is always a ‘living document’. Update your plan to reflect changes in your organisation’s personnel and in the risks you might face.