Creating your plan!

by | Nov 21, 2021 | Key People, Meetings, Process, Systems | 0 comments

Every journey starts with a single step!

So you are ready to create a Business Continuity Plan, there is not a right time to create a plan – it should be started as soon as you can and where practical be tested and revised as often as you can.

Business doesn’t always go according to plan. Even some of the most experienced staff can be caught out when things go awry. It is one of the reasons to have a plan implemented and tested. Whether it’s a spell of bad weather or a sudden loss of data or voice services, business continuity is about keeping your business up and running when things go wrong.

According to the Office for National Statistics, a significant percentage of UK businesses fail each year. And while there are lots of reasons a business can go under, many fail because they’re unable to recover from a single event that suddenly devastates their business.  In this post there is some guidance that can be applied to most business plans, but be aware there could be a great deal more to look at in your business.

But you have taken the first step towards the creation of your business continuity plan, which is one of the challenges. The next challenge is the biggie, you must have an understanding of what the business does – without this knowledge there will be holes in the plan.

What is Business Continuity Planning?

In essence a Business Continuity Plan covers “What if?” scenarios, a bit like “What if we have a puncture when we are out driving?”. Only in the case of the business we have to look at a number of areas, these include but are not limited to;

  • Business Processes
  • Key Staff
  • Suppliers
  • Stock
  • IT Infrastructure and Data
  • Customer Communications
  • Emergency Procedures

In the business continuity plan, there is a requirement to go in some detail for each of the above and there may well be a number of other sub headings.

At the risk of stating the obvious, it is worth re-iterating that the business continuity plan for a small plumbing company will be significantly different from the plan for an insurance broker.

Listing the Risks.

At this point it is worth looking at the basics for identifying the risks associated with each of the bullet points above. All of them will have a number of risks, but for each section the process is the same. And it is worth noting that the simplest things can sometimes have a significant and unexpected impact.

For example if there is a Business Process that is known by only one key member of staff, then there are two sections where that could be entered in the analysis. It could be under Business Process or it could be under Key Staff, the mitigation is the same – dissemination of the information to someone else in the organisation, alternatively it could just be documented.

Possibly there is a high volume of product shipped using a courier service or by mail, if dispatch runs out of packaging materials due to a supplier issue – this could fall into either the supplier or the stock sections above. The knock on effect however could be missed delivery deadlines and disappointed customers, so it is a risk.

So looking at all sections of the business and looking objectively at what could go wrong, or change in a way that impacts the business is key to the plan. Once you have your list of risks, it is time to analyse the individual risks. This will allow you to determine a number of things about the risks and allow you to start creating the plan.

For simplicity, I would suggest that the list is grouped under the bullet points that you have. Again I will say that the list above is for guidance only, your business is likely to have a different set of bullet points.

Once you have your groups of risks, you may want to assign owners – these will initially be the people responsible for the area of the business covered by the bullet points in your list. This will help with the analysis of the risk, it is easier if they are grouped by business area. A point of note, the names assigned ownership at this stage are just for convenience – the risk ownership is likely to be reassigned during the analysis.

Where to look for risk.

It is possible for risk to lurk anywhere in the business, it could be somewhere as innocuous as a data entry form – an extra zero in a bank transfer could cause real issues!

Before you put pen to paper as they used to say, you really do have to look at all areas of the business. A business continuity plan created by management only, is likely to ensure that the management team is functional but they may not have much to manage.

Below is a risk assessment checklist with some areas to look at, your business may have others – but the most common areas are in the list.

  • Employees
  • Premises
  • Customers
  • Suppliers
  • Business partners
  • Systems and processes
  • Finances
  • Cashflow
  • IT
  • Equipmenrt (e.g. computers, vehicles, tools)
  • Legal compliance
  • Logistics
There should be staff involvement for all the above, some will probably have processes in place that can be incorporated. There isn’t much glory in having processes in place if you don’t have the people to implement them, so documenting the emergency processes and incorporate them in the Business Continuity Plan.

Create the Plan.

I have already pointed out that some business continuity plans will be little more than a couple of pages, small company or sole trader spring to mind. Larger companies and small to medium enterprises will require more complex plans.

In your risk assessment, you should have identified risks and possible vulnerabilities – these should provide focus for the plan. For example, your risks might be things like ‘theft’, ‘flooding’, ‘fire’ or ‘key staff leaving’ and therefore the main body of your BCP will be made up of checklists in each of the appropriate sections. The checklists will detail the scenarios and the mitigations, the plan should cover who is responsible for enacting the mitigation and how long it should take.

A contact list of all the people you might need to speak to in an emergency must be a part of business continuity planning. This will include key customers and suppliers, staff members, local emergency services and insurance providers. It’s good practice to update your BCP contact list regularly. And remember, in Europe this will fall under the GDPR legislation – so it should be shared on a need to know basis as it is likely to contain personal information.

Write the Business Continuity Plan in plain speak, do not be tempted to use technical talk – the person effecting the plan may not understand the technical bits. Use tick lists and bullet points, where you can cross reference if things have to happen in a specific order.

Finally the plan should be kept in more than one place, at least one copy off site or in an other office if you have more than one. It is also a good idea to have a incident type log facility along with an expenses book, useful if there is a need for an insurance claim related to the invocation of the BCP.

 

Submit a Comment

Your email address will not be published. Required fields are marked *

Pin It on Pinterest

Share This