Wednesday 3 July 2013

Don't get caught out. Prepare a business continuity plan

Many companies pay lip service to disaster recovery plans. For a start, this is the wrong term; business continuity is a far more meaningful name, because it is more than thinking about fires or computer system major crashes. For example, what would happen if a key person was involved in a car crash. (This happened to me 30 years ago and people kept asking work questions from my hospital bedside.)

At an initial count, 25 to 30 scenarios need to be planned for to cover basic provisions, covering such topics as:
  • People, eg what happens if key people are ill?
  • Premises, eg fire
  • Technology, eg what happens if key equipment breaks down?  What happens if the local phone system fails?
  • Supplies, including key external services, eg what happens if a key supplier is unable to supply?
  • Civil emergencies, including lack of accessibility to the site because of external factors such a major chemical spill on the industrial estate or accidents or flooding on access roads
Carry out a risk assessment, much as you would for health and safety, and assign scores for severity of the outcome and it's probability. Then, in descending order of risk:

  1. Define steps to be taken to recover a situation.
  2. Carry out step 1, plus where appropriate, define provisions to make such steps work. For example, with IT systems, not only is a back-up necessary, but it may be advisable to have an off-site back-up.
  3. Carry out the above steps, plus make contact with appropriate organisations to organise the support they can provide and define how this may be organised.  For example, you may use another company to carry out operations which are unavailable because of the event.  Contact this company and arrange how this may be arranged, ie contact names and numbers. 
  4. Carry out the above steps and, where appropriate, carry out a test of the plan.  This is typically essential where the provisions are technology-based.  For example, you need to test IT back-ups to confirm that they actually work.
 SSS can provide help with this. But whether or not you use outside help, it is essential that you do it.

No comments:

Post a Comment