Closer collaboration between departments such as business continuity and information security could help raise the necessary staff...
Creating an effective business continuity management (BCM) plan is crucial for any company that wishes to be considered trustworthy and reliable. Although it is sometimes pigeonholed as a form of disaster recovery, business continuity management actually has many layers, of which disaster recovery is just one. Other aspects include risk planning, business impact analysis (BIA) and emergency communications.
Worryingly, some businesses are happy to wait until disaster strikes before putting recovery measures in place, but the most reliable organisations have long-term plans to deal with potential service interruptions before they occur. Because it is not possible to prevent every disruptive event that threatens to derail your business, such as malware strains or natural disasters, companies must be able to react in a swift, but focused, manner in order for business operations to resume as quickly as possible. This is where a continuity plan comes in.
When it comes to formulating an effective plan, there are a number of things that businesses must consider. Firstly, they need to identify what potential risks are facing the company. Responding to a cyberattack will differ markedly from dealing with a data centre fire, for example, and businesses that are aware of the variety of interruptions that could occur are likely to be better prepared. As well as the nature of the risks, continuity plans must also determine the extent of the damage that they are likely to cause. This could include direct loss of income, customer dissatisfaction, recovery expenses or regulatory fines.
In addition, organisations must have a thorough understanding of their own critical processes in order to create a business continuity management plan. Determining an acceptable downtime period for these critical processes is crucial for businesses to be able to focus their recovery and continuity efforts in the right areas. In terms of service disruption, a financial company would need its security systems to be operational as soon as possible, but its marketing tools may be less essential, for example. A well-structured business continuity plan will allow businesses to prioritise certain functions when a crisis occurs.
Plans should also identify key personnel and ensure that they know how to react to disruptive events. As well business processes, companies should identify which employees carry out essential tasks for service to continue. In addition, backup members of staff should also be trained in the event that they are required. Contact details across a range of mediums must be included in case communications are disrupted. Business continuity management plans should clearly outline the role of each individual, should an event occur that disrupts normal business operations. It’s also important that companies remember that key personnel does not mean those at the c-level, it could be more a junior position that proves essential to your operations.
When creating a business continuity management plan there are also a number of pitfalls that companies should be careful to avoid. Although your business processes themselves may be complex, continuity plans should be outlined in the simplest terms possible. Step-by-step instructions often work best as opposed to broad statements. Similarly, avoid taking a one-size-fits-all approach to continuity planning. What works for one company might not necessarily be right for another. This can be taken a step further and applied to departments within the same business. Being flexible is likely to deliver better results for your company as a whole.
Another key aspect of continuity planning is testing. You may think that your strategy is without fault, but it is difficult to say this with any certainty without it being put into practice. However, it is not a good idea to wait until a genuine disruption occurs to see if your continuity management plan is effective. Instead, companies should test their plans regularly throughout the year, utilising walkthroughs and simulations to determine their effectiveness.
Fortunately, businesses do not have to create their business continuity management plans alone. Third party IT consultancy services are available to help ensure your plan is as robust as possible. Sungard has been the proud recipient of the BCI’s Business Continuity Service Provider of the Year award on eight separate occasions and has a wealth of expertise to assist your company. We can help carry out business impact analysis to identify the consequences of disruption and risk assessment to find the threats facing your business. With this information on board, we can help your company formulated a continuity strategy that meets the very highest operational standards.