Top 10 Tips for Business Continuity Management with ISO 22301, all rolled into one Egg!
As any business manager, whether as an owner or as senior management, there is a great deal to think about when running a business and seldom enough time in the day to think about adopting best practice wherever possible. All too often Business Continuity is one of those subjects that rarely gets enough time allocated to it. To help you get started or to refresh what you have done already, here is a summary of 10 tips to getting this subject covered.
1, Ownership and commitment
As with any project there must be someone who will own and champion the project but the most important element to development of a reliable Business Continuity plan is commitment from the most senior management in the business.
2, Risk Assessments
You probably understand the threats to your business already but putting the details down on paper helps to concentrate the mind and enables you to explore other possible threats and to understand the consequences and impact upon the business more fully. Knowing what is the worst that can happen requires imagination and maybe external advice.
3, Critical business processes
Identify business critical processes and supporting IT systems. It is all too easy to take the systems that have developed over time for granted and it is only when a system is no longer available, does its importance become clear. The systems need to be documented and the extent to which they can be made more resilient or re-established understood.
4, Develop and document a plan
Plans do not have to be complicated, especially for small/medium businesses. The Business Continuity Institute developed a list called the “7 Ps” all of which are essential to keep your business running and need to be covered in the plan:-
- People - roles and responsibilities, awareness and education.
- Programme - proactively managing the process.
- Processes - all organisational processes, including ICT.
- Premises - buildings and facilities.
- Providers - supply chain, including outsourcing.
- Profile - brand, image and reputation.
- Performance - benchmarking, evaluation and audit
The plan should be accessible by all senior managers and using Cloud storage makes this part of the plan much easier nowadays.
You can look to develop a plan and on-going management by adopting or aligning to the ISO standard 22301 which gives you a framework to work towards and demonstrates to third parties that you work towards a recognised standard.
Making sure that the plan is known to all staff is essential. The detail will vary between the different roles in the business. The plan should be part of your induction process and regular refreshes should be issued to existing staff.
6, Test your plans
Plans always look good on paper and it is not until a test is carried out do the problems become apparent. Testing the plan can be done in logical sections but focussing on the critical processes is key in establishing the validity of the plan. IT systems should be tested more often and the backup/recovery plans tested on a routine basis.
7, Supplier chain vulnerabilities
Most businesses are dependent upon their suppliers to a large degree and the plan should include an assessment of the key suppliers to the business and the impact should the supplier suffer an disaster scenario. Identify the key suppliers and create a simple questionnaire to gain an understanding of how seriously they have considered business continuity.
8, Plan review
It is very easy for plans to gather dust on the metaphoric shelf and therefore a regular review of the plan should be planned. In addition any significant changes to the business or systems generally should prompt a review to ensure the plan remains relevant to the business.
It is worthwhile looking again at your insurance cover to be certain that all the risks identified are suitably covered and that any financial impacts are properly evaluated and covered. You may even find that more insurers will be interested as demonstrating the existence of a relevant and tested business continuity plan can reduce premiums.
10, God forbid it happens!
Should you be faced with a disaster scenario of some degree, you need to be ready to communicate with all interested stakeholders. Staff will be key but customers may need early reassurance that you have everything under control and that their business will not be affected.
To find out more about managing Business Continuity with Yellowspring, please contact Maria West 01268 494160 or email: firstname.lastname@example.org