Helping to keep your business in business
- What is business continuity?
- Why is business continuity important?
- How to develop business continuity arrangements
- What should a Business Continuity Plan contain?
- Reviewing, testing and implementing your business continuity arrangements
- How resilient is your business continuity plan?
- Coping with Disruption: Business Continuity Support Service
1. What is business continuity?
At its simplest, business continuity is about coping with disruption. Disruption could occur due to fire, flood, snow, IT failure or power loss and so on.
2. Why is business continuity important?
Effective business continuity planning helps to ensure your business survival should an incident occur, by supporting the prioritised recovery of your most time-sensitive objectives. Nearly one in five businesses suffers a major disruption every year. Yours could be next. If you invest in insurance cover, it makes sense to invest in business continuity planning too. This doesn't need to be a difficult or expensive task. If your clients include large organisations, it is likely they will ask you about your business continuity arrangements.
3. How to develop business continuity arrangements
- A key first step before you develop your business continuity plan is to identify your critical activities and assets through a business impact analysis.
- Critical activities can be defined as those activities which need to be performed to deliver key products and services that enable your business to meet its most important and time-sensitive objectives, and to maintain your cash flow.
- A business impact analysis is a process of identifying your critical activities, determining the impact over time that a disruption to these activities would have on your business and what resources you need to maintain them to an acceptable level.
- Consider what risks your business faces and how they could impact your critical activities and assets. Risks are possible events, for example fire and power loss, with a probability and an impact. A top-down risk assessment helps define your priorities and requirements.
- Estimating the time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing an activity, to become unacceptable, will help determine your priorities and the most suitable recovery arrangements.
- Once you have carried out your business impact analysis, you can start developing your business continuity plan.
- Small companies will manage with a simple document that sets out the three key elements of business continuity management: what activities do we maintain, how do we go about it, and who does what.
Source: Lacey, D. (2012) Business Continuity Management for Small and Medium Sized Enterprises: How to survive a major disaster or failure. BSI.
To find out further information on hazards like fire and cyber attacks, please see:
4. What should a Business Continuity Plan contain?
The free, government Business Continuity Management toolkit provides details on what your business continuity arrangements should contain and further advice on how to develop your plan.
As an overview, business continuity plans should generally contain the following details:
- Plan purpose and scope
- Document management information such as a document owner, version control or distribution list
- Roles and responsibilities
- How will the plan be activated – when, by whom and how?
- Key contact details – internal and external
- Critical functions / activities to be recovered, timescales and recovery levels needed
- Resources available to deliver critical activities during the first 24hrs and up to 2 weeks from the event, and processes for mobilising resources
- Actions to be carried out, in what timescale and who will do these
- Clear communication processes – who reports to whom or cascades information
- Process for standing down and returning to normal business.
5. Reviewing, testing and implementing your business continuity arrangements
- Make sure you regularly review your business continuity arrangements and ensure staff are fully aware of their role in an emergency.
- Start with a minimal plan and test it with a short exercise to ensure it is fit for purpose. This can be carried out through a table top exercise with key staff involved in managing the response to an incident. The business continuity worksheet below provides an example of a generic exercise scenario.
- All plans should be reviewed whenever there are any major changes to premises, processes or services, or when a new threat emerges that threatens to disrupt your business activities.
- Essential contact details should be tested regularly on at least a six monthly basis.
- Evacuation exercises can be carried out to test back up arrangements, as part of scheduled fire alarm evacuation drills.
6. How resilient is your business continuity plan?
Once you have drafted your business continuity arrangements you can check them against the free government toolkit requirements and the below 10 minute assessment. You can also use the business continuity exercise worksheet, which is also linked to below, to help validate your business continuity arrangements against a specific dependency.
7. Coping with disruption: Business Continuity Support Service
If you want to provide assurance to existing and potential new clients that your organisation can cope effectively with disruption and continue to deliver your critical services when incidents occur, the Surrey County Council Emergency Management Team can deliver a cost effective, bespoke solution for you. The team provides advice, planning, training and exercising support to devise, review and validate resilience arrangements against recognised industry and good practice standards. To find out more please see the Business Continuity Support Service leaflet (PDF).
Files available to download
-
SCC resilience policy 2020 (PDF)
Policy which outlines Surrey County Council's roles, responsibilities and commitments in ensuring business continuity of services to residents -
Business Continuity exercise worksheet (PDF)
Generic scenario that organisations can use to help validate their BIA and BCP arrangements against a specific dependency - Business Continuity 10 minute assessment (MS Word)
-
SCC Business Continuity Support Service (PDF)
An outline of business continuity services offered by the Emergency Management Team, including advice, planning, training and exercising