180 likes | 288 Views
Expecting the Unexpected. By Shaun Lindfield. Nearly 1 in 5 businesses suffer a major disruption every year. Yours could be next. With no recovery plan, you have less chance of survival. (Business Continuity Institute, 2003).
E N D
Expecting the Unexpected By Shaun Lindfield
Nearly 1 in 5 businesses suffer a major disruption every year. Yours could be next. With no recovery plan, you have less chance of survival. • (Business Continuity Institute, 2003)
Business Continuity Management Business continuity management can be best described as: - “An holistic management process that identifies potential threats to an organisation and the impacts to business operations that those threats, if realised, might cause, and which provides a framework for building organisational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities”. (Business Continuity Institute, 2001)
WhyImplement BCM? It protects the business For legal reasons, such as: - - Civil Contingencies Act 2004 - Companies Act 2006 Other bodies, such as: - Professional Bodies, Insurance Companies etc
How Do IImplement BCM? Use BS25999-1 which is the Business Continuity Management Code of Practice Speak to your insurance company, they might have a BCM guidance/template Use specific BCM/Disaster Recovery Company to help.
Analyse your business Where is your business vulnerable?
Analyse your business However well you understand your business, it will help to talk to other people - You need the fullest picture of complex interactions inside your organisation and between you, your customers and suppliers - You can include expert knowledge about every part of your business. - You can find out if any part of your business have plans or procedures to deal with a major incident. - Gives you a chance to promote the BCM and get people involved. - You will need a senior manager to own the BCM and be a “Champion”
Analyse your business Who Should I Speak to and why? The board and Senior Management Team Department Manager Facilities Managers Anyone Else?
Assess the risks There are two aspects to every risk to your business: - - How likely is it to happen? - What effect will it have on your business? Business Continuity Management can help you balance them There are three ways to provide an assessment of the risk: - - Ask what if? questions - Ask what is the worst case scenario - Ask what functions and people are essential, and when
Assess the risks Ask what if? questions What are useful what if questions? Don’t forget people issues e.g. who is responsible for recording who is injured, missing etc. How will you communicate after the incident? What is the worst case scenario? If your plan enables you to cope with a worst case scenario, it will also help you deal more easily with lower impact incidents. Your worst case scenario will reflect what would be worst for your business. Generally the worst case will be something that completely stops you carrying out your business.
Assess the risks What functions and people are essential, and when? To make an effective business continuity plan you need details of who needs to do what, when and where in the immediate aftermath of an incident. A function/time matrix is useful to show how quickly functions need to be up and running after a major incident. Example function/time matrix
Develop your strategy Check that the board and senior management agree with your analysis of the business risks and which people and tasks are essential. This will give you an understanding of the appetite for risk within your organisation and allow you to choose one of the proven strategies: - - Accept the risks - Attempt to reduce the risks Are you committed to reducing risk or do you prefer to take risks and have a comeback plan?
Develop your plan Continuity plans should and will look different for different businesses. However most good continuity plans will share some important features, including: - - Responsibilities - Checklists - Instructions for 1st hour after an incident. - List of thought ideas for after the 1st hour. - Document review regulatory - Plan for the worst case scenario Remember a good plan will be simple without being simplistic. You need to be able to react quickly without reading to much detail.
Develop your plan Include information from outside your business such as: - - Emergency Planning Officer - Emergency Services - Neighbouring Businesses - Utility Companies - Suppliers & Customers - Your Insurance Company Use the consultation as a PR tool; you take BCM seriously have commitment from all levels of staff and want to get back to business in the quickest possible time.
Rehearse your plan Sometimes you only discover any weaknesses when you put a plan into action. Rehearsal can help confirm your plan is connected and robust if you ever needed it. Possible ways to rehearse your plan: - - Paper-based exercises - Telephone Cascading - Full rehearsal
Example from PDC The last time we used our BCM Plan at PDC was when the electricity supply was wiped out due to the Fire at Nelson Stanley's scrap yard. - No production, damaging reputation, damaging profits - Potential damage to machinery causing more production problems - Safety concerns To ensure that the incident had as minimal impact as possible the following occurred: - - Follow the 1st hour list - Plan for the rest of the day/following days - Inform staff, suppliers and customers where relevant.
Remember – In an uncertain world, you owe it yourself to be an organisation that is confident of being ‘back in business’ in the quickest possible time. • (Business Continuity Institute, 2003)