Head of Business Continuity Management Colin Jeffs provides his top tips to keep your business continuity planning on track, or to get you started in creating one.
1. Plan smart, not big!
Over the years, I’ve seen many organisations try to plan for just about every possible eventuality. But in reality, it simply isn’t possible to plan for everything that ‘might’ happen – so don’t try to. A good plan isn’t one that tells you what to do in a specific scenario, but one that helps and supports you in making informed decisions for ‘any’ scenario. A good plan is one that will be used because it is helpful, so consider when you create your plan(s) what information is vital in helping you make those decisions. Anything else probably isn’t required, it just makes the plan unwieldy and unusable. If you feel you need a plan that is for a specific scenario, make sure it only focusses on that scenario and most importantly, make sure that people understand its purpose.
2. Understand what is important and why
My simple rule of thumb here is, how can you hope to protect your business if you don’t understand what is critical in your business and what those critical things depend on? You might be focusing your efforts in the wrong areas of your business, or you could be overlooking other areas that have a dependency. Performing a Business Impact Analysis (BIA) can be hard work and time consuming but it can be a great fast-track tool for identifying operational risks that might not otherwise surface except at time of incident. It is vitally important that anyone who participates in anything to do with business continuity or operational resilience understands why it is important and what it means to them to fully get their buy-in.
3. Board engagement is key
I’ve heard it said many times that management buy-in is critical to a successful resilience programme – this is 100% true. If the management haven’t bought into the programme, how will you expect the rest of the staff to? It’s important that staff understand the resilience programme is sponsored and mandated by the board. It’s not something that people could’ do or take part in, but something they must do and take part in to protect the business. It becomes a part of the culture of the business.
4. You are only as good as your last test!
You can have the best plans in the world but if you have never tested them, how do you know that they work? More to the point, how do you know your staff will know what to do and when to do it? Do staff know the part they play during an incident? Do they know the process to follow? Testing is one of the best ways to ensure people feel included and to help them to understand the role they must play during an incident. It not only helps them to feel more comfortable with what is expected of them, but it also allows them to practice their response in a ‘safe’ environment without fear of messing up. Remember, it’s far better to find out that something doesn’t work, or some critical data is missing during an exercise than during a real incident, just at the point you depend on it.
Your suppliers play a big part in your success and many of them provide extremely critical or important services and/or data to you. Treat them as an extension of your own business or as an additional department and make sure you understand them in detail. Including them in your planning and testing is an important part of making sure the relationship is resilient and that you both understand the importance of what they provide to you. It’s also very important that you understand their resilience capabilities and how they will continue to provide services to you in the event they have an incident. Bring them into your programme and get to know them better.
About the author
Colin Jeffs MBCI moved into the realm of business continuity from IT project management where, as part of implementing IT systems, he had to implement resiliency. Colin has worked in business continuity and crisis management for more than 25 years, holding senior roles in both disciplines for many years at major financial institutions in the city. Colin now heads up Daisy’s award-winning business continuity management division.