A Business Continuity Plan: The Essentials

In this article, we take a look at what a Business Continuity Plan is, what it should contain, and why it’s such an important document.

Preparing a Business Continuity Plan

Accepting that the unexpected and disasters will happen (and that you can plan how to maintain business continuity while you deal with them) is an important step in safeguarding your business. Maintaining the ability to ensure that core functions and critical systems remain in place in the event of such a situation involves planning, an important part of which is the business continuity plan (BCP). 

What Kind of Events create the Need to Have a Business Continuity Plan?

The kind of events that create the need to have a BCP in place and ready to go include:

  • Hardware failures/server failures.
  • Outages and/or file corruption.
  • The effects of cyber-attacks.  For example, 53% of senior managers believe that a cyber-attack is the most likely thing to disrupt their business (Sungard) and the effects could include damage to / locking out of systems (malware and ransomware), fraud and extortion, data breaches (which could also attract fines under GDPR, damaging publicity and loss of customers).
  • Important 3rd supplier failure or the loss of key employees.
  • Failures of part / a component of a network.
  • Environmental/natural disasters (e.g. fire and flood).
  • Theft or loss of equipment holding company data.
  • Financial and cashflow issues.
The Business Continuity Plan

The goal of a BCP is to ensure that resources are available to ensure continuous operation and disaster recovery following an emergency. A BCP, therefore, is the plan/document that contains all the details of just how a business will continue operating during any kind of unplanned disruption in service.

A Business Continuity Plan is Not the Same as a Disaster Recovery Plan

A disaster recovery plan (DRP) is part of the BCP. The DRP is the part that focuses mainly on the restoration of IT infrastructure and operations following a crisis rather than focusing on the entire organisation which is the job of the BCP.

How to Make a Business Continuity Plan

There are several stages to making a workable BCP. These are:

Create the Team to Develop the Business Continuity Plan

This stage will ensure that the plan actually gets made and updated and is able to take into account the main issues.  This involves getting support from top management, assigning a person to manage the process, and putting together a team consisting of key people from each business department who can feed into the plan. The team should also decide upon the scope of the plan.

Start Documenting the Details of the Business Continuity Plan From the Outset

Everything decided in the making of the plan should be documented. This is something that should be set up at the beginning so that each new element can be added and checked and so that at least something is available if anything happens during the planning process. The plan should be securely stored off-site (e.g., in the Cloud) and each relevant person given access.

Conduct a Full Risk Assessment

This involves generating a list of all the known possible man-made, natural, and environmental risks and threats that could disrupt the continuity of the business and prioritising this list in terms of how serious the impact could be. This prioritisation of risk and threats will indicate which areas of the BCP should be tackled first.  The kinds of risks and potential threats that could be taken into account include:

  • Natural and environmental risks related to geographic location weather patterns. These could include floods, storms (esp. lightning), earthquakes, landslides and more.
  • Technology-related issues, such as human error and the effects of cyber-attack, loss of telecommunications, vital equipment/hardware failures, data outages and corrupted data, power failures, loss of Local Network Services, and prolonged technology outages.
  • Market and financial-related risks and threats. These could include trends and movements in the market, cashflow issues, and stakeholder issues.
  • Facility-related issues and internal hazards e.g., fire, electrical failures, water leaks, HVAC failure, chemical spills/leaks, strikes and more.
Create Recovery Plans for Each Function in the Business Continuity Plan

With the risks and threats identified and prioritised, the next stage is to:

  • Generate a list of the critical functions of the business/organisation.
  • Look closely at how each risk could affect each critical function of the business/organisation.
  • Create individual recovery/continuity plans for each situation where you have identified how a risk could adversely affect that function. These mini-plans could include details such as creating data backups or maintaining a secondary location.
Define Who Does What in the Business Continuity Plan

Where each of the smaller plans has been created to tackle risks and threats to critical functions, the next stage is to assign responsibility to staff members who will be needed to undertake and co-ordinate the plans and to detail protocols they need to follow. This should mean that key staff know what to do and have a plan to refer to in the event of incidents and emergencies.

Test and Update Your Business Continuity Plan

The plan should be viewed as a living document and not a one-off exercise. Your BCP should be regularly reviewed and updated, e.g. if there are changes/additions to the risks and threats, or changes to key staff members.  Also, the plan and its key elements should be tested to ensure relevance and effectiveness.

What Does This Mean for Your Business?

The survival of a business depends upon not just accepting that bad things do happen, but on making the effort to prepare for at least what can be reasonably foreseen. Downtime and disruption can very quickly have a serious and costly effect on a business in terms of lost revenue, lost customers, reputational damage and more. Businesses also have a responsibility to stakeholders to ensure that risks and threats are identified and planned for where possible. Creating and maintaining a BCP, therefore, should be given a high priority as it can protect the life of the business itself.

For IT support and advice on Business Continuity or Disaster Recovery, please call Paradise Computing on 01604 655900 or send us a message using our online contact form.

What is a Password Manager?

21 January 2022

We look at challenges to using passwords, what password managers are, and why they are still so important.

Microsoft’s March Commercial Price Increases

19 January 2022

With Microsoft poised to increase its first substantive commercial pricing increase for Microsoft 365 since the company launched Office 365 a decade ago, we take a look at the added benefits and value and the justification behind the price changes.