Over the last sixteen months, RiskLogic has studied with painstaking detail the affects of the pandemic on organisations and their people. The findings suggested that there are two distinctive groups of businesses.
A level 1 and 2.
We’ve known of the risks from pandemics for decades, but this year, it now makes way to ten new likely threats reported by the World Economic Forum; which includes extreme weather, biodiversity loss, digital power concentration and cybersecurity failure to name a few.
This weight of concurrent events puts most businesses into the level 1 pool. But there is a small group of unique leaders who have found a way to meet the level 2 criteria.
We’ve found that the universal theme they all share is their adoption of the business continuity life-cycle.
Over the next three months, we will dedicate extra resources and time to this life-cycle, helping you understand it’s wonderful simplicity and effectiveness to any organisation.
The difference between a Level 1 organisation and a Level 2 is the simple act of committing to the full journey.
The business continuity life-cycle phases
We help organisations understand the importance of each phase. We build confidence in those that have neglected steps previously, and help them get back on this sturdy resilience program.
There are four phases of the life-cycle:
Step 1: Planning & Analysing
- Stakeholder Engagement
- Critical Incident Workshop
- Plan Framework
- Incident Management Plan
This step is one that Level 2 businesses are doing continuously. After every event (whether it affects them or not), they’re revisiting plans and looking for expired processes or gaps in their response. At RiskLogic, we also use this time to get to know the key stakeholders and begin a relationship with them – focusing on the key element, culture.
Step 2 – Training
- Incident Team Training
- Coordinator Training
- Awareness Training
- Stakeholder Communications
Once those plans are in place, Level 2 businesses are leaving no time spare to ensure the right members are across them. The key objective here is buy-in. They achieve this by ensuring that the wider team knows where the plans are, they know how to use them, and they feel part of the maintenance of them. They have these plans reach as far as HR so that new staff are made aware of them from day one.
Level 1 businesses often set and forget.
Step 3 – Exercise
- Exercise Strategy
- Scenario and Run Sheets
- Scenario Facilitation
- Debrief and Reporting
We’re three steps in and yet this document and program is still a draft. Level 2 businesses realise this and cannot validate their work until it’s trained out. RiskLogic design, build and facilitate these scenario exercise sessions for groups every week and we see that the Level 1 businesses bring the key people. Level 2 brings all the people.
Our most successful exercises have involved everyone from Executives, to receptionists, and they are all brought in – creating a resilient culture together.
Step 4 – Maintenance
- Annual Review
- 3+ Year Maintenance Plans
- Annual Training
- Annual Exercising
The plans are made, people are trained, there is a good solid culture around resilience, but a Level 2 business knows that every day that passes, their plans can become outdated with new threats. Dedicated individuals continue to maintain their program with a variety of exercises, internal communications and of course, outside support from the likes of RiskLogic.
If a Level 1 organisation got this far (which is unlikely), they will assume the program finished, lock away the business continuity plan on the intranet and consider it a good day’s work.
. . .
In the coming weeks, RiskLogic will be releasing snippets on the life-cycle and provide clear and concise guides on how to get the best out of each element.
This will include everything from videos, short blogs, webinars and the opportunity to speak one to one with our consulting team.
You can subscribe specifically to our Business Continuity newsletter here ↗