Introduction to Business Continuity

It may seem obvious, but the line between Business Continuity and the definition itself is very blurry.

The mistake businesses often make is the definition of the name. It’s not about business continuity, it’s about critical business continuity. Continuing the critical part of your business should be the core objective of business continuity (BC). BC implies it’s all of business, which is where the mistake is made. You don’t need to recover the whole business, just the critical parts of your organisation, the process and functions that if not recovered will have the largest impact on your organisation. Whether that be financial, reputational, human, legal or operational.

What the ‘Good Practice Guide’ says:

A holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organisational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.

Step 1: Analyse

Assessing vulnerabilities and understanding the impacts of a disruption to your organisation.

Stakeholder engagement
The most important part of this step in your business continuity journey is to ensure that all key stakeholders have buy-in for the process. This means that the implementation of the BC journey for your organisation is backed by the people from the top.

Policy and Framework
Intentions and directions of an organisation that sets out the scope and governance of the BC program and reflects the reason why it’s being implemented.

Business Impact Analysis
The main technique used for the analysis of an organisations business functions.

Threat Assessment
The process of evaluating threats using risk assessment techniques to identify an acceptable concentration of risks and single points of failure.

Step 2: Plan

“Documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following a disruption.

Crisis Management
Strategic plans define how strategic issues resulting from a major incident should be addressed and managed by Top Management.

Recovery Strategies
Recovery strategies will provide a step-by-step guide for recovering your Critical Business Functions ensuring that functions recover fast to meet the Maximum Allowable Outage (MAO) expectations.

Business Resumption
A business resumption strategy contains a series of actions and steps designed to return the affected business to its pre-interruption status and includes restoration or relocation of facilities and resumption of operations to maximum capacity.

IT Disaster Recovery
A task orientated document designed to provide the IT disaster recovery team with the tools to identify, assess and respond to companywide incidents affecting IT infrastructure, software or hardware systems.

Step 3: Validate

Build capability, rehearse and test your program to demonstrate your level of preparedness.

Awareness Training
It is essential that all individuals undertaking BC related tasks at any level have the appropriate level of competence for the role through:

• Training
• Knowledge
• Experience

Crisis Leadership Training
Suitable for senior leadership with overall crisis management responsibilities. Training specifically designed to build awareness, critical skills and crisis leadership capabilities of your team using the latest experiential learning techniques and real-world case studies.

Component Testing
A testing regime to provide appropriate coverage of all agreed business continuity recovery activities. This includes defining performance indicators and establishing test scripts to validate the recovery of critical business functions as identified in the Business Impact Analysis.

Scenario Exercises
Rehearsing an organisations BC program via realistic, hands-on scenario exercises is critical to:

1. Build familiarisation with staff roles, responsibilities, processes and available tools
2. Identify practical program improvements
3. Provide a high level of stakeholder assurance in an organisations recovery capability

Step 4: Maintain

Review and rehearse your program to build resilience and ensure continual improvement through:

• Reviews & updates of your entire program
• Annual training for your response teams
• Annual exercising for your response teams and staff

In summary, Business Continuity needs to be a business as usual activity preparing for extreme events. Your organisation should plan for the worst but hope for the best. But the task doesn’t need to be time or resource heavy.  An effective response is about task orientated activities and the ability to thrive through adversity.

As with any event, it’s not a matter of if, but when. Understanding the lifecycle of BC, implementing it into your business and building a culture around it will be what ultimately sets you apart from your competitors when a major disruption or event is realised.

If you’d like to know more about how RiskLogic can help implement or review your current BC program at your organisation, contact us today to learn more.