Transcript Slide 1

Expecting the Unexpected
By Shaun Lindfield
Nearly 1 in 5 businesses suffer a major disruption
every year. Yours could be next. With no recovery
plan, you have less chance of survival.
(Business Continuity Institute, 2003)
Business Continuity Management
Business continuity management can be best described as: -
“An holistic management process that identifies potential threats to an
organisation and the impacts to business operations that those threats, if
realised, might cause, and which provides a framework for building
organisational resilience with the capability for an effective response that
safeguards the interests of its key stakeholders, reputation, brand and value
creating activities”. (Business Continuity Institute, 2001)
Why Implement BCM?
It protects the business
For legal reasons, such as: - Civil Contingencies Act 2004
- Companies Act 2006
Other bodies, such as: - Professional Bodies, Insurance Companies etc
How Do I Implement BCM?
Use BS25999-1 which is the Business Continuity Management Code of Practice
Speak to your insurance company, they might have a BCM guidance/template
Use specific BCM/Disaster Recovery Company to help.
Key Features of BCM
1.
Analyse your business
5.
Rehearse your plan
4.
Develop your Plan
2.
Assess the risks
3.
Develop your strategy
Analyse your business
Where is your business vulnerable?
Suppliers
Partnerships
Buildings
Customers
People
Timescales
Systems and
Processes
Analyse your business
However well you understand your business, it will help to talk to other
people
- You need the fullest picture of complex interactions inside your organisation
and between you, your customers and suppliers
- You can include expert knowledge about every part of your business.
- You can find out if any part of your business have plans or procedures to deal
with a major incident.
- Gives you a chance to promote the BCM and get people involved.
- You will need a senior manager to own the BCM and be a “Champion”
Analyse your business
Who Should I Speak to and why?
The board and Senior Management Team
Department Manager
Facilities Managers
Anyone Else?
Assess the risks
There are two aspects to every risk to your business: - How likely is it to happen?
- What effect will it have on your business?
Business Continuity Management can help you balance them
There are three ways to provide an assessment of the risk: -
- Ask what if? questions
- Ask what is the worst case scenario
- Ask what functions and people are essential, and when
Assess the risks
Ask what if? questions
What are useful what if questions?
Don’t forget people issues e.g. who is responsible for recording who is injured,
missing etc.
How will you communicate after the incident?
What is the worst case scenario?
If your plan enables you to cope with a worst case scenario, it will also help you
deal more easily with lower impact incidents.
Your worst case scenario will reflect what would be worst for your business.
Generally the worst case will be something that completely stops you carrying
out your business.
Assess the risks
What functions and people are essential, and when?
To make an effective business continuity plan you need details of who needs to
do what, when and where in the immediate aftermath of an incident.
A function/time matrix is useful to show how quickly functions need to be up
and running after a major incident.
A
B
Business
Function
C
D
Timescale
1 Hour
1 Day
1 Week
1 Month
Example function/time matrix
Indefinite
Develop your strategy
Check that the board and senior management agree with your analysis of the
business risks and which people and tasks are essential.
This will give you an understanding of the appetite for risk within your
organisation and allow you to choose one of the proven strategies: - Accept the risks
- Attempt to reduce the risks
Are you committed to reducing risk or do you prefer to take risks and have a
comeback plan?
Develop your plan
Continuity plans should and will look different for different businesses. However
most good continuity plans will share some important features, including: - Responsibilities
- Checklists
- Instructions for 1st hour after an incident.
- List of thought ideas for after the 1st hour.
- Document review regulatory
- Plan for the worst case scenario
Remember a good plan will be simple without being simplistic. You need to be
able to react quickly without reading to much detail.
Develop your plan
Include information from outside your business such as: - Emergency Planning Officer
- Emergency Services
- Neighbouring Businesses
- Utility Companies
- Suppliers & Customers
- Your Insurance Company
Use the consultation as a PR tool; you take BCM seriously have commitment from
all levels of staff and want to get back to business in the quickest possible time.
Rehearse your plan
Sometimes you only discover any weaknesses when you put a plan into action.
Rehearsal can help confirm your plan is connected and robust if you ever needed it.
Possible ways to rehearse your plan: - Paper-based exercises
- Telephone Cascading
- Full rehearsal
Example from PDC
The last time we used our BCM Plan at PDC was when the electricity supply was
wiped out due to the Fire at Nelson Stanley's scrap yard.
- No production, damaging reputation, damaging profits
- Potential damage to machinery causing more production problems
- Safety concerns
To ensure that the incident had as minimal impact as possible the following
occurred: - Follow the 1st hour list
- Plan for the rest of the day/following days
- Inform staff, suppliers and customers where relevant.
Remember – In an uncertain world, you owe it
yourself to be an organisation that is confident of
being ‘back in business’ in the quickest possible time.
(Business Continuity Institute, 2003)