03/03/2021

03/03/2021

What Is Business Continuity Planning And Why Is It Required?

We have seen from previous articles that there are many reasons as to why a business maybe be under threat in these challenging times. Business continuity planning is the procedure involved in creating a system of prevention and recovery from potential threats, real or perceived to a company.  The plan ensures that personnel and assets are protected and are able to function quickly and effectively in the event of a disaster – who would have thought a few short months ago that literally overnight disaster would have struck, in the from of National lockdown from COVID-19, a lot of business’s and we would have to change the way that we would work forever – if you had a business continuity plan in place then hopefully the interruption to your business could be mitigated.  If you did not have one, then you will now appreciate their effectiveness and implement one as soon as practicable. Every time a disaster strikes, it can cause serious damage to your organization if appropriate actions are not immediately implemented, consequently it is imperative that every owner is aware that taking too much time to restore business operations can cause irreparable damage to your organisation. A responsible business owner understands that disaster recovery planning is a complex process that should be approached in a responsible manner. Thus, you should use a disaster recovery checklist which outlines the steps you need to take to successfully deal with the crisis. The ultimate business continuity plan checklist should include the following:
  1. Undertake a risk assessment and business impact analysis - To determine which business continuity mechanisms will work best during an actual disaster, you first need to identify the threats and dangers to which your organization is most vulnerable. As a result, you can come up with effective prevention and mitigation measures and decide what your business continuity plan should include- for a service industry such as accountants or solicitors one of the biggest threats would be access to clients and the information contained on your server.
 
  1. Determine recovery objectives.   The next point to the plan is to decide on your objectives, the principal one here is how quickly the business can resume operations after the disaster event.  As part of the plan to be back up and running, you will need to decide which operation are the most critical and give these priority – some businesses may consider that access to the server will be the prime business objective.
  2. Assign roles and responsibilities within a DR team.  For the plan to operate effectively then people within the organisation need to be given roles and responsibilities of what duties to undertake in the event of a disaster.  Therefore, every business section within the business needs to have a person allocated to it.  There should also be an individual nominated to have overall control – this ensures that is an overall coordinated approach to get the business back up and running.
 
  1. Create a disaster recovery site - the disaster recovery plan checklist recommends you to build a DR site which would be used for the purpose of emergency relocation of critical data, applications, staff, and physical resources.   Obviously, this site does not have to be large enough to house all the staff, but it should be large enough to house critical staff.   Ideally this disaster recovery site should be up and running within twelve to twenty-four hours.
 
  1. Store critical documents in a remote location.  Any organization must deal with a large amount of data on a daily basis. An unexpected loss of critical documents can lead to disruption of business operations, as well as damage your company’s reputation. In addition, once you lose critical documents, whether digital or hard copy, it is extremely hard to recover them. Hence, you should ensure that all critical documents are securely backed up and stored in a remote location.  If you are using the cloud to store then this is less of an issue, however the amount of business that do not do any back up at all in mind boggling.
  2. Establish equipment needs.  Any well organised business should have a list of what hardware and software, together with all licence agreement that all the firm and staff have – this list should be included in the business continuity so that once the event occurs a decision can be made as to what equipment need to be sourced straight away.
 
  1. Enable communication channels.  First off, the plan should have the telephone numbers of all the key people on the disaster recovery team so that everyone is contactable.  Also, a key member of staff should ensure that a laptop is kept off site with every staff member details so that somebody on the team can send out the requisite email/texts to keep all the staff up to date.   Obviously being cognisant of the relevant GDPR requirements.
 
  1. Report the incident to stakeholders/customers.  Depending on the size and nature of the organisation consideration will need to be given how best to inform customers and suppliers.  In a smaller organisation this could be as simple as a phone call or text, however in a larger organisation consideration maybe give to having a marketing or PR firm on standby.
 
  1. Test and update a DR plan.  You need to see your DR plan in action and verify its efficiency. For that purpose, review and test a DR plan on a regular basis to see if there are any inconsistencies and identify what should be improved to achieve the best DR results.  This could be done in conjunction with your IT support company who may in a controlled manner crash your server and the see how long it takes to be up and running in the disaster recovery site.
 
  1. Plan, Plan Plan………………………………… and then plan some more.
  What recent world events have shown us is that we have no way of knowing what is around the corner, therefore, to ensure that in the unlikely event of a disaster occurring, we plan for the unknown to the best of our abilities to protect all our livelihoods and businesses.