Business continuity planning:
The process

There are five basic steps towards developing a business continuity plan:
Step 1 
Analyse your business

Get the buy-in of top management and put together a complete picture of your business.

Identify and examine critical functions that are essential to its endurance and consider:

  • the support available within your own business; and
  • which individuals are best placed to review the issues.

We recommend that you use ROBUST by RISCAuthority to build and maintain a business continuity plan.

The software is free for all to download and install, and its development included contributions from Allianz and other UK commercial insurers.

Step 2 
Assess the risks

Work out where your business is vulnerable by analysing each area as if it’s a cog in a mechanical device.

Establish how the loss of a single cog within the overall process may disrupt the business as a whole, and what the knock-on effects might be.

Think about the impact on your customers if you encounter problems with your premises, utilities (gas, electricity, internet connectivity, etc.), suppliers, partnerships, staff, systems/processes or timescales.

Use our business impact assessment tool to help with this step.

Step 3 
Developing your strategy

Having identified the risks, it should then be possible to address each exposure in order to:

  • eliminate the hazard altogether;
  • avoid the hazard by doing things differently;
  • control the hazard in order to reduce its impact; or
  • plan for the occurrence.

Some risk improvement measures may be considered essential and might mean changes need to be made to some current working practices, while others may not be viable after the financial costs are considered.

Review our risk topics guidance pages to help you manage hazards.

Step 4 
Create your plan

Firstly, appoint roles to individuals from across the organisation into a business continuity team and assign a co-ordinator. Remember to include at least one deputy for each role to ensure there is cover should a member of the team not be available.

Make it clear what each member of the team is responsible for and the actions they will be expected to take.

Prepare checklists that include clear, direct instructions for the crucial first hour after an incident. Have a checklist for each of the risk areas identified earlier in the process and ask ‘what if’ questions so that you can plan for the worst case scenario.

What should we do if…

  • the premises are severely damaged in a flood?
  • vital manufacturing plant is stolen?
  • internet and/or telecommunications access is lost?
  • key information, such as customer billing information, is accidentally deleted?
  • a major supplier is unable to fulfil an order?
  • a key member of staff is suddenly unable to work?
  • faced with cash flow problems (e.g. due to disruption at the bank)?
  • vehicles can’t gain access to the building for some period of time?
  • our reputation was damaged by adverse publicity following the incident?

Build in realistic timescales to get the business working again, whatever the size of the interruption. If your plan is robust enough to cope when the worst happens, it will help you deal more easily with smaller scale emergencies. Additionally, you need to:

  • Remember to take into account the needs of the emergency services.

    Log the nature and location of hazardous materials, water supplies, gas and other fuel isolation and the extent of hidden voids and links between buildings.

    Consider firefighting access and means by which key staff may be alerted and respond to an emergency at any time.
  • Keep an up-to-date directory of key contacts and give a copy to every member of your team. Include contact details of staff, public utilities, bank, insurance contacts, suppliers, tradesmen, key customers and any other persons or organisations who need to be alerted to a problem and can help limit disruption to your business.
  • Consider media training for senior staff. Handling press enquiries professionally during a crisis can help to maintain public confidence in your business.

Think of your business continuity plan as a living document and ensure that it keeps pace with any changes to the business or personnel by appointing someone to take on the responsibility for updating and managing the plan with a periodic review (at least annually); It would be sensible to include it as an agenda item on any internal management meetings.

With any update, it’s essential that all actions taken to reduce or eliminate the risks of an interruption to the business remain in force. Notify all team members when changes are made.

Step 5 
Rehearse your plan

Give your plan a regular health check. Test the plan at least once a year or as often as is practical. This will highlight any weaknesses and allow suitable changes to be made.

Keep copies of the plan securely offsite and ensure that they are accessible at a moment’s notice.

FREE software to help you create and manage your business continuity plans.
Identify key functions and assess what damage that interruption could do.
Find out about some of the scenarios that could disrupt your organisation.