What is Business Continuity Management?
Business Continuity Management is an holistic management process that identifies potential impacts that threaten an organisation from functioning as normal and provides a framework for building resilience and recovery to safeguard the interests of its customers, staff and reputation. E.g., if your offices were inaccessible due to fire, how would your business continue to operate?
What’s in a Business Continuity Plan?
A BC plan will involve: identifying who will lead on BCM; defining individual roles and responsibilities including a decision-making hierarchy; identifying what functions must be maintained to keep your business going; considering the types of disruption / risks your business could face; prioritising what functions will be reinstated first and what resources you will need, including staff, equipment, IT, premises, external suppliers, etc.
Who needs to be involved in the development of a business continuity plan?
Successful business continuity management depends upon commitment and involvement from senior management to shop floor, across all departments. Identifying the most appropriate staff to be involved in the development of a business continuity plan will save time and money. Initially a small group of key staff representing key functions may be a useful starting point. E.g., Operational management, finance, IT, etc.
How long does it take to produce a BCM plan?
This depends on the nature and size of the organisation and the reporting structure within it. However, it does not have to be a lengthy complicated process. See the Business Continuity checklist and BCM toolkit.
Once the business continuity plan is produced, a regular review programme (e.g., annually, alongside key staff changes, etc) should ensure the organisation has efficient and effective arrangements in place, with minimal ongoing plan maintenance costs.
Where can I find BCM best practice?
This British Standard was developed by business continuity practitioners throughout the international community, drawing upon their considerable academic, technical and practical experiences of business continuity management (BCM).
BS 25999 was published in December 2006 and provides a system based on good practice for business continuity management. It is fast becoming the single reference point for identifying the range of controls needed for most situations where business continuity management is practised in industry and commerce, and to be used by large, medium and small organizations in industrial, commercial, public and voluntary sectors.
BS 25999 is in two parts:
Part 1: Code of practice for business continuity management ;
Part 2: Specification for business continuity management .
Part 2 specifies the process for achieving certification that business continuity capability is appropriate to the size and complexity of an organisation.
For more information on BS 25999 go to: the British Standards Institute on http://www.bsonline.co.uk
What is Business Impact Analysis?
Business Impact Analysis is a management tool to assess types of business interruptions, e.g., fire, power outage, etc and the associated consequences over time. E.g., IT failure of several hours may not be critical, but a prolonged IT failure, such as a week, may have significant consequences.
How do I undertake a risk assessment?
Risk assessment is a continuous process that documents the following: identification of hazards, assessment of potential harm; evaluation of existing precautions; review and revision as necessary. The City Council’s website contains web pages on risk management. The Health and Safety Executive website can also be accessed for useful risk management publications (www.hse.gov.uk).
What sort of risks should I consider?
The government’s UK resilience website lists the following generic risks that should be considered as part of BCP development, in addition to any sector specific risks:
- large-scale temporary absence of staff;
- permanent or long-term loss of staff;
- denial of site or geographical area;
- severe weather;
- loss of mains electricity;
- disruption to transport;
- loss of mains water and sewerage;
- loss of availability of oil and fuel;
- loss of telephone/ mobile telephone communications.
How often should we exercise / test the BCM plan?
Exercises and testing of BCM plans is an essential part of the process as this will evaluate the viability of the plan, identify areas for improvement and provide training opportunities for staff that may be required to act outside of their normal role as part of BC plan activation. Unworkable plans are as bad as no plans at all.
Is there any training available?
The Council’s Emergency Planning and Business Continuity Unit provides a training and exercise programme for the Council’s staff. Some of the courses are open to other Category 1 and 2 responders, including voluntary organisations. For more information see the Birmingham City Council website www.birmingham.gov.uk , emergency planning and business continuity web pages or email: email@example.com
The Emergency Planning College, within the Civil Contingencies Secretariat, Cabinet Office, runs short courses, workshops and seminars. (www.epcollege.gov.uk). The Business Continuity Institute website (www.thebci.org) has details of accredited courses on business continuity management.