7 key steps to kick-start your business continuity program

The current COVID-19 (Coronavirus) pandemic has had an unprecedented impact on most organisations. Although having a comprehensive Business Continuity Program wouldn't have completely prevented disruption to an organisation, it helped many to respond faster than those without such well-rehearsed plans.

Having a structured and documented plan B (and C) if the worst happens can help to most importantly protect your staff but also make strides to improve the overall resilience of your organisation. If your organisation doesn't currently have a full Business Continuity (BC) program in place, don't panic, it's not too late to act now.

In fact, the current pandemic has probably forced you to act quickly and implement alternative processes that could help shape your future BC plans. Your recent experience, and subsequent organisational learning, will have also, no doubt, highlighted areas requiring more attention.

To help get you started, CyberCX's experienced Business Continuity Consultants have detailed 7 steps you can take to start fast-tracking your BC program. If you have any questions, or would like to find out more about how we can help you implement your BC program, please get in touch.

What is a Business Continuity program?

An effective Business Continuity Management program can help keep your organisation's critical business processes running during times of emergency or disaster, such as a fire, cyber attack or the current pandemic we are all facing. Your Business Continuity (BC) program should identify and prioritise the risks your organisation faces and detail how the business will continue to operate when each type of incident occurs.

Although all organisations will face their own unique challenges, an effective BC program should include each of these key elements:

• A governance structure - establishing authorities, roles and responsibilities
• A business risk assessment and impact analysis - to identify and prioritise business critical services and assets
• Plans, measures and arrangements - to ensure the continued availability of critical processes
• Integration with Information Technology - for the provision or recovery of IT assets
• Activities to monitor the businesses level of overall readiness.

Through a BC program, your business will become more resilient in the following ways: Reduction in any potential revenue losses as a result of an incident

• Internal teams with a reinforced understanding of their roles and responsibilities in a crisis
• Minimised potential downtime and improved speed of recovery
• Protection of your brand reputation.

7 steps to get you started

1. Create an Incident Management Team (IMT) to manage the incident response

The team will assess impacts, make decisions and communicate your business response to the wider team.

2. Identify your critical business critical functions and processes

Detail the processes which are essential to keeping your business operating and document your workarounds by asking “what if we can't do this?” and working through a range of different scenarios. This should include plans for:

• Staffing arrangements including work for home plans and processes, succession planning and cross-skilling.
• Identify risks to your business operations (i.e. financial, HR, people, IT)
• Ensure you continue to comply with any business regulatory, compliance, critical contract/SLA requirements.

3. Develop Business Continuity Plans (BCP) for each department

This will help the efficient continuity of critical business processes by directing the actions of critical staff. The BCP should enable your business to continue critical processes in alternative ways (i.e. outline a plan B, or C). These plans should consider your office, people, IT and other resources.

4. Ensure integration with IT Disaster Recovery (DR) plans

It's essential that governance and business requirements are also integrated into your IT DR strategy so that your IT team can provide the relevant service to the business when in continuity or recovery mode.

5. Develop a communications strategy

Outline how you will communicate with staff, customers and suppliers. Agree and implement a tool to ensure these key stakeholders have easy access to a regularly updated information source.

6. Assess third-party supplier resiliency

Develop a process to assess and validate your supply chain. Implement controls to reduce the risk to the business due to deficiencies in your third-party suppliers' business resiliency.

7. Test your plans and maintain them

Check that the responses you've developed to each scenario actually work effectively by testing them. Review how each performed and make adjustments as needed. Ensure any documents developed are maintained as “live” documents, based on managing the incident.

Next steps

We hope this has given you a useful starting point and better understanding of some of the key components of an effective Business Continuity program.

Having implemented effective Business Continuity programs for hundreds of businesses, in a wide variety of sectors, our approach is simple and always designed around your individual business requirements and culture. Get in touch to find out more about how we can help your organisation.

Greg Inge
CEO, UK-US
CyberCX