Good business continuity planning boils down to one critical element: dealing with risk. Whether that is not being able to access your offices, losing connectivity to critical systems, or not being able to communicate with customers, you need to expect the unexpected. And then plan for it. Your goal: to get back to normal as quickly as possible.
To get to the mitigation part of your planning, you need to first understand the risks and then decide how to deal with them. This forms the first few steps of creating a business continuity plan:
Understand what disruption and disaster looks like
Define all the things that could have an impact on your business, from staff losing access to your office, to weather events, accidents, cyber attacks, power failures, etc.
Identify the risks to your business
Start with a business impact assessment. This will help you better understand the threats and classify their impact — hard or soft. Hard impacts, for example, are more quantifiable like shareholder value or operational capacity. Soft impacts are more subjective to the business and include things like staff morale and market trust.
Manage the risks around that disruption
First you need to decide how to deal with risk. There are a number of ways to do this:
- Accept the risk, understand it and plan for the impact, for example knowing that at some point your staff might not be able to get into the office due to inclement weather.
- Avoid the risk; for example, making sure your patching strategy is up to date in order to avoid exposing vulnerabilities to cyber attackers.
- Transfer or share the risk, such as working with a third-party hosting company who will have strong processes in place to look after your data.
- Mitigate the risk, which forms the basis of devising a disaster recovery or business continuity plan, in the sense that you are planning for the unexpected and devising how to minimise the impact of that risk.
- Exploit the risk if it has a positive impact.
When it comes to risk mitigation, it is here that you need to develop your strategies and put them into place. This can be anything from disaster recovery to help you recover data, through backups or data centre failover; to workplace recovery that enables you to shift operations to another physical site so staff can continue to work and serve customers.
Disasters and disruption aren’t always as obvious as you think. Yes, there’ll be planning for a natural disaster or cyber attack, but also consider for example a neighbourhood gas leak that closes the roads around your business or a fly infestation that leads to a fire (a real example from one of our customers).
You can find out more about planning, best practice approaches and what else to consider in our latest guide— Keep calm and carry on — a guide to business continuity in a digital age.