LLast week we introduced what Business Continuity Management (BCM) is and some of its benefits. We also defined what Business Continuity Planning is and started discussions on how to develop a Business Continuity Plan. Of the three components of business continuity planning, we have picked up risk assessment and some aspects of business continuity planning. Today we will conclude aspects of contingency planning and move on to the other two components of contingency planning, disaster recovery and recovery, and testing, approval, and implementation.
Four other important aspects of business continuity planning are:
• Succession Orders: A business continuity plan should include clear succession hierarchies. For example, who should act on behalf of the manager if the manager is incapacitated or unavailable for any reason during a continuity period? Who should act for the Marketing Director when the Marketing Director is unavailable during a continuity period? Similarly, all other key positions must have successors who have the full powers and authority of the substantive but unavailable officer until the latter is reinstated.
• Plan activation and deactivation: There should also be clear activation and deactivation of continuity plan procedures. This is about which specific incidents will trigger the activation of the plan and which achievements will trigger the deactivation of the plan. Who should enable (and disable) the continuity plan? How should activation (and deactivation) be communicated?
• Plan Reviews: A business continuity plan has a life of its own, determined by a validity period and other requirements. Consequently, it needs to be reviewed from time to time, either because it has “lapsed” or because there are fundamental changes in operational risk and/or other issues that need to be incorporated into the plan.
• Document the plan: Regardless of the size of your operation, there is a need for the plan to be formalized in a document. There are simple and free templates that are suitable even for small operations. They help you think through the problems methodically.
The other two main components of the business continuity planning process are as follows:
Disaster Recovery and Restoration (‘DRR’): The ultimate goal of any business continuity plan is fast, effective, and efficient recovery from a disaster and restoring normal operations from unplanned disruptions. The purpose of disaster recovery and recovery activities is to ensure you are able to assess the extent of the disruption, determine what human and other resources are required for rapid recovery and recovery, and how to mobilize all of those resources.
This phase of the planning process consequently involves the use of pre-established communication channels, the deployment of key personnel, the provision of raw materials, etc. Your DRR strategy aims to provide capacity for rapid but detailed disaster assessment and communication between individuals and with units and other organizations , assigning individual and team responsibilities and providing resources needed to restore normalcy.
A particular element of disaster recovery and recovery that is particularly critical is communication between key personnel and also with suppliers, customers, your external engineers, regulators, etc. A contact list of all key stakeholders and operators is an essential part of this part of the plan.
Test, Approval and Implementation (‘TAI’): As the name suggests, this is the phase where three integrated sub-components of the plan are carried out.
• Test the plan: The first sub-component includes the development of test criteria and procedures. How well are the components of the plan aligned? How easy can procedures be carried out? At the end of this phase, you need to be sure that your plan is executable.
• Approval: This is the phase where the test results are reviewed and approved if they meet the set goals. While approval itself is the responsibility of senior management, employee opinions and suggestions should be considered.
“Renewal” and “Maintenance” and two important aspects of this process. At the end of a predetermined period, the plan must be reviewed and re-approved to ensure it is consistent with current and valid strategic objectives. If certain fundamentals change, the plan should also be reviewed to ensure alignment is maintained.
• Implementation: Once the plan is approved, it should be available to those who should have it. Those executing certain aspects of the plan should be trained to do so competently.
Below is a schematic representation of the three main components of business continuity planning and how they relate to each other.
Regardless of the type or size of your business, you and your team should consider and develop a business continuity plan that meets your needs. For large companies, business continuity plans are elaborate and detailed documents that need to consider not only some of the factors discussed here, but others as well such as diversity, time zones, multiple locations, multiple operations, etc. For the entrepreneur, you only need one document that is simple but is practical and effective. Thinking through the problems and writing them down will force you to come up with solutions to problems that work and can save your business in tough times.
This concludes the series on business continuity management. Next week we will be Making Partnerships Work!