The Noggin Blog

During the Coronavirus Pandemic, Get Back to Business Continuity Planning Fundamentals

Posted by The Brain on Apr 1, 2020 5:50:55 PM

 

If you didn’t know before, a mainstay of business continuity management is the business continuity plan (BCP), a collection of resources, actions, procedures, and information, designed to prepare organizations to maintain essential functions in the event of a major disruption like the coronavirus pandemic.

After all, it’s the planning effort that ensures critical operations remain available and minimizes major impacts, up to and including business closure. But even the best-laid contingency plans will need an update in this coronavirus moment. What does it take to develop an effective plan?

Best Practices for Building a Business Continuity Plan

Well, business continuity planning involves documenting procedures to guide how your organization will respond to and recover from a disruption. Putting together the actual plan usually falls to a governance committee; updating it during a disaster might fall to the Pandemic Response team, though.

In either case, C-suite involvement is critical. Most business continuity governing committees are headed by an executive sponsor. That sponsor is nominally responsible for initiating, approving, auditing, overseeing, and testing the BCP.

Meanwhile, day-to-day management falls to a business continuity coordinator, who might double as the crisis coordinator during a disruption. Depending on the size of the company, that coordinator might have a dedicated staff. Other in-house members of the committee include a senior security officer, the CIO (given the centrality of IT systems to business continuity), and senior representatives from the remaining business units.

Before drafting the BCP, the governance committee will undertake a business impact analysis (BIA), a methodical accounting of business activities and the effect business disruptions would have on those activities. The BIA is intended to help organizations isolate critical business functions in tandem with the processes and resources needed to support them. The process should be dynamic, though.

A flexible, action-oriented BIA is imperative. Sure, firms might have a good feel for the services and products they need to continue delivering in order to avoid severe revenue loss in the event of a major disruption. But it’s not a given that senior managers have a more nuanced understanding of the dependencies that underlie those services, especially in a fast-changing public health event.

After all, a lot goes into moving a product: internal dependencies, like employee availability, corporate assets, and support services, as well as external dependencies, like suppliers – all of which are probably being negatively impacted right now. A good BIA will capture all of those contingencies, then rank the order of priority of services or products for continuous delivery or rapid recovery. 

BIA findings then get fed into the BCP proper, which typically covers the resources, services, and activities required to ensure the continuity of critical business functions. BCPs can take different forms. But usually, the following elements are present:

  • A list of relevant company, insurance, and supplier contacts.
  • Helpful information might include links to the appropriate state and federal regulator, e.g. Emergency Management Australia.
  • Relevant standards with which the plan complies, e.g. ISO 22301.
  • Organizing objectives and driving principles. The primary objective of your plan is to ensure maximum possible services levels are maintained. Meanwhile, assessing business risk for probability and impact might also be an important principle to document.
  • The objectives and principles sections might be part of a longer executive summary, a comprehensive overview of the BCP.
  • The contents of the BIA, including a list of likely threats, i.e. building loss, document(s) loss, systems going offline, loss of key staff, etc.
  • Scenario planning for the risks you’ve identified. Once a risk is listed, the plan will outline probability and impact of occurrence, likeliest scenario(s) to unfold, business functions affected, actions to take and preventative mitigation strategies, staff responsibilities, as well as operational constraints.

Drafting the BCP isn’t the end of the story, though. Senior management has to still approve the draft, before the process of validating (and updating) the plan can even begin. What else is involved? Download our comprehensive guide to developing an effective business continuity plan to find out.

 

Download the Guide

 

For more news and updates, follow Noggin on Twitter and LinkedIn.

 

Topics: Business Continuity


Meet Noggin: all-hazards enterprise resilience software.

Thanks for stopping by!

The Noggin software suite provides flexible information management solutions capable of managing all hazards across a wide range of industries, from the smallest complaint to a multi-national emergency. We help organizations handle all hazards, all media, all devices, all processes - in one suite of software products. Organizations across the world rely on Noggin to help them manage disruptive events more effectively and protect the bottom line for their communities and businesses.

Want to learn more? Get in touch:

 

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all