##Ensuring Safety through Business Continuity – How to construct a Business Continuity Plan##
In our previous article, we examined the importance of creating a comprehensive business continuity plan. Now let’s consider the information your plan should contain and the basic format it should take.
What information should a Business Continuity Plan set out?
There is no one-size-fits-all template for creating a BCP, but every plan should contain a certain amount of key information. Structure your plan around the following key details:
###The plan’s Scope###
Each plan should feature a detailed account of the business domains, IT systems, hardware infrastructure, employees and processes that the plan seeks to defend in the face of a crisis.
####The plan’s main actors####
The plan should make clear which individuals are tasked with actioning various aspects of it, and lead decision makers should be nominated.
####Backup recovery solutions and redundancies####
The plan should set out details of any data backup solutions that might be called upon in the event of an IT-related emergency. Information relating to accessing and operating these backups should also be set out. There should also be detailed guidance relating to the operation of system redundancies – auxiliary solutions to be implemented in the result of main system failure.
####Third-party support providers####
There should be a detailed list – featuring contact information – of any third-party suppliers or service providers who have been nominated to provide crisis support.
Gathering the above information is a great place to start. Once you have collated the key information you can get to work assembling the framework of your BCP using the 5-stage process outlined below.
###Stage 1 – Carry out a Business Impact Analysis###
Business impact analyses attempt to predict the likely effect of disruption on business processes. The data obtained from a Business Impact Analysis (BIA) will form a crucial foundation upon which your continuity plan can be built.
A BIA will offer insights into the susceptibility of business domains and processes to the effects of disruptive events, highlighting inherent vulnerabilities and any dependencies which exist. The analysis should examine the following areas of your business:
•Customer experience channels – communication media and service portals that your customers have direct access to.
•Data storage – On-premise, cloud-hosted or hybrid information storage and management systems.
•Business management software – CRM, ERP and ATS systems, HR platforms accounting tools, collaboration platforms – basically any and every software programme that aids your business.
•Utilities – Broadband, gas, water and electricity.
The results of the BIA can help you identify the resources, systems, processes and utilities that would be most at risk if a crisis was to present. You can then contrast the risk profile of each, with their importance in the context of business continuity. This will help you decide which systems and processes are most in need of protection and which are more naturally resilient/less vital in terms of operational continuity.
###Stage 2 – Use the outcome of the BIA to explore backup, auxiliary and replacement solutions.###
Now that you have identified the most at-risk business components, you can explore options which will safeguard operations should they fail. Look into backup solutions to protect vital data stacks, examine the viability of engineering redundancy into vital systems, and explore hardware suppliers from which you’d source replacement infrastructure.
•How would you stay in touch with suppliers and partners if your phone system failed?
•How would you recover operation-critical data if you suffered a server failure?
•What might you do to resume service following a major power outage?
It’s at this point you should list all the third-party providers you may wish to call upon.
###Stage 3 -Put pen to paper###
Now that you’ve assessed vulnerabilities, prioritised business components for protection, an drawn up a shortlist of protection mechanisms, it’s time to start creating your continuity plan documents. These should comprise a series of documents, each applying to a specific business department. Each document should feature a step-by-step plan of action designed to moderate the effects of a business crisis.
Identify the backup solutions to be invoked, the failover systems to be initiated and lay out operating instructions for each in a step-by-step format. Include names of nominated plan leaders (personnel tasked with coordinating the crisis response), set out a relocation plan, detailing last-resort measures should your business be forced out of its premises, and give instructions on how to obtain replacement hardware. For the most critical components of your business, the BCP should out lay out recovery protocols in painstaking detail, omitting nothing, to ensure you’re able to restore vital systems in the quickest possible time.
###Stage 4 – Deployment###
This is the point at which you introduce your team to your newly crafted continuity plan. Introduce each department to their respective plans and ensure individual team members are confident about their role within it – some will have far greater responsibilities than others. Ensure your team understand the gravity of the situation that might present and explain that the plan is in place to minimise further chaos and ultimately ensure the continuity of the business. Pay close attention to “plan leaders,” ensuring that they’d feel confident enough to execute their duties without guidance or higher instruction.
###Stage 5 – “Stress test” your BCP###
Ideally, you never want to be in a position where your continuity plan is being invoked. However, it’s important to prepare for that prospect and one of the best ways to do that is through regular preparedness testing.
Elect training leaders and conduct simulated emergencies. Use questionnaires and Q&A sessions to gauge BCP engagement and knowledge. The results of these exercises can be used to identify knowledge-gaps allowing for the effective application of additional training.
##Conclusion##
We understand that business continuity planning may seem like a laborious process, but when business survival is at stake it’s best to leave nothing to chance. Using the process above as a base for your BCP, you’ll ensure that you have the right procedures, fail-safes, backups and support in place to face down any crisis.
Armco IT: IT Support and Managed Services for Businesses Across York, North and East Yorkshire
There’s nothing we love more than seeing Yorkshire businesses flourish by harnessing the power of IT. Our team of dedicated engineers stands ready to help you overcome any technical challenge and deliver tailored solutions that help your business meet its goals and growth ambitions. From our base in Malton, we deliver proactive IT support and services across York, North and East Yorkshire. We have a strong track record in delivering impactful IT to clients across a wide range of sectors, including manufacturing, design and insurance, among many others. We focus on maintaining, optimising and securing your digital estate, so you can focus on the growth and success of your business. Contact our team and let us start our journey together today.