Business continuity: the importance of preparing for the worst

BSI Staff Writer

Published date:

Modified date:

business Organizational resilience is the ability of an organization to adapt and evolve with the ebb and flow of the marketplace. This is accomplished via a variety of means, including having a recovery plan for disaster and a mindful approach to keeping up with the changing needs of consumers.

Business continuity is one of the pillars of organizational resilience alongside governance, resilience and crisis management. Business continuity is how you prepare for and react when disaster strikes in order to mitigate loss and get your organization back to business as usual as quickly and as efficiently as possible.

What does disaster look like?

Disaster comes in many forms, from cyberattack to weather damage. It can be a large-scale emergency or a smaller, more prosaic issue which affects a single business – a network issue, for example. No matter how much you prepare for disaster, there’s nothing you can do to avoid it completely, because it’s impossible to predict what, how or when it might strike.

Why do you need to prepare for disaster?

As many as 75% of businesses fail within 3 years of experiencing disaster. Often, this isn’t just because of the direct cost of the repairs but the indirect cost too. A business may suffer from damaged relationships with suppliers and customers or sustain production losses as a result of running at partial capacity (or not at all) for a period of time.

The Civil Contingencies Act 2004 stipulates that Category 1 responders such as the police and fire and ambulance services must have robust business continuity policies in place. Category 2 responders such as Local Authorities; power companies; and water, gas and telecoms companies must also be prepared with business continuity plans. And the same goes for suppliers for these companies. For these essential services, business continuity policies are essential.

Business continuity policies and the associated standards can also help fortify insurance policies, in some cases giving discounts.

How can you prepare for disaster?

‘Prepare for the worst and hope for the best’ is a motto that often rings true for the business world. You could even go so far as to say that it reflects the underlying premise of business continuity.

Business continuity is about achieving business as usual in the face of disaster in order to mitigate damage to the business. This could be by taking precautionary measures before an incident or by having measures implemented to manage an incident at the time it happens.

Building a business continuity strategy

In order to effectively prepare a business continuity strategy you should follow a logical assessment of the risks:

1) Understanding the risks

Different circumstances present different risks. Businesses in earthquake-liable locations, for example, would be more justified in anticipating earthquakes because they occur more regularly. Equally, a manufacturing business might be at greater risk of fire than an office. Business continuity is all about considering the particular risks engendered by your business and circumstances. Business impact analysis could help you understand what the financial repercussions would be for these activities. In order to do this, you need to ascertain how time critical your business functions are – from production to paying stakeholders. This is to give an understanding of how this could affect your stakeholders, services and products. Once complete, you can begin to think about how these translate into objectives for recovery.

2) Addressing the risks

Once the risks have been identified, you should address ways you could overcome these risks. For example, if your server goes down it could be costly for the business – you might consider installing a backup server to see whether this would reduce the risks. Many risks cannot be eliminated completely, meaning you will need to implement a strategy for dealing with issues when they do occur.

3) Implementing solutions

Solutions are not just about paperwork; they are about expanding your employees’ responsibilities to include business interruption prevention protocols. People should be given specific roles and responsibilities to support these strategies. If needed, training and tools should be provided for these additional responsibilities. It’s vital to consider communication here – who needs to know about which strategies?

4) Reacting in real time

Systems must be honed so that they work in real time in order to be effective. This means considering the situation as it would happen in actuality, not as it would happen on paper, in order to accurately understand the process and how you could mitigate damage.

Standards and business continuity

There are many standards which can help improve business continuity, in particular international standard ISO 22301 Business Continuity. This standard helps identify current and future threats and lets you take steps to mitigate any unfortunate occurrences which might take place. A plan is then put in place to minimize downtime.

ISO 22313 Guidance for ISO 22301 is a complementary standard addressing guidance for the key business continuity standard. This supporting standard looks in particular at societal security and business continuity management systems. It’s about managing the situation and addressing business needs to come up with a structured approach to deal with these two elements.

Looking to the long term

Business continuity is also about being aware of the larger changes going on around you that may affect the organization’s ability to carry on with its activities. Rather than a one-time assessment, business continuity should be a constant process through which you continually adapt and evolve your plan to tackle any issues. This should be part of a wider organizational resilience strategy designed to make your business more robust.

Sources:

http://www.continuitycentral.com/feature1224.html

https://www.irgc.org/wp-content/uploads/2016/04/Herbane-A-Business-Continuity-Perspective-on-Organisational-Resilience.pdf

http://www.thebci.org/index.php/resources/position-statement-on-organizational-resilience

http://www.continuitycentral.com/feature1256.html

https://www.bsigroup.com/en-GB/iso-22301-business-continuity/

https://www.iso.org/standard/50050.html

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/137994/Business_Continuity_Managment_Toolkit.pdf

https://www.rockdovesolutions.com/blog/risk-costs-of-not-having-a-business-continuity-management-program

Click here to provide feedback


Please enter the required field.	This field is required. Please enter a proper email address.

Please enter the required field.	This field is required. Please enter a proper email address.
We need you to provide information about you and your business when you make an enquiry. Find out what this means in our Privacy notice.
Clear form	Send

Our phone number

Business continuity: the importance of preparing for the worst

BSI Staff Writer

Published date:

Modified date:

Site Policy:

You have invited a colleague to register for BSI Member Portal.
Invite again	Close

Business continuity: the importance of preparing for the worst

BSI Staff Writer

Published date:

var pdate = new Date("4/18/2017 12:00:00 AM"); document.write(pdate.getDate() + "/" + (pdate.getMonth() + 1) + "/" + pdate.getFullYear());

Modified date:

var mDate = new Date("4/18/2017 12:00:00 AM"); document.write(mDate.getDate() + "/" + (mDate.getMonth()+1) + "/" + mDate.getFullYear());

Site Policy: