10 key components of a business continuity plan
By Catherine McFarland • 25 Sep 2014
In violation of Financial Conduct Authority (FCA) regulations, thousands (15%) of financial services companies don’t have a business continuity plan in place. This is despite strict FCA demands that financial services companies are able to maintain core systems if the worst should happen. Here are 10 essential areas to address when you’re writing - or simply refreshing - your business continuity plan.
What is business continuity management?
Firstly, let’s take a look at what we mean by business continuity management.
Business continuity management is a holistic management process that identifies potential impacts that pose a threat to business, and provides a framework for building resilience against them. It constitutes an effective response that safeguards the interest of its key stakeholders, reputation and revenue-generating activities.
These impacts, or disasters, can be triggered by events such as fire, flood, a phishing attack, a local security alert or even a tube strike. Impacts on your business include:
Loss or failure of resources (including people and technology)
Loss of information
External events such as vandalism or ‘acts of God’.
What is the purpose of a business continuity plan?
Minimise interruption of normal operations
Limit disruption and damage
Minimise any financial impact
Establish alternative means of operation
Train personnel in emergency procedures
Provide smooth and rapid service restoration
So here are 10 key areas that your business needs to consider so that you can build a really sturdy business continuity plan that you can rely on.
1. Chain of command
Identify your chain of command. This is normally held by the directors, although can vary according to your business size and structure. If your business in on the larger end of the SMB scale, your chain may extend to deputy directors or operational managers.
2. Risk assessment and response
Asses the types of risks your organisation could face, and devise actions to help you overcome these. Risks could vary from data corruption or loss due to cyber-attack or total loss of your place of work due to fire or flood.
3. Core business systems
Some areas of IT are so critical that the business would not be able to function without them. Assess each of your core business systems in terms of their criticality to your business.
4. Crisis management group
For larger companies, it’s worth putting together a crisis management team to coordinate your business continuity plan. This team should include all your primary business function managers. Work out who is responsible for communications with customers, suppliers, partners, employees, emergency services, utility providers, insurers and the media.
5. Key contacts
Consider which contacts outside your organisation need to be alerted. These can vary according the type of disaster. For example, if you lose your site or access it to it, you will need to advise your site landlord and building insurer.
6. Staff contact details
Make sure to have a current record of all your employees’ contact information so you can communicate with them.
7. Recording incidents
Record details of all major incidents and actions. You can then refer to these notes if there is any further investigation. It will also inform future business continuity planning.
All staff should be made aware of their roles and responsibilities within the business continuity plan. Responsibilities should include awareness of key policies and procedures and the content of the business continuity plan itself. They need to know who to contact in case of an incident, and how they can contribute to the plan’s implementation
9. Review and test your business continuity plan
This is often ignored but is incredibly important. You must conduct a comprehensive risk review annually and then test the different response elements of the plan.
10. Critical document names and storage
Make sure you know the names and locations of documentation essential for your disaster recovery. Crucially, make sure the key people can access it.
You can download our free business continuity pack here. It includes your own editable business continuity plan template, plus a 25-minute recorded how-to guide.
To find out more about how disaster recovery in the cloud can help with your business continuity, check out these FAQs on ‘Why disaster recovery’?
Or for some hard-hitting stats and stories, check out this blog: “IT outages and cyber-attacks: five data loss statistics and disasters.”
For further guidance on FCA requirements, see www.fshandbook.info/FS/html/handbook/SYSC.
Share this post