Essential Steps for Developing Business Continuity Plans
Create a process for planning how to maintain critical functions. Afterward, document and validate the plans.
Solution Design and Implementation
Once you have identified the requirements for each critical function, plan how to maintain or resume them in case of disruption. Consider the range of solutions available for each resource requirement, implement the preferred strategy, and address any potential gaps.
Solutions include:
- Diversifying (e.g. having separate locations to carry out the same activities in parallel)
- Replicating (e.g. having staff trained in another location to perform a critical process, but not as a regular procedure)
- Utilizing standby options (e.g. maintaining an alternate facility that can be made operational within the recovery time frame)
- Acquiring a resource or service after an incident
- Outsourcing the function to an external party
- Insurance
- Implementing manual workarounds
- Doing nothing.
To implement solutions, you may require additional expertise or resources, such as IT. Take into account your organisation’s context and perform a cost-benefit analysis to decide which solutions to pursue.
Apply your chosen solutions to all resources that support business continuity: people, facilities, supplies and equipment, information, technology, and suppliers.
Documentation
Create a business continuity plan to document your organization’s procedures for responding to any type of disruption.
The structure of your business continuity plans will vary based on the size of your organization.
Small organizations may have all the information in one plan.
Larger organizations may have separate plans to cover different requirements or business functions. For instance, a large organization may have an overall plan that defines the business continuity scope and response procedures, as well as individual plans for business units, service locations, or specific functions.
Your organization’s plans should include:
- Notification, activation, and escalation processes
- Roles and responsibilities for invoking the plan and responding to disruptions, as well as authority for these roles
- Leadership continuity
- Structures and processes for responding to disruptions
- Requirements and timestamps for critical functions, as well as processes for maintaining them (including where detailed operational procedures or plans can be found)
- Internal and external communication procedures
- Links to other plans and processes within the organization.
Plans should be straightforward, fit the task, and user-friendly when responding to an emergency. Utilize templates and checklists to make plans accessible.
Simulation Exercise
Systematically train for handling disruptions by running exercises. Test, assess, practice and improve your organization’s plans for ensuring business continuity.
Exercises validate assumptions made during planning, identify issues and gaps, and build the capability of response teams. Run regular exercises as part of a continuous improvement process to gradually build capacity and capability over time.
The type of exercises used depends on objectives. Each requires preparation and facilitation time, carries a different level of risk and cost.
| Exercise | Description |
|---|---|
| Discussion exercise | A discussion where participants ‘walk through’ plans, or focus on a particular area for improvement. |
| Scenario exercise | A discussion exercise with a scenario and timestamp. Participants demonstrate their response plans as the situation unfolds. |
| Simulation exercise | An exercise with a more elaborate scenario, with information introduced as the situation unfolds, simulating a real incident. Participants rehearse their roles. |
| Live exercise | A real-time rehearsal of part or all of a response. |
| Test | Testing of technology, equipment, or procedures, resulting in a pass or fail. |