The Covid-19 Pandemic that has taken the whole world by surprise has sure interrupted the operations of many businesses across the continent, while some organizations have completely halted business operations others have directed staff to work from home and some have had to lay off staff.
Now there is a possibility that some of these businesses might not be able to recover and continue business as usual after this pandemic is over, and this where a business continuity plan will separate the “wheats from the tares”. The BC plan and strategy will differentiate a proactive organization from a reactive one. Now if you have not put one in place, not to worry, this article will guide you through the process of setting one up.
According to an article written by Kim Lindros and Ed Tittel, “Business Continuity refers to maintaining business functions or quickly resuming them in the event of a major disruption, the business continuity plan outlines procedures and instructions an organization must follow in the face of such disasters”. A BC plan is proactive plan to avoid and mitigate risks associated with a disruption of operations that details steps to be taken before, during and after an event to maintain the financial viability of an organization.
Let’s say there is a pandemic for instance and the whole city has been put on lock down, are there plans to cater for customer demands? Can employees work remotely? The business continuity plan ensures that these concerns and more are addressed.
First step to take in implementing a business continuity strategy in an organization is to sit with each process owner to assess their processes to find vulnerabilities and how it would affect the organization if their process cannot function for particular periods of time. This is usually called a Business Impact Analysis (BIA) and also carry out a Threat & Risk Assessment for each department. Without understanding your organization’s processes, how critical those processes are, and the threats and risks inherent in your operations, you cannot effectively develop appropriate plans and strategies.
After this first step of assessment, the next step would be to perform the following
Business Recovery Planning: This plan is to ensure that your critical business processes can be recovered in the event of an emergency. Your plan will document the actions, including temporary workarounds, that will be necessary to keep critical functions going until IT applications, systems, facilities, or personnel are available.
IT Recovery Planning: this refers to the development of plans and strategies for the recovery of your technology, including actions that will be necessary to restore critical IT applications and systems. This period has also shown a lot of functions can be done virtually which is an area of improvement for your IT systems.
People often think that a Business continuity plan is the same with a Disaster recovery plan but they are actually not, while Business continuity plan seeks to ensure that the entire business can recover after major disruptions the Disaster recovery plan places focus on recovering IT operations. So the disaster recovery plan is an aspect of the business continuity plan which must be considered when developing the business continuity plan.
A core part of the BC Plan is Testing and Lorraine O’Donnell reiterates this in this statement, “Obviously, a real incident is a true test and the best way to understand if something works. However, a controlled testing strategy is much more comfortable and provides an opportunity to identify gaps and improve.” Testing the plan is what gives confidence that the plan is effective and would be sufficient in the occurrence of a real incident. Testing of the business plan should be scheduled by the organization as it fits its operations, there are a couple of ways the business continuity plan can be tested some of which are:
- Checklist test
- Structured walk through test
- Emergency evacuation drill
- Recovery simulations etc.
The best approach to ensure all t’s are crossed and all I’s are dotted while putting in place a Business Continuity Plan for your organization would be to implement the requirements of the ISO/IEC 22301 Standard. The ISO 22301 is a Business Continuity Management system standard that was reviewed in 2019 and provides a framework to plan, establish, implement, operate, monitor, review, maintain and continually improve a Business Continuity Management System.
To get more in-depth knowledge on Business continuity strategies or to become a pro in the implementation of Business Continuity Management System, make sure you attend our trainings. Check out our training calendar on www.tenol-alpha.com/upcoming-training for our training schedule. Also to get your organization certified to the Business Continuity Management System (ISO 22301) in order to increase customer’s confidence in your ability to swiftly recover disruptive incidence, you can request for a quote by sending a mail to email@example.com
JIBOLA OLORUNNIMBE and OMOBOLA OROPO