Business continuity is aboutexpecting the unexpectedand preparing
for a system failure.
Business continuity aims to prepare for natural disasters,
accidents, transport problems, security threats, hacking and other
e-crime, as well as problems such as avian flu.
A business continuity plan spells out how you restore normal
service in the event of one of these risks becoming a reality.
It differs from
disaster recovery, which is about getting systems
up-and-running following a system failure. In contrast, business
continuity is about whether an organisation can carry out its core
business functions in any circumstances - this is about people,
processes and policies, as well as technology.
The business continuity committee must first identify which of a
firm's activities are the most critical. In the event of a
disaster, some services must be restored quickly (such as customer
service and payroll), while less critical services (like the staff
canteen) could be restored over a period of days or weeks.
Once the core business processes are identified and prioritised,
continuity experts advise a risk analysis, to assess how vulnerable
the company's processes are. There are lots of audit tools to help
with this process.
Once the risks are identified, the business should consider
whether to eliminate or mitigate a risk, rather than planning to
recover from a problem later.
Technology can improve business continuity with, for example,
data-mirroring, off-site back-up and "battle boxes", which ensure
companies always have access to a safe copy of critical manuals,
processes and software licences.
The key questions
The Business Continuity Institute recommends businesses answer
the following questions when creating their business continuity
plan. What if:
• Our electricity supply failed?
• Our IT networks went down?
• Our telephones went down?
• Key documents were destroyed by fire?
• Our staff could not gain access to the building for days,
weeks or months?
• There were casualties?
• Our customers could not contact us?
• Our suppliers could not supply us?
• Our customers could not pay us?
• We could not pay our suppliers?
Recipe for a sound plan
• Consult throughout the business.
• Use non-technical language that everyone can understand.
• Make it clear who needs to do what, and who takes
responsibility for what. You should always include deputies to
cover key roles.
• Use checklists that are easy to follow.
• Include direct instructions for the crucial first hour after
an incident.
• Include a list of things that do not need to be thought about
until after the first hour.
• Agree how often, when and how you will check your plan. Update
it to reflect changes in your company's personnel and the risks it
might face.
• You will never be able to plan in detail for every possible
event. Remember that people need to be able to react quickly in an
emergency: stopping to read lots of detail may make that more
difficult.
• Plan for worst-case scenarios. If your plan covers how to get
back in business if a flood destroys your building, it will also
work if one floor is flooded.
Business continuity - news stories
Floods offer £170m disaster planning lesson >>
Investment in disaster recovery expected to rise >>
Business continuity - features/analysis
Business continuity - keep on running >>
Plan for the unexpected >>
Business continuity - weblinks
Continuity central
>>
Business Continuity Institute
>>
Good practice guide from
the BCI >>
Business continuity directory >>
Business continuity guide for small businesses >>
Business continuity definition >>
Business continuity - blogs
David Lacey's
security blog
How business continuity is changing >>
Tony Collins'
project management blog
How the NHS IT programme, TPP's SystmOne, CSC and BT can help GPs
during the floods >>
Silicon Valley Power Outage: Web 2.0 Honchos Fume >>
Should disaster recovery centres be locally or geographically
dispersed >>