This article has been shared from the UK governments Centre for the Protection of National Infrastructure (CPNI) – the website is full of advice as to how businesses can better prepare for a disaster. Find out more at http://www.cpni.gov.uk/
Business continuity planning
The Business Continuity Plan (BCP) is an essential part of any organisation’s response planning. It sets out how the business will operate following an incident and how it expects to return to ‘business as usual’ in the quickest possible time afterwards.
A BCP need not be specific to terrorist incidents and apply to any major disruption such as a major fire, flooding or power fault.
The plan itself sets out the agreed arrangements for bringing events under control, the necessary resources for maintaining critical business functions and the staff required for co-ordinating actions.
It also needs to be clearly presented, avoiding vague internal references and abbreviations, and structured in such a way that people can quickly find and understand what is expected from them.
A wide range of advice for developing and maintaining BCPs is available but the following is a summary of common principles:
Understanding the business
The first step is to identify the assets and processes that are critical to the business, some may have been identified during recent risk assessment exercises.
Which roles and individuals are vital for fulfilling business commitments?
What equipment, IT, transport etc will staff need to maintain operations?
How long can the business function before full operations are restored?
What alternative resources are available?
Which departments are vital for fulfilling orders and contractual obligations?
Which suppliers and other third parties are integral to daily routines?
The BCP should then present all the steps that staff are expected to follow in the aftermath of an incident in order to maintain essential operations and return to ‘business as usual’ as soon as possible.
The structure and detail of the BCP will vary from business to business and from location to location but, in general, should include:
The initial response
Clear roles and delegated responsibilities for those who will take charge of co-ordinating the initial response and from where in each location.
Do those working with emergency services have access to any prepared response packs
Factors determining part or full evacuation of premises.
How first-aid will be provided
Arranging internal and external communications
Arrangements for marshalling crowds towards pre-determined muster points.
Support for people with disabilities, restricted mobility or other needs.
When and how alternative accommodation and facilities will be utilised.
Arrangements to maintaining access to key records and IT systems
Contingency arrangements for critical operations – financial transactions, client orders, receipt of deliveries, production commitments.
How the appropriate staff will be able to access any contingency sites
Agreed procedures for re-commencing routine operations.
How staff kept off-site from site can be kept informed
If you do not have a business continuity plan in place then consider how best to make your organisation more resilient while the plan is being developed Some initial planning and actions could be taken now, for example:
Cross-training of skills amongst the workforce.
Documenting procedures so that delegated staff can perform unfamiliar tasks.
Agreed relocation options both within and outside the premises (e.g. meeting rooms that could be quickly converted to work areas).
Nominated contingency staff familiarised with any response planning
Remote access to IT systems in nominated back-up locations or staff homes.
Alternative sources of production equipment.
Secure/off-site storage of data back-ups and valuable documentation.
Agreed methods for out-of-hours contact for staff, suppliers, clients etc.
Provision of ‘Emergency packs’ include key documents and items that may be needed by those who manage from an incident room or work with the emergency services
Agree a communications plan for keeping both internal and external audiences informed in the midst of an incident
A wide range of advice on business continuity is available, much of it free. The Government’s Preparing for Emergencies website provides extensive information for business (including ‘Expecting the Unexpected’) and links to key organisations. Defra’s website also contains guidance about contingency planning for a variety of emergencies. More detailed advice for business continuity professionals can be found at the UK Resilience website.
At the local level, the Civil Contingencies Act 2004 requires local authorities to provide advice and assistance to businesses in relation to business continuity management. Consult your local authority’s website for further details.
– See more at: http://www.cpni.gov.uk/Security-Planning/Business-continuity-plan/#sthash.KBUSAmLO.dpuf
https://www.supremesystems.co.uk/wp-content/uploads/2019/10/Copy-of-Copy-of-WellDone-NEW-1200-x-628.png6281200ellen/wp-content/uploads/2020/01/logo-200width-White-B-1-300x123.pngellen2021-08-02 09:41:362021-08-02 09:41:36Sensible Steps To Better Cyber Security For Schools
https://www.supremesystems.co.uk/wp-content/uploads/2019/10/Train-Your-Team.png6281200ellen/wp-content/uploads/2020/01/logo-200width-White-B-1-300x123.pngellen2021-08-02 09:33:462021-08-02 09:33:46Focus on Cyber Awareness Training for the Education Sector
https://www.supremesystems.co.uk/wp-content/uploads/2019/08/Why-Cyber-Essentials.png6281200ellen/wp-content/uploads/2020/01/logo-200width-White-B-1-300x123.pngellen2021-07-22 08:40:212021-07-22 08:40:21Focus on Cyber Essentials for the Education Sector
About Supreme Systems
Supreme Systems is an information technology company established since 2008.
Leading IT Services provider and Cloud solutions for businesses in West Midlands.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.