Last week we introduced what Business Continuity Management (BCM) is and some of its benefits. We also defined what Business Continuity Planning is and initiated discussions on how a business continuity plan is developed. Of the three components of business continuity planning, we took up Risk Assessment and some aspects of business continuity planning. Today we will conclude on aspects of business continuity planning and take up the two other components of business continuity planning, Disaster Recovery and Restoration and Test, Approval and Implementation.
Four more important aspects of business continuity planning are:
• Orders of Succession: A business continuity plan should be clear about succession hierarchies. For instance, who should act for the managing director if the managing director is incapacitated or unavailable, for any reason, during a continuity period? Who should act for the marketing manager if the marketing manager is unavailable during a continuity period? Similarly, all other key positions must have successors that have the full powers and authority of the substantive but unavailable official until the latter resumes.
• Plan Activation and Deactivation: There should also be a clear activation and deactivation of procedures of the continuity plan. This is about what specific incidents will prompt activation of the plan and what achievements will trigger plan deactivation. Who should activate (and deactivate) the continuity plan? How should the activation (and deactivation) be communicated?
• Plan Reviews: A business continuity plan has a life of its own determined by a validity period as well as other exigencies. Consequently, it must be reviewed from time to time either because it has ‘expired’ or because there are fundamental changes in operational risks and/or other issues that need to be incorporated in the plan.
• Document the Plan: Regardless of the size of your operation, it is necessary that the plan is formalised in a document. There are available simple and free templates that will serve the purpose of even small operations. They help you think through the issues in a methodical manner.
The two other major components of business continuity planning process are as follows:
Disaster Recovery and Restoration (‘DRR’): The ultimate objective of every business continuity plan is a quick, effective, and efficient recovery from disaster, and restoration to normal operations from unplanned interruptions. The purpose of disaster recovery and restoration activities is to ensure that you are able to assess the extent of interruption, identify what human and other resources are required for quick recovery and restoration, and how all those resources can be mobilised.
This stage of the planning process will, consequently, include the use of pre-identified communication channels, deployment of key personnel, provision of raw materials, etc. Your DRR strategy is to aim at providing a capacity for quick but detailed disaster assessment, communication between individuals and with units and other organisations, assignment of individual and team responsibilities, and provision of resources required to restore back to normalcy.
A specific element of disaster recovery and restoration that is particularly critical is communication between key staff and also with suppliers, customers, your external engineers, regulators etc. Having a contacts list of all key stakeholders and operators is integral to this part of the plan.
Test, Approval and Implementation (‘TAI’): As the name suggests, this is the stage at which three integrated subcomponents of the plan are carried out.
• Test the Plan: The first subcomponent involves developing testing criteria as well as procedures. How well are the components of the plan coordinated? How easily can procedures be carried out? At the end of this stage, you have to be comfortable that your plan is executable.
• Approval: This is the stage at which the test results are reviewed and approved if they meet the set objectives. Whilst the approval itself is an executive management responsibility, the opinions and suggestions of operatives should be taken into consideration.
‘Renewals’ and ‘maintenance’ and two important aspects of this process. At the end of a pre-set period, the plan must be reviewed and reapproved to ensure that it remains in line with strategic goals, current and valid. Similarly, when certain fundamentals change, the plan should be reviewed to ensure that alignment is maintained.
• Implementation: Once the plan is approved, it should be available to those that should have it. Those to carry out specific aspects of the plan should be trained to be able to do so proficiently.
Below is a schematic representation of the three major components of business continuity planning and how they relate with each other.
Irrespective of your type and size of business, you and your team should think through and come up with a business continuity plan that will meet your requirements. For large corporations, business continuity plans are sophisticated and detailed documents that must take into consideration not only some of the factors that we discussed here but also others such as diversity, time zones, multi-locations, multi-operations, etc. For the entrepreneur, you just need some document that is simple but workable and effective. Thinking through the issues and writing them down will force you into developing solutions to problems that will work and can save your business in difficult times.
With these, we conclude the series on business continuity management. Next week we will take up Making Partnerships Work!