Business Continuity Management

62Business Continuity Management (BCM) usually involves having a contingency plan in place should disaster strike, to ensure that essential functions can continue during and after the disaster, and to minimize the disruption by avoiding the impact of an unplanned interruption of service.

One of the most well-known precautions that companies take is to have off- site IT back up. But this is only the first step that most companies will need to take.

The objective is to prevent interruption of critical functions and to return to normal functioning as soon as possible. It is impossible to envisage and guard against all the potential events that could interrupt business as usual. So the key to effective planning is to consider the loss or non – availability of key resources, no matter what the cause.

First of all the critical functions and processes necessary to keep the business running need to be identified. Each business critical function should have its own contingency plan, independent of the others, which allow for it to maintain essential services.

The plan describes how the organisation will deal with a disaster and the precautions it takes to minimise the effects and allow the business to return to normal.

Developing the BCM plan

A Business Continuity Management Plan sets out clear roles and responsibilities, nominating staff assigned to manage liaison with customers, employees and the emergency services.

It lists contingency plans to enable key business activities to continue in a crisis and also details emergency procedures to ensure employees’ safety.

To develop the BCM plan, the management team need to identify the parts of the organisation that they can’t afford to be without. Depending on the business, this may include maintaining information, stock, offices or other buildings, protecting staff, accessing key pieces of equipment, or the ability to communicate with remote teams delivering a service.

The team first need to identify the business’ key products or services, and the critical activities and facilities required to deliver them without interruption.

Then they will need to identify the risks to the critical activities and facilities,  and then consider how they can maintain these critical activities in the event of different types of crisis.

Should we use consultants to develop the BCM plan?

There are consultants who will develop a BCM Plan on behalf of a management team. But apart from the cost involved, they are not as well placed as the management team themselves to understand how the company works, and what the critical functions are.

An added advantage is that, if the management team are involved, they will have “buy in” to the plan, and an inherent understanding of it .They will have personally been involved in developing the process, and will probably achieve a greater understanding of how the business works in the process.

They will also be in a position to evolve the plan as the business changes, grows and adds new technology. They will be in a strong position should the plan ever need to be implemented, as they will know and understand it.

A compromise might be to use an outside consultant to mentor the management through the process, which will afford some experience to the project, keep costs low, and involve the team at every step.

Minimum the BCM plan should include

The BCM plan should include;-

  • BCM plan leader – name and contact details
  • Nominated management team who will make key decisions
  • Team members contact details
  • Nominated meeting point
  • List of business critical functions, with summary of necessary details
  • Recovery plan outline
  • Arrangements for Telephone diversion
  • Employee’s Emergency contact numbers, next of kin names and contact details
  • Resources required, with appropriate details e.g. staff, work area, IT, telecommunications
  • Contact details for agencies nominated to support recovery e.g. outsourced third parties
  • Address of nominated recovery site if applicable
  • Contents and storage location of any offsite disaster pack, or IT back up, vital records, any offsite records
  • Contact list of major customers, suppliers, and subcontractors
  • Team cascade list, to allow dissemination of information to staff
  • Network infrastructure plans, factory floor plans, any other technical information
  • Any specific risk hazard, such as chemicals in the factory

Back up

The BCM plan may be hard copy, or software based. In the latter case it should be backed up offsite, perhaps by an independent third party. In either event the plan should be readily available offsite to whoever needs it, and in a format that is quick and easy to access, so time is not wasted in an emergency going through the rationale for the plan.

Each person required to take specific action should be able to immediately access the part of the plan that lists their urgent actions.

Business Impact Analysis

The team will analyse the impact on the business if provision of key products or services were disrupted for a short term such as a few hours, a medium term such as a couple of days, and also a longer term, say two weeks .This will enable the team to assess how tolerant the business will be of a disruption to delivery, and how soon normal activity must be resumed to avoid damage to the business.

This will enable them to determine what resources are needed to maintain services at an acceptable level.

From this information the BCM strategy can be developed, and implementation plans put in place.

These plans should be regularly reviewed, all staff must be made aware of their existence, and new staff should receive training. Plans should be validated by discussion of scenarios, and exercises should be held to check plans are still relevant and robust.

Handling the media

Today, one of the most feared incidents is terrorist attacks such as 9/11, or the Charlie Hebdo attack, which are staged to draw attention by social and news media.
Other difficult- to-handle events, such as product withdrawals or product tampering require careful media handling, and an understanding of how events can spiral out of control in the hands of news or social media. It is important that the media are fed information, or they will speculate.

There is often a standing instruction in larger organisations that all staff should refer press queries without comment to a nominated contact in the organisation, who should be able to respond quickly on behalf of the company .This prevents a member of staff giving incorrect or damaging information , or an adverse personal opinion, to the media.

If there is an outline media crisis plan in place, it can quickly be adapted to the current crisis. The company needs to show that is controlling the situation, carrying on with business and that there will be no long term effects for the company.

Media should be handled in such a way that the company assures the public it sympathises with those who have suffered, and apologise. They also need to be open about what went wrong and what action is being taken.

For these reasons a company will probably choose to have a crisis media plan. This will include when and what to say to the public, and develop an appropriate press release.

The plan will also nominate one or several spokespeople, who may be a PR representative, an executive of the company, or even a service user.

The plan will deal with all outlets, such as print and broadcast media, online and the company’s own website.

The business may have a group of “friends” outside the company it can call on to speak in support of it at difficult times. They might be politicians, partner companies, suppliers, celebrities, or clients and customers. They might make a statement, or offer support on social media.

So companies can, and should, take some action to prevent disaster striking them and to plan to mitigate the events of a crisis.

All staff should be aware of potential threats, and sensible precautions should be taken to avoid, for example, letting strangers into the building. All offices should have at least minimal door security.


Business Continuity Management — 86 Comments

  1. Thanks very much for the course. it really interesting and I know it help me plan for the future should any inevitable happens. This course is also a tool that guide us in our daily activities.

  2. Thanks you very much for the course BCM
    I really welcome and enjoyed these notes

  3. Vital information for business advance planning, great information forwarding consideration

  4. The information gotten on this presentation and previous ones are so educating and can make a hearty participant stand to help in management position in an organization. Pls I would appreciate it if examination can be scheduled and interested applicants can be CERTIFIED. Thank you

  5. learning will never stop at every level you are ,new thing continue flocking into management arena so i have benefited so much.
    thanks for your detailed research

  6. It’s refreshing to know that it’s always good to have a contingency plan in place when managing a business or an institution. I now confident enough to have a BCM in place to ran an institution effectively in this modern management environment.

  7. i had learn more on how to learn well organise business which need team work toenable our bussine to smooth

  8. I have really enjoyed every bit of this BCM lesson very well. A lot of lessons being learnt. Thank you.

  9. it’s really an interesting section here. my business must have a bcm soonest to standstill during disaster.

  10. It is evident why many businesses struggle to rise when disaster strike
    . Every organisation will need a carefully crafted BCM Plan and I’m happy I have been able to read through the tips given in your management course.
    -Very clear and well presented

  11. These lessons are very important. Because when I read the continues lessons. I get more advantage and good experience, when the person needs to get more consultant it can look back previous lessons which talked about business

    So that I welcomed these continues lessons