Tuesday 2 March 2021

The importance of Business Continuity Planning and key steps to take


I wrote the below few weeks ago.

The importance of Business Continuity Planning and key steps to take


Here we are, 12th of Feb 2021 and Victoria will be going to its 3rd COVID lockdown. This pandemic is not the first and won't be the last. For organisations, a disaster won't give a warning before it strikes. Today it's the pandemic and tomorrow it might be a terrorist attack or a computer virus. Who knows… but the most important task for you as a leader in your organisation, is to make sure you have a plan when disaster strikes. Business Continuity Planning is not a new thing because of COVID. Especially living in Australia, if you are in an area where bush fires can be a risk to your family (The business in this example) you will have a plan. What do we do? Essentials already packed and in a bag, what route to take and how, ect. In a nutshell this is what a Business Continuity Planning is. It's a plan that has all the information required to allow your business to run during and after a disaster. 

   

Step 1 - Understanding the impact


WHat will happen to your business if there is a disaster? What will stop? What will work? What does a disaster mean to you? Before you can come up with a plan, you need to understand the impact because then you will know what you are trying to solve. Questions such as the below need to be asked. 


  1. What are the critical functions of my business? 

  2. What are we trying/need to continue?

  3. Financial impact if we don’t continue all the functions? 

  4. Who do I need as support? 

  5. How long do we need to run this plan?

  6. Are we going to run the bare minimum and is that sufficient for us to keep a float?


By conducting an impact analysis you can identify the key business functions that are required for you to survive.


Step 2 - Understanding the risks and come up with mitigation plans 

Start by having a workshop to list all your risks to the business. Examples can be risks such as what happens if we lose the internet, what happens if the system admin, who has all the admin passwords is met with an accident, etc. I know some of these questions are trivial… but think about it, what will really happen if you need to reset a system in your organisation and the one person who knows the password is not reachable? 


Once you have listed all the risks, get everyone in a room and rate the risks. Understand the probability of the risk occurring vs the severity. As an example you can tie the severity to a financial loss. If you are a call centre and you lose all your connectivity to the outside world due to a thunderstorm in the area, the business will lose $7,000 per hour.


The purpose of doing a risk analysis is to come up with mitigation plans. It's all good and well to know what will happen if a risk eventuates. An eventuated risk is not going to help your business to continue. It's the mitigation plan that will help. Going back to the previous example of the call centre, how can we mitigate the loss of business due to connectivity issues due to a thunderstorm? The answer might be Tesla’s Starlink or insurance. 


For every risk you come up with, you should have a probability, severity and a mitigation plan.   


Step 3- How are you going to respond

An incident has happened. How will you respond? You should have an incident response team who will follow the BCP. This team will know exactly when to activate plans. They will need to be trained what a disaster looks like and how to act when it happens. You can have multiple response teams in your organisation. For example the team that is responsible to evacuate the building during a fire might be different to the team that takes over all IT assets when there is a virus attack. 


Within the business continuity plan, you can have an incident response plan that outlines, communication, team responsible, guidelines to follow, who to contact, etc.


Step 4- Recovery


A disaster has happened and now it's about recovering. Have a recovery plan. This will help you recover faster and minimize losses. The plan will include how to restart the business, key resources, timeframes and what constitutes a successful recovery. 



Step 5 - Review and change 

A good plan accommodates change. Always review your plan after an incident. Did the plan work as expected or do you need to update it? Maybe everyone in your organisation didn't know about the BCP because it was a 50 page document. Perhaps do short videos and upload to the intranet page. Send monthly emails to everyone in your organisation with few bullet points about your organisation’s BCP.


Step 6 - Using technology to support BCP


These days there is an app for everything. Do your research on how to use technology to support your business continuity so that your organisation becomes efficient when recovering. BCP software can support communication, planning, security, etc. The below link lists some useful tools that will help with yout BCP.

https://www.beekeeper.io/blog/business-continuity-software-tools/


Cheers

Arjuna "Arj" Samarakoon
at
Labels: , , , ,

The future of software is about no-code platforms

  Great read about the no-code software revolution https://www.inc.com/soren-kaplan/welcome-to-no-code-software-revolution.html Cheers Arjun...