BSI’s top ten tips for business continuity planning
1. Identify critical business functions – Once critical business functions have been identified, it is possible to apply a methodical approach to the threats that are posed to them and implement the most effective plans.
2. Remember the seven ‘P’s needed to keep your business operational – Providers, performance, processes, people, premises, profile (your brand) and preparation.
3. Understand and track past incidents with suppliers – Obtain global/country-level intelligence so you understand what factors may cause a supply chain disruption e.g. working conditions, natural disasters, and political unrest.
4. Assess and Understand Vulnerabilities and Weak Points – Conduct risk assessments to evaluate supplier capabilities to effectively adhere to your business continuity plans and requirements.
5. Agree and document your plans – These should never just be hidden away in the mind of the top management. Assess your ‘critical’ suppliers to make sure their business continuity plans fit with your objectives and are defined within your contract.
6. Make sure plans are communicated to key staff and suppliers – Equally, share them with other key stakeholders to boost their confidence in your ability to maintain ‘business as usual’. This is particularly important for small businesses or those working with suppliers / buyers for the first time.
7. Try your plans out – If possible include suppliers in your exercises and remember to test them not only in scenarios where there may be a physical risk, such as poor weather conditions making premises inaccessible, but people risks such as supply chain challenges and boardroom departures.
8. Expect the unexpected – While lean and efficient supply chains make good economic sense, unexpected events can have a significant impact on the operations and reputation of businesses.
9. Make sure your continuity plans are nimble and can evolve quickly – If your plans look the same as they did 10 years ago, then they probably won’t meet current requirements. Organizations engaged in business continuity management will be actively learning from their internal audits, tests, management reviews and even from incidents themselves.
10. Make sure you’re not just ‘box-ticking’ – Plans which get the tick against the ‘to do’ list but don’t actually reflect the organization’s strategy and objectives can lack credibility and are unlikely to succeed in the long-term. Instead, make sure your plans allow you to get back up and running in a way that aligns with your organization’s objectives.