Business Continuity Planning
Home

Directory of Links

Services



Managing Your Risks

Why Manage Risk

Our Approach



Contact

Privacy

News

Testimonials



Back

What is Business Continuity Planning?
The Degrees of Risk Approach
Risk Audit
Report
Development and Implementation of the Business Continuity Plan
Testing Plans
Additional Activities
Ordering a Quotation
Contractual Terms and Acceptance

What is Business Continuity Planning?

Also called disaster or contingency planning the principal aim of your business continuity plan will be to ensure survival from a crisis through a formal process which anticipates all of the recovery steps that you will need to take.

Survival needs will of course vary according to the nature of your business but one thing is certain - you must be able to restore critical processes and retain the confidence of your present and future customers.

Any business organisation will be at risk from a wide range of interruption events such as:

  • Major incidents e.g. fire or flood where an entire building - or part of it could be destroyed
  • Minor damage which may be repairable within a short time frame but which will inevitably cause disruption to the organisation and its normal working processes
  • Interruptions to utility services such as power and telecommunications
  • Denial of access to the premises due to police cordon, disruption to the transport network, bad weather
  • Major accident off-site or a scandal, which results in loss of public confidence and subsequent reduction in revenue.

Whilst capable of responding to major events, it is important that your plan is sufficiently flexible to operate for lesser occurences which nonetheless may be extremely disruptive. Examples would be power and switchboard failures.

Any plan you develop should be subject to regular review and include the following elements:

  • A crisis response team to manage the immediate aftermath of a disaster and initiate and oversee the process of damage limitation and business recovery procedures
  • The identification of resources needed for the recovery (guaranteed by contract where appropriate).

Degrees of Risk can help you develop procedures to:

  • Manage the continuity planning process
  • Carry out a risk analysis
  • Add resilience to you operations
  • Create a business continuity plan
  • Understand the typical recovery process
  • Put procedures in place for testing, distributing and reviewing your bcp
  • Ensure everyone knows about your plans.

The Degrees of Risk Approach

The best way to ensure you have covered all your potential risks is to undertake a risk identification and analysis exercise, followed by an impact assessment and the formulation of an organisational risk management strategy. This should then lead to the development of a robust business continuity plan.

Risk Audit

Our approach is to work with you to undertake an initial identification of the risks threatening your earning capacity and estimate the risk of disruption occurring combined with an estimate of the impact on the business. Any existing business continuity plans that you have will also be reviewed.

The objective of the risk audit is to provide a sound understanding of all the risks confronting you and to assess the management systems in controlling those risks.

Report

After the audit a report will be prepared by a suitably qualified consultant summarising each of the risks threatening the business and the status of the relevant management systems. It will also make practical recommendations for improving risk management within the business.

The report will include a comprehensive self-audit system to help meet acceptable standards of physical and information security control. This is based upon BS 7799, British Standard Code of Practice for Information Security Management.

Development and Implementation of the Business Continuity Plan

Following the impact analysis we can offer our standard template to help you develop your business continuity plan. This provides the basic structure for your recovery and defines key roles and responsibilities. We will also help you identify and select contractors to support certain activities.

Testing plans

Once the template has been developed to suit your organisational needs, there will need to be a review of the risks and the plan's effectiveness. The first draft will inevitably be flawed so a series of structured tests will need to be undertaken to iron out any problems. Testing should be conducted progressively; initially as a number of tabletop "walkthrough" exercises. Then it will be neccessary to test individual elements/portions of the plan, e.g. by department, or perhaps a standalone recovery of a telephone or computer system, etc.

Only finally when you are happy with the overall plan you should consider undertaking a "Live" or "Pull the plug" test.

Additional Activities

Following the development and installation of the plan Degrees of Risk would anticipate returning to your organisation at a future date to test the continued validity of the plan.

Ordering a Quotation

This is a complex area and costs will vary depending on the size of your organisation, but typically our professional service charges for an initial risk identification workshop, audit and template will be £2500 plus expenses plus VAT. A binding quotation will be provided after detailed discussion to scope out the nature of the anticipated work.

Contractual Terms and Acceptance

Our standard contractual terms apply which may be obtained on request.

If you wish to make further enquiries about our capability or approach please contact Degrees of Risk. Where we are not able to assist we may be able to recommend other specialist consultants.

Back