Good business continuity planning is above all about identifying and mitigating risks to your corporate environment and, if that fails, then having an excellent fall back plan in place that can manage the business disruption event and get your operations up and running again as quickly as possible.
The BC planning process starts, therefore, with a solid corporate risk assessment process. Any good corporate governance structure will have a robust risk assessment process that is focused around a corporate risk register. This will identify the top half-dozen or more risks to the business, based on a combination of their impact on operations and their likelihood of happening. A risk that scores highly on both impact and likelihood will be marked as top priority for attention.
Once the top risks are identified then mitigating actions will be considered and plotted. After this mitigation process has taken place, then some of the risks might be downgraded if a comprehensive set of actions has been planned that can significantly reduce either the likelihood of the risk manifesting, or the operational impact if it does happen.
The top risks are then re-assessed in the light of the mitigation planning and a new set of risks or a new priority order may emerge. This risk assessment process needs to be conducted on a least an annual basis and quite probably at a more frequent interval than that, depending on how quickly your corporate risk environment is subject to change.
If you need a starting place for your assessment of risk, there are existing pieces of research available that can help you. One of the more authoritative of these is the annual BCI Horizon Scan. The 2016 Horizon Scan highlights the top three risks during 2016 as cyber attacks, data breaches and unplanned IT and telecoms outages, according to the 568 organisations from 74 countries that responded to the survey. The Scan provides a very helpful breakdown of risks by geographic region and by industry sector that can be used to help customise your planning.
Here at Crises Control we encourage you to conduct a risk assessment process when you onboard to our platform. The platform is designed to help you identify your top risks and then develop an incident specific action plan to manage each of the risks if they do occur. Our new action plan wizard will allow you to quickly create your own set of customised incident standard operating procedures. We can also suggest to you, given your location and industry sector, what your top risks might be, based on the BCI Horizon Scan and other research.
Our objective is to help get you up and running with your business continuity planning, incident alerting and incident management capability within a few days or weeks of you joining our platform.
This blog is the first in a series looking at different aspects of best practice in BC planning.