The rapid pace of progress and development in the world also signifies increasingly stronger counterforces such as terrorism and more sophisticated and frequent cyber-attacks. As such, it is more important now than ever to plan, develop and implement a business continuity plan that is robust, resilient, and can see a business through times of uncertainty.
ISO 22301 is the international standard that helps organisations protect and recover from disruptive incidents. It is systematic and applicable to any organisation regardless of size, type, and sector. It is crucial for businesses to use ISO 22301 in protecting and safeguarding their business, especially during periods of uncertainty.
- Identify your core business functions
According to Mercer’s Business Responses to the COVID-19 Outbreak Survey, 51% of organisations globally do not have a business continuity plan in the case of emergencies or disasters, such as the current outbreak of coronavirus. In Asia Pacific alone, 61% of small-medium businesses (SMB) in Asia Pacific have reported a fall in sales due to the Covid-19 pandemic, according to the State of Small Business Report by Facebook.
Therefore, businesses should identify their core operations and develop a counter-threat approach so that they have clarity on the priorities of the business and can mitigate risks of failing as much as possible.
- Develop a plan
Every solid business continuity plan requires the seven P’s:
- Providers (internal and external suppliers)
Without these elements factored into the continuity plan, the plan will still contain many loopholes that create more vulnerabilities and loopholes that can lead to failure in times of crisis. Businesses are recommended to refer to existing frameworks such as ISO 22301 when developing their business continuity plans.
- Involve other stakeholders
Rope other people with relevant credentials, roles, and functions into the planning process as well. This includes your suppliers, managers, and supervisors who play a key role in providing you with insight on what normally happens on the ground with your staff or clients. Work with these different parties to develop a plan that includes all the parties that make your business work.
Plans are useless if they are not communicated to the people who are involved in making that plan work. It is critical to ensure that these plans are properly documented in a way that is easy to understand, and accessible enough for it to be disseminated among your staff. On top of that, it is also helpful to share the non-confidential aspects of the plan with your clients and other key stakeholders to increase their confidence in your ability to run during times of crisis.
- Test your plans
You will only know the viability and success rate of your plan once you test it out. Testing them out in mock scenarios will also highlight and flaws and loopholes. It is recommended that you involve clients and suppliers in your mock tests, and also conduct these tests in varying conditions, settings, scenarios, with varying key players.
- Ensure that your suppliers are factored into the plan as well
Disruption in supply chains is more common than we think, and this can also throw off business operations and damage their reputation if they are unprepared for it. Similarly, identify your core suppliers and make the necessary continuity plans and arrangements with them. It is also worthwhile looking into increasing your number of suppliers, or increasing your stock of critical supplies.
- Ensure continual improvement
Conditions and circumstances are evolving all the time, especially with the rapid pace the world is developing. If your business continuity plan was developed 10 years ago, it is time to update them. It is generally a good practice to ensure that all your plans are up to date with the current status of the world, and generally, data and insights gathered from internal audits, tests, management reviews, and workplace incidents can contribute to organically updating your continuity plan.
- Make sure the plan is aligned to your business objectives
Plans that don’t align with the business’ strategy and objectives are unlikely to succeed. Make sure that your plan looks at the long-term trajectory of your business and incorporates the mission, vision, and core values that your business was founded upon.
- Ensure that your organisation is insured
Sudden disruptions can be extremely costly, so ensure that your organisation and its employees are insured against worst-case scenarios.
- Have an incident communications plan
Clarity is key to navigating tricky situations like this. Set up a communication system and structure in place during times of crisis so that everyone in your organisation knows what to do and who to go to for instructions.
- Have you determined the external and internal issues relevant to your organisation’s purpose that affects your ability to achieve the intended results of your BCMS?
- Have you determined the needs and expectations of relevant parties and stakeholders in the BCMS?
- Have you established the risks and opportunities that need to be addressed to ensure the BCMS can achieve its intended results?
- Have the policy and objectives for the BCMS, which should be compatible with the context and strategic direction of the organization, been established and communicated?
- Has a programme to ensure the BCMS achieves its outcomes, requirements and objectives been developed and implemented?
- Has the organization determined and provided the resources needed for the establishment, implementation, maintenance, and continual improvement of the BCMS?
- Does the strategy provide for mitigating, responding to, and managing impacts?
- Have prioritised time frames been established for the resumption of all activities?
- Is there a procedure for managing internal and external communications during a disruptive incident?
Our experts have extensive experience in the field of business continuity management. In just three steps, we determine the maturity of your business continuity, develop a shared procedure for its continuous improvement, and work with you to develop shared emergency strategies and plans:
- GAP analysis
We analyse the existing aspects of your business continuity management system or IT emergency management system and its maturity level.
- Improvement planning
Based on this analysis, we identify the measures needed to improve the maturity of your business continuity management system. We develop pragmatic approaches and measures that help you establish a suitable business continuity management system that evolves and improves over time.
We work with you to implement the improvement plan and coach BCM officers how to implement and establish management tasks. This will give you the tools you need to handle a disaster or major incident, so you can act and react precisely and effectively in the event of an emergency.
The BCMS will be designed, implemented, and operated based on the standards ISO 22301 and ISO 27031.
In addition, our "survival mix – risk and business continuity management" offer can bring together various analyses of threats ensuring alignment of your BCMS with identified risks.