5 steps to business continuity in 2019

New Year's resolutions are just as important for businesses as they are for people.

It's vital for businesses to be positive, forward-thinking and improvement-oriented.

But with Brexit and a potentially difficult 2019 looming, it's also crucial that they take steps to secure continuity and plan cautiously around potential risk events.

The Qualsys team have put together a 5-step business continuity action plan to help get you started. 

 

Parachute

 

1. Start at the top

Kate Armitage, Head of Quality, recommends tailoring any business continuity plan to the specific needs of your business from the very beginning.

And that's impossible without getting senior management onboard first.

 

There are a few key ingredients you can present to senior management to help any new business continuity program off the ground.

1) A cost/benefit analysis

2) A competitive analysis: how similar programs have benefited other companies, and would help you in your market

3) How continuity and disaster recovery relate to any industry standards, regulations or other mandates that would benefit your business long-term.

                                                              - Kate Armitage, Head of Quality

 

kate armitage head of quality

SWOT and PESTLE analyses coupled with industry and competitor analysis will provide the context of and justification for your business continuity plan. 

These ingredients will help secure your budget and board-level support, making the entire project much simpler to kick-start.

 

2. Perform a full business impact analysis and risk analysis

 A BIA pinpoints the key processes and assets within your business - so it's an opportunity to identify and prioritise where to apply your business continuity plan.  

Liam Pollard, Service Implementation Manager, recommends combining a BIA with a full risk assessment.

 

Plenty of businesses identify the key technologies, processes and systems that need focusing on for a business continuity plan. 

But they don't do due diligence around the risks facing these areas - so half the job isn't finished.

Internal and external threats and vulnerabilities will set the shape of your business continuity plan and guide where you focus your efforts.

So start considering and recording your risks - then think about how you'll treat them and preserve continuity after a risk event.

                                   - Liam Pollard, Service Implementation Manager

 

liam pollard 

 

Not every incident and risk event will trigger your business continuity plan - careful research of your risk environment will allow you to determine which incidents to focus on.

 

risk map

Looking to optimise your risk management processes?

Download our free risk resources

 

3. Get SMART

Having specific and measurable objectives will allow you to gauge the strength of your business continuity and disaster recovery programme.

Alex Swan, Senior Business Development Manager, recommends setting specific recovery time and recovery point objectives. 

 

Use your BIA to pinpoint the exact objectives you want to achieve in the event of business disruption.

Your recovery point is the timeframe within which business-critical data must be recovered. For instance, you may set a minimum of a 1-year set of financial data that is needed for the continued operation of the business.

Your recovery time is the maximum time a process can be disrupted before it must be up and running again. For example, you might set a 2-day maximum period that you can operate with a disrupted IT infrastructure before a full recovery must be completed.

SMART continuity goals will allow you to measure your business readiness.

                                   - Alex Swan, Senior Business Development Manager

 

 alex swan business development manager

 

4. Complete a disaster recovery plan

There's no time to plan a response after a disaster or major business disruption.

A disaster recovery plan allows instant response by documenting specific follow-up processes to be stuck to if the worst happens.

Marketing Manager Emily Hill recommends a DRP as a key competitive advantage for businesses.

 

More and more businesses demand a robust disaster recovery plan for potential vendors.

Auditing internal systems, controlling external provisions and proper training are all cornerstones of proper business continuity and disaster recovery planning. 

                                                                       - Emily Hill, Marketing Manager

 

Emily

 

Read Emily's article 'ISO 22301: How to create a disaster recovery plan' for more details.

 

5. Train and drill

Business Development Manager Tom Hodgson recommends frequent exercise and practice of your business continuity plans.

 

Business continuity drills help you ensure your plan works: that your documented disaster recovery processes are appropriate and in the right order, that your data is accurate, and that your staff are properly trained, aware and competent. 

Electronic training management systems can make a huge difference in this area.

After each drill, report on what's worked and what hasn't. 

Then use those findings to make any tweaks and improvements that might be needed.

                                 - Tom Hodgson, Business Development Manager

 

Tom Hodgson Business Development Executive

 

Frequent checks and amends will ensure your business continuity plan is as appropriate and data-driven as possible.

 

Next steps

Build a complete quality management strategy for 2019 with our free playbook:

quality management planning strategy

 

Topics: ISO 22301, Business Continuity, Disaster Recovery

Share your thoughts on this article