Adviser: Business continuity plans are vital

Reading about the problems with the Child Support Agency’s IT systems, it is tempting to subscribe to the ‘it couldn’t happen to me’ school of thought. But the reality is that most businesses can expect some service disruption at some time.

Business system ‘outages’, damaged communications infrastructure and other minor and major interruptions cause companies severe problems on a daily basis. No one can predict when a critical business process might be disrupted, but you can predict your response.

Developing a business continuity strategy can fall into three phases: assessment, development and implementation.

Assessment
Identify critical functions and departments. Look at each aspect of your practice or business. Which areas are so fundamental to the operation that without them it would be completely paralysed? These are clearly the areas that the plan should focus on. How long could you survive without that component? What alternative procedures could you use? For example, could fax substitute for email? Could you keep a manual record of key transactions?

Identifying possible risks is never a pleasant task, but what could go wrong? Are you in an area prone to flooding? Could you lose access to your offices for a period? What happens if the electricity supply to the area is inadvertently cut off? And, of course, what happens if your network becomes so corrupted that it can’t be used for weeks?

Development
For each critical function, what is the alternative? For example, if the building is unavailable where will you house your staff? I have seen plans that involve reciprocal arrangements, agreements to use short-term office space and even a plan to set up in a local pub!

A separate plan should be developed for IT, with particular attention to back-up procedures. This should be incorporated into an overall business continuity plan

It is vital to allocate responsibilities. A timely response to a critical failure is essential if the impact is to be minimised. Your capacity to recover all or part of a function, or department, will be greatly reduced if it is not clear who should do what. Then don’t forget to make sure that all concerned are aware of their responsibilities.

Implementation
Whilst the ultimate test can only be a real disaster, many elements can be tested. In part this can take place in a workshop scenario, whilst the IT department should be able to test restore files and other back ups.

Circumstances are continuously changing, so the plan should be regularly updated. Changes in responsibilities and actions in certain circumstances should be clearly communicated to those affected.

Will it happen to you? I hope not. Could it happen to you? Possibly. The question is, are you willing to take the risk of not being prepared?

Mark Holland is a partner in the ISAS group of Baker Tilly. Do you or a client have a problem? Email your questions to [email protected] and we will attempt to get them answered. ?: