Business Continuity

Business continuity management (BCM) is a process that helps manage risks to an organisation and ensures continuity and recovery of critical functions in the event of a disruption.

Thorough BCM helps organisations identify their key products and services and outlines the potential vulnerabilities of each. Planning and exercising for potential disruptions helps minimize the impact and also aids the swift revival of services. This is a key factor for organisations in terms of protecting market share, reputation and brand.

In order to be successful, BCM must be regarded as an integral part of an organisation's ongoing management processes. To achieve this, top-level support is vital, as it publicizes the importance of BCM throughout the organisation and raises awareness of the necessary shift in culture.

For more information on the elements of BCM, please click on the links below;

Understanding the organisation

Awareness of risks and the impact they could have on key services

Developing Plans

When should Incident management plans and Business Continuity plans be implemented and what level of detail should be included?

Exercising Plans

Validating plans, rehearsing with key staff and testing systems

Training and Awareness

Training and raising awareness amongst key stakeholders in BCM.

Reviewing and Maintaining Plans

Keeping the plan up to date.

BCM Lifecycle

Understanding the organisation

Before plans can be written you must understand the organisation's BCM needs.

Firstly, it is important to identify the key products and services that the organisation delivers. A number of tools are available to achieve this, such as a Business Impact Analysis (BIA). Conducting a BIA identifies the critical activities and resources that support the organisation's products and services and also highlights the impact a breakdown of these may have. Another useful tool is a risk assessment, which helps identify the potential threats to the organisation, and their likelihood.

Back to top

Developing plans

To get the full benefit out of BCM, an organisation should carry out both incident management plans and business continuity plans.

  • Incident management plans allow the organisation to manage the initial impact of an event, such as staff evacuation.
  • Business continuity plans allow the organisation to maintain or recover the delivery of the key products and services that have been identified in the BIA.

Although they have a different focus, both incident management plans and business continuity can be drawn into the same document.

When carrying out a plan, it is also worth considering the level of detail that should be covered. A generic plan is a core plan which enables an organisation to respond to a wide range of scenarios, setting out the common elements of the response to any disruption, including;

  • communication procedures
  • command and control structures
  • access to financial resources

Within the framework of the generic plan, specific plans may be required in relation to particular risks, sites or services. Specific plans provide a detailed set of arrangements designed to go beyond the generic arrangements.

Back to top

Exercising plans

Plans cannot be considered reliable until they are exercised and have proved to be workable. Exercising should involve; validating plans, rehearsing with key staff and testing systems which are relied upon to deliver resilience, such as the organisation's power supply. The frequency of exercises will depend on the individual organisation, but it should take account of the changing risk profile (due to internal and external changes to the business, such as new staff) and the outcomes of previous exercises.

Back to top

Training and awareness

It is advisable to train the individuals who are responsible for implementing BCM, along with those who are responsible for acting in the event of disruption and those who will be impacted by the plans. The individuals involved in implementing BCM may require extensive training, whereas those with no direct responsibility may simply need to be made aware.

Back to top

Reviewing and maintaining plans

Organisations should not only put plans in place, they should make sure the plans are reviewed regularly and kept up to date. Particular attention should be placed on, staff changes, changes in the organisation's functions or services, changes to the organisational structure, details of suppliers or contractors and changes in the organisation's strategic objectives.

Back to top

BCM Lifecycle

The British Standard on Business Continuity Management (BCM) have provided the following diagram to help explain the BCM lifecycle.

BCM Lifecycle Diagram

Further information is also available from UK Resilience

Back to top

Freedom of Information Data Protection