A Business Continuity Checklist
The components of your business continuity checklist and plan depend to some extent on your size, sector and vulnerability to common threats.
But all plans share many of the same general elements. With that in mind, here is what you need to do to put a basic business continuity plan in place, and what it should include.
1. Put together your team
First item is the team, you need to bring together the team that will put the plan together. In a small business, that might just include the owner or CEO and a couple of senior team members. In larger businesses, it might include senior managers plus heads of the most relevant departments, like IT, estates and operations. Each individual will be responsible for drawing up a different part of the plan.
2. Identify your organisations risks
Second item is risk identification, you have to work out what risks you face, and how serious the threat from each really is. This list should be exhaustive, and will be different for different businesses, depending on location, sector, size and other factors. Each risk factor helps you and your organisation scope a business continuity checklist
For example, is your business in or near a flood plain? Do you handle sensitive customer data? How reliant are you on connectivity for everyday operations? For that matter, where are your data and applications stored?
Do not just think about your own business but also the businesses you depend on. For example, are you dependent on an international supply chain that might itself be affected by extreme weather or political tensions (especially if they lead to trade wars)?
Brainstorm your team for this information to make sure you cover every potential threat, and then prepare a business impact analysis.
3. Calculate potential impact
Third item is calculating the potential impact. This might not be an exact science, especially for a small business team, but you need to make at least rough calculations of business impact.
What does that mean? Quite simply, it means that after you’ve identified a threat, you should analyse its potential for business disruption.
For example, if the ground floor of your office was flooded, what would that mean for your people, documents, data, IT and so on. If a container ship is stuck in port by a hurricane a thousand miles away, what would it mean for your ability to make what you make?
Do not forget more humdrum threats. If the power went out for a day, what effect would it have on your productivity and profits?
This analysis should seek to identify weak points in your organisation, and create priorities for protection and mitigation.
4. Develop a working plan
After identifying and analysing threats, you can take a stab at drawing up the first draft of your plan. Remember this will be an evolving plan as you grow and components change both within your business and with external stakeholders. It is not enough to develop a business continuity checklist and leave in in a vault.
Again, the exact details will depend on your company, but the important thing is to map out a clear strategy, set recovery goals and allocate resources.
For each threat, state what it is, the effect it might have, and what the business will do in the event of the threat occurring.
A flood, for example, is a catastrophic event that would keep people away from your premises, cause power outages and take down IT. A mitigation plan might include:
- Contacting a commercial property partner to arrange temporary premises
- Contacting staff and customers to make them aware
- Transitioning to home working and, if necessary, letting colleagues work on personal devices
- Spinning up back-up IT systems and applications stored in the cloud
- That is obviously simplistic, and there is much more detail to add, but by building out each threat in a similar way a fully formed business development plan will gradually emerge.
Do not forget to allocate roles:
- Who will declare a disaster?
- Who will replace hardware (furniture, computers, phones) if required?
- Who will lease emergency office space?
- Who will be responsible for assessing the damage?
Create a chain of command so that everyone involved knows what they have to do and when they have to do it.