How can you keep your business safe?
Every year 1 in 5 Businesses face a major disruption to their services. 1 in 10 of these will cease trading. If your premises were to suffer a fire, flood, utility failure etc, how would you maintain your critical business functions? How will you ensure your business survives?
Start now; you never know what tomorrow can bring.
Business Continuity Advice & Guidance
Under the Civil Contingencies Act 2004 one of the duties of a Local Authority is to provide advice and guidance to local businesses about how to prepare your business for those small or large things (accidental or deliberate) which may cause unforeseen problems to your business.
Business Continuity Management is about protecting the things in your business that you can’t afford to lose, staff, stock, premises, information (customer or product information) and how to plan to try and prevent these things being affected.
Whether you are a market trader, voluntary organisation or have a small/medium business you need your business to be able to continue to keep the profits coming in and to be able to pay your staff.
Question: I don’t have a lot of time – what can I do?
There are 6 basic steps you should think of for Business Continuity
- What makes your business tick? What is its purpose and what are the products / services of the business?
- Assess the risk to your business Power cuts / floods/ loss of access to your building / loss of staff / loss of key suppliers / etc
- Develop a strategy to deal with these risks What needs to be done / how actions need to be taken / who needs to perform these actions / why these actions are needed / where these actions should be performed
- Develop & write your plan The plan can be as simple as you want it to be
- Test your plan You need to make sure that it works and that your staff understand what to do and when
- Review the plan regularly New staff, change in supplier, change of location etc will all affect your plan
Take 2 minutes to ask yourself these questions
- Is your business the main source of income for you and your family?
- Does your business insurance cover you for all of the “risks” that you have listed (see question 2)
- If you couldn’t access your business premises, could you still trade?
- If your offices were vandalised and your computers, IT were damaged or stolen would you lose all of your customer / business information?
- If your staff won the lottery, or were long term ill, would their jobs still get done?
- If you couldn’t trade for a month, would your customers wait for you to re-open or would they go somewhere else?
- Do you have a contingency plan in place to deal with an incident/disruption? ( Do you have a copy of the plan at home…?)
- If you have answered “no” to 2 or more of these questions, your business may have difficulty surviving from a disruption or identified risk.
- Background: British’s standards for business continuity management
- Standardised business continuity contract clause
- Business continuity guidance for organisations of different sizes
- 1-10 staff
- 10-30 Staff
- 30+ Staff
- Questions to ask yourself
- The purpose of this document is to give guidance of how to achieve a level of Business Continuity Management (BCM) within your organisation, which will meet the requirements of the Business Continuity Clause included in the Blackburn with Darwen Borough Council contract.
- Since 2005 all Local Authorities in the UK have been statutorily required to have business continuity plans for their services and to make sure any contracted service also has them. It has also been the ongoing requirement in many other areas of business, and from the insurance industry, that businesses have internal continuity plans and with their supply chain so that service is maintained even when a disruption happens.
2. Background: British standards for business continuity management (BS25999 – ISO22301)
- One of the requirements to work with Blackburn with Darwen Borough Council is that an organisation must have a business continuity plan that meets the agreed good practice guidelines. This document lays out these guidelines which themselves are in line with the BS25999 and ISO22301 standards.
3. Standardised business continuity contract clause
- The business continuity clause that is found in Blackburn with Darwen Borough Council contracts is set out below. This is an optional clause which is included in all contracts where it is important for the service being provided to be able to continue in the event of an emergency.
- Business continuity plan : “Business Continuity Plan” means the plan setting out the Contractor’s proposed methodology to ensure continuance of the Contract in the event of an emergency.
- The Civil Contingencies Act 2004 requires the Council to maintain plans to ensure it can continue to perform all of its ordinary functions in the event of an emergency. Organisations providing services or goods which underpin the Council’s service provision must be able to continue to provide in the event of an emergency. The Contractor shall use its reasonable endeavours:
- to prepare a robust Business Continuity Plan that ensures the continuation of this Contract; and
- upon request, to disclose to the Council the contents of its Business Continuity Plan (including any revisions made to it from time to time); and
- to allow the Council at its discretion from time to time to monitor the Contractor’s business continuity arrangements; and
- to notify the Council if an incident occurs which activates the Contractor’s Business Continuity Plan (such notification to be given prior to the issue of any notification to the press or other media); and
- to provide the Council with details of how the Contractor managed any incident which resulted in the activation of the Contractor’s Business Continuity Plan and any consequential amendments made to the Contractor’s processes and/or procedures thereafter.
- Contract clause notes: The exemplar contract clause provided above is designed to provide an outline of the expectations Blackburn with Darwen Borough Council has of its suppliers. It is not to say that the Council will not add in additional questions specific to a particular contract. Therefore the following notes on the clause should be observed:
- The Clause has been number labelled. These numbers do not match any contract from the Council. They are purely for the use of this document.
- The Clause refers to ‘the Contractor’ and ‘the Council’, this refers to you and Blackburn with Darwen Council Borough Council.
- In 1.1.5 the implementation of any consequential amendments will be subject to discussions between contactor and the Council.
4. Business continuity guidance for organisations of different sizes
Depending on the size of your organisation, your plan may be different and have different levels of information.
As guidance only, here are some ideas of what minimum information business continuity plans should have in them for businesses of same arbitrary different sizes.
Questions to ask yourself
Does the organisation have a business continuity management plan?
If you have answered ‘no’ to this question, you can obtain information on business continuity and the British Standard in business continuity, BS25999 or ISO 22301, by visiting the following websites:
Read on though for some questions which will help with your planning and further guidance
Does your organisation’s business continuity plan knowingly follow the principles of a known business Continuity standard?
The publication of BS25999-2 provides a formal accreditation process for the businesses and organisations located within the UK
Does your plan cover these 5 areas shown in BS25999:
- Understanding the business
- Determining BCM strategy
- Developing and implementing your response to assessed risks
- Exercising your plan and maintaining it as a live document
- Embedding the thinking of what might happen and how to deal with it, in the company culture?
Within the past 3 years, have there been any occasions when the business operation(s) have been disrupted by:
- Computer or critical system failure for more than 2 hours
- More than 40% of your staff unable to attend work for 24 hours
- Loss of a building/premises for more than 2 hours
Have you put in place procedures to learn from these events and stop or minimise their affect in the future?
What contingency plans does the organisation have in place to identify and control against (or minimise) risk / threats to the business operations?
Does the plan contain or point to, a risk register for your business?
Does the plan state the requirement for decision logs and documentation retention during and after an incident?
Does the plan state there must be a minimum of an annual test of the business both for managers and staff members?
Does the plan show the need to ensure that all staff are aware of the business continuity procedures (to some level) and that the procedures are not directed towards senior management only?
Is the plan clearly defined to have and ensure, employees are aware of the different protocols for different locations within the organisation?
Does the plan contain arrangements to deal with evacuations/ invacuations of properties? (keeping staff safe, ensuring employees cannot exit / enter designated areas due to a near by incident)
In the event of an emergency, does the plan:
- Have, or identify where, the company’s contact details are so that staff and/or customers can contact a group of senior managers both in and out of hours?
- Have contact details, or identify where the company can get contact details for all clients it has to use in or out of hours, to report a problem?
- Show the command structure of the company that should be used in an emergency to coordinate the response?
Does the plan have or point to, a disaster recovery plan for the IT of the organisation?
Does the plan have details regarding ability to source emergency funds and how those funds will be used and monitored in an emergency?
Does the plan contain requirements to ensure that companies in your supply chain have business continuity plans to maintain your services?