Business continuity advice

How can you keep your business safe?

Every year 1 in 5 Businesses face a major disruption to their services.  1 in 10 of these will cease trading. If your premises were to suffer a fire, flood, utility failure etc, how would you maintain your critical business functions? How will you ensure your business survives? Start now; you never know what tomorrow can bring.

Business continuity advice & guidance

Under the Civil Contingencies Act 2004 one of the duties of a Local Authority is to provide advice and guidance to local businesses about how to prepare your business for those small or large things (accidental or deliberate) which may cause unforeseen problems to your business.

Business Continuity Management is about protecting the things in your business that you can’t afford to lose, staff, stock, premises, information (customer or product information) and how to plan to try and prevent these things being affected.

Whether you are a market trader, voluntary organisation or have a small/medium business you need your business to be able to continue to keep the profits coming in and to be able to pay your staff.

Question:  I don’t have a lot of time – what can I do?

Answer:

There are 6 basic steps you should think of for Business Continuity

  1. What makes your business tick? What is its purpose and what are the products / services of the business?
  2. Assess the risk to your business Power cuts / floods/ loss of access to your building / loss of staff / loss of key suppliers / etc
  3. Develop a strategy to deal with these risks What needs to be done / how actions need to be taken / who needs to perform these actions / why these actions are needed / where these     actions should be performed 
  4. Develop & write your plan The plan can be as simple as you want it to be 
  5. Test your plan You need to make sure that it works and that your staff understand  what to do and when
  6. Review the plan regularly New staff, change in supplier, change of location etc will all affect your plan

Take 2 minutes to ask yourself these questions

  • Is your business the main source of income for you and your family?
  • Does your business insurance cover you for all of the “risks” that you have listed (see question 2)
  • If you couldn’t access your business premises, could you still trade?
  • If your offices were vandalised and your computers, IT were damaged or stolen would you lose all of your customer / business information?
  • If your staff won the lottery, or were long term ill, would their jobs still get done?
  • If you couldn’t trade for a month, would your customers wait for you to re-open or would they go somewhere else?
  • Do you have a contingency plan in place to deal with an incident/disruption?  ( Do you have a copy of the plan at home…?)
  • If you have answered “no” to 2 or more of these questions, your business may have difficulty surviving from a disruption or identified risk.

Download the business continuity handbook for advice and information which will assist in developing a plan suited to your own business.

Contents

  • Introduction
  • Background: British’s standards for business continuity management
  • Standardised business continuity contract clause
  • Business continuity guidance for organisations of different sizes
    • 1-10 staff
    • 10-30 Staff
    • 30+ Staff
  • Questions to ask yourself

1. Introduction

  • The purpose of this document is to give guidance of how to achieve a level of Business Continuity Management (BCM) within your organisation, which will meet the requirements of the Business Continuity Clause included in the Blackburn with Darwen Borough Council contract.
  • Since 2005 all Local Authorities in the UK have been statutorily required to have business continuity plans for their services and to make sure any contracted service also has them. It has also been the ongoing requirement in many other areas of business, and from the insurance industry, that businesses have internal continuity plans and with their supply chain so that service is maintained even when a disruption happens.

2. Background: British standards for business continuity management (BS25999 – ISO22301)

  • One of the requirements to work with Blackburn with Darwen Borough Council is that an organisation must have a business continuity plan that meets the agreed good practice guidelines. This document lays out these guidelines which themselves are in line with the BS25999 and ISO22301 standards.

3. Standardised business continuity contract clause

  • The business continuity clause that is found in Blackburn with Darwen Borough Council contracts is set out below.  This is an optional clause which is included in all contracts where it is important for the service being provided to be able to continue in the event of an emergency.

    Special condition

    • Business continuity plan : “Business Continuity Plan” means the plan setting out the Contractor’s proposed methodology to ensure continuance of the Contract in the event of an emergency.
      • The Civil Contingencies Act 2004 requires the Council to maintain plans to ensure it can continue to perform all of its ordinary functions in the event of an emergency. Organisations providing services or goods which underpin the Council’s service provision must be able to continue to provide in the event of an emergency. The Contractor shall use its reasonable endeavours:
        • to prepare a robust Business Continuity Plan that ensures the continuation of this Contract; and
        • upon request, to disclose to the Council the contents of its Business Continuity Plan (including any revisions made to it from time to time); and
        • to allow the Council at its discretion from time to time to monitor the Contractor’s business continuity arrangements; and
        • to notify the Council if an incident occurs which activates the Contractor’s Business Continuity Plan (such notification to be given prior to the issue of any notification to the press or other media); and
        • to provide the Council with details of how the Contractor managed any incident which resulted in the activation of the Contractor’s Business Continuity Plan and any consequential amendments made to the Contractor’s processes and/or procedures thereafter.
    • Contract clause notes: The exemplar contract clause provided above is designed to provide an outline of the expectations Blackburn with Darwen Borough Council has of its suppliers. It is not to say that the Council will not add in additional questions specific to a particular contract. Therefore the following notes on the clause should be observed:
      • The Clause has been number labelled. These numbers do not match any contract from the Council. They are purely for the use of this document.
      • The Clause refers to ‘the Contractor’ and ‘the Council’, this refers to you and Blackburn with Darwen Council Borough Council.
      • In 1.1.5 the implementation of any consequential amendments will be subject to discussions between contactor and the Council.

4. Business continuity guidance for organisations of different sizes

Depending on the size of your organisation, your plan may be different and have different levels of information.

As guidance only, here are some ideas of what minimum information business continuity plans should have in them for businesses of same arbitrary different sizes.

  • 1-10 staff
    • having the correct insurance to cover all aspects of the business against the risks of the business, including property and loss of staff.
    • you must have back up of all important information and of paper documents, stored off site. (This could be as simple as an encrypted USB stick).
    • there must be clear lines of communication between all staff and contracted services in and out of hours.
    • there should be a nominated deputy in case the manger becomes unavailable.
    • if there is a deputy then they must have access to the information that the manager has including all passwords, keys and documentation.
    • the plan must have a requirement to make sure any suppliers or contractors of the company also have business continuity plans.
    • there must be clear lines of communication detailed for contact between the company and the Council both in and out of hours.
  • 10-30 Staff

    All plans for companies of this size and beyond must cover:

    • having the correct insurance to cover all aspects of the business against the risks of the business, including property and loss of staff.
    • you must have back up of all important information and of paper documents, stored off site. (This could be as simple as a USB stick).
    • all data must be encrypted if it is leaving the office environment to protect you and your clients from having personnel information stolen.
    • there must be clear lines of communication between all staff and contracted services in and out of hours.
    • there must be clear lines of communication detailed for contact between the company and the Council both in and out of hours.
    • there must be more than one nominated deputy in case the manager becomes unavailable.
    • deputies must have access to the information that the manager has including all passwords, keys and documentation preferably more than one.
    • staff contact details and plans for dealing with denial of access to company buildings must be available to deputies and managers away from the main building.
    • financial plans for loss of business trading for prolonged period must be in place.
    • the plan must deal with sudden loss of a number of staff or specific key staff.
    • all staff roles must be able to be carried out by a back up person if necessary.
    • the Plan must have a requirement to make sure any suppliers or contractors of the company also have business continuity plans.
  • 30+ Staff

    All plans for companies of this size must cover:

    • There must be clear lines of communication between all staff and supply line contracted services in and out of hours.
    • The Plan shows how the organisation will be available to be contacted and how the organisation will contact its clients and partners both in and out of hours.
    • There must be clear lines of communication detailed for contact between the company and the Council both in and out of hours.
    • The Plan must state at least an annual requirement for a test of the business. The test must include staff members as well as management.
    • The plan must cover the 5 tenants of BCM;
    • Understanding the business
    • Determining BCM strategy
    • Developing and Implementing BCM response
    • Exercising, Maintenance and Audit,
    • Embedding BCM in the company culture
    • It must be shown that the company understands the need to make sure all staff are aware of their BC arrangements, not just senior management.
    • The Plan must state the difference between operations at different sites the organisation run and either state the different plans for each site or sign post to other plans that hold this information.
    • The Plan must mention standard practice for dealing with evacuations/ invacuations of properties (i.e. stopping staff leaving a building due to nearby incident) and denial of access of buildings (i.e. police cordon stopping staff entering site, or snow stopping staff getting to work).
    • The Plan must mention potential risks to the organisation and the process by which they will be assessed.
    • The Plan must show command structure of company that should be used in an emergency to coordinate an event.
    • The Plan must have details regarding ability to source emergency funds.
    • The Plan must have a requirement to make sure any suppliers or contractors of the company also have business continuity plans.
    • The retention of data both physical and digital must be commented on and IT Disaster Recovery arrangements mentioned.

Questions to ask yourself

Does the organisation have a business continuity management plan?

If you have answered ‘no’ to this question, you can obtain information on business continuity and the British Standard in business continuity, BS25999 or ISO 22301, by visiting the following websites:

Read on though for some questions which will help with your planning and further guidance

Does your organisation’s business continuity plan knowingly follow the principles of a known business Continuity standard?

The publication of BS25999-2 provides a formal accreditation process for the businesses and organisations located within the UK

Does your plan cover these 5 areas shown in BS25999:

  • Understanding the business
  • Determining BCM strategy
  • Developing and implementing your response to assessed risks
  • Exercising your plan and maintaining it as a live document
  • Embedding the thinking of what might happen and how to deal with it, in the company culture?

Within the past 3 years, have there been any occasions when the business operation(s) have been disrupted by:

  • Computer or critical system failure for more than 2 hours
  • More than 40% of your staff unable to attend work for 24 hours
  • Loss of a building/premises for more than 2 hours

Have you put in place procedures to learn from these events and stop or minimise their affect in the future?

What contingency plans does the organisation have in place to identify and control against (or minimise) risk / threats to the business operations?

Does the plan contain or point to, a risk register for your business?

Does the plan state the requirement for decision logs and documentation retention during and after an incident?

Does the plan state there must be a minimum of an annual test of the business both for managers and staff members?

Does the plan show the need to ensure that all staff are aware of the business continuity procedures (to some level) and that the procedures are not directed towards senior management only?

Is the plan clearly defined to have and ensure, employees are aware of the different protocols for different locations within the organisation?

Does the plan contain arrangements to deal with evacuations/ invacuations of properties? (keeping staff safe, ensuring employees cannot exit / enter designated areas due to a near by incident)

In the event of an emergency, does the plan:

  • Have, or identify where, the company’s contact details are so that staff and/or customers can contact a group of senior managers both in and out of hours?
  • Have contact details, or identify where the company can get contact details for all clients it has to use in or out of hours, to report a problem?
  • Show the command structure of the company that should be used in an emergency to coordinate the response?

Does the plan have or point to, a disaster recovery plan for the IT of the organisation?

Does the plan have details regarding ability to source emergency funds and how those funds will be used and monitored in an emergency?

Does the plan contain requirements to ensure that companies in your supply chain have business continuity plans to maintain your services?

We use cookies, just to track visits to our website, we store no personal details. Show ACCEPT COOKIES / DECLINE COOKIES option